× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb5963cee1cde82d64cb0b65fd9f774805433192b2e428cbda3989e42650ede9
File name: vt-upload-l1Frg
Detection ratio: 22 / 53
Analysis date: 2014-07-04 15:19:58 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.402928 20140704
AhnLab-V3 Trojan/Win32.Agent 20140704
AntiVir TR/Crypt.EPACK.20601 20140704
Antiy-AVL HackTool[Hoax]/Win32.ArchSMS 20140703
Avast Win32:Malware-gen 20140704
AVG Zbot.LCD 20140704
Baidu-International Trojan.Win32.Zbot.bABV 20140704
BitDefender Gen:Variant.Kazy.402928 20140704
DrWeb Trojan.Siggen6.20059 20140704
Emsisoft Gen:Variant.Kazy.402928 (B) 20140704
ESET-NOD32 Win32/Spy.Zbot.ABV 20140704
F-Secure Gen:Variant.Kazy.402928 20140704
GData Gen:Variant.Kazy.402928 20140704
Kaspersky Hoax.Win32.ArchSMS.cbumd 20140704
McAfee Artemis!32D6C612B6A1 20140704
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140704
Microsoft PWS:Win32/Zbot 20140704
eScan Gen:Variant.Kazy.402928 20140704
NANO-Antivirus Riskware.Win32.ArchSMS.dbwhtk 20140704
Panda Trj/Chgt.A 20140704
Qihoo-360 HEUR/Malware.QVM19.Gen 20140704
TrendMicro-HouseCall TROJ_GEN.R0CBH01G314 20140704
AegisLab 20140704
Yandex 20140703
Bkav 20140702
ByteHero 20140704
CAT-QuickHeal 20140704
ClamAV 20140704
CMC 20140704
Commtouch 20140704
Comodo 20140704
F-Prot 20140704
Fortinet 20140704
Ikarus 20140704
Jiangmin 20140704
K7AntiVirus 20140704
K7GW 20140704
Kingsoft 20140704
Malwarebytes 20140704
Norman 20140704
nProtect 20140704
Rising 20140704
SUPERAntiSpyware 20140704
Symantec 20140704
Tencent 20140704
TheHacker 20140704
TotalDefense 20140704
TrendMicro 20140704
VBA32 20140704
VIPRE 20140704
ViRobot 20140704
Zillya 20140703
Zoner 20140704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-05 16:42:54
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetSystemInfo
GetEnvironmentStringsA
GetTapeStatus
GetDriveTypeA
GetSystemDefaultLangID
IsBadWritePtr
VirtualProtect
lstrcmpiW
CreatePipe
GetCurrentProcessId
Process32First
EnumSystemLocalesW
WritePrivateProfileSectionW
GetCommandLineW
SetErrorMode
GetDateFormatW
LoadLibraryExW
MultiByteToWideChar
ReadProcessMemory
WritePrivateProfileSectionA
GetCurrentThread
GetProfileSectionW
GetTimeFormatW
LocalFlags
_lcreat
lstrcmpA
GlobalAddAtomA
lstrcpyA
MulDiv
SetCommMask
SetHandleInformation
GetBinaryTypeA
SetFileAttributesA
FindCloseChangeNotification
GetProcessShutdownParameters
GetEnvironmentVariableA
ClearCommBreak
GetStringTypeExW
SearchPathA
AllocConsole
GetProfileIntA
LocalShrink
GetModuleHandleA
GetClipboardFormatNameA
ChangeMenuA
mouse_event
HideCaret
PostQuitMessage
GetShellWindow
GetForegroundWindow
SetMenuItemInfoW
RemoveMenu
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:05:05 17:42:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166400

LinkerVersion
1.64

FileAccessDate
2014:12:08 01:41:14+01:00

EntryPoint
0x1000

InitializedDataSize
51216

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
1.0

FileCreateDate
2014:12:08 01:41:14+01:00

UninitializedDataSize
0

File identification
MD5 32d6c612b6a168dbf4cdd10b79d1978f
SHA1 b86f2efe81c87fbd6e1344c75fe93de4d0ff4161
SHA256 fb5963cee1cde82d64cb0b65fd9f774805433192b2e428cbda3989e42650ede9
ssdeep
1536:au5WtB0qTIcFlYr8y3YgWnL0FBUUcA/H8givpj+st5IjCE7zur3Z:HcFdlY4SqLgUUdc7vpjjt5Zr3Z

authentihash 0197aabe2231bd8c6975ac164325b821e7dd9da1e47a6ebc4640cd45283d0dfc
imphash 500865fb6552f5c0c354f8fc69c1d804
File size 214.0 KB ( 219136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-04 15:19:58 UTC ( 4 years, 8 months ago )
Last submission 2014-07-04 15:19:58 UTC ( 4 years, 8 months ago )
File names vt-upload-l1Frg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.