× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe6923e3fa63ea46ab2a2a4fc07f0807f528f13f1c1862589e61ac944f776db4
File name: vt-upload-Zo4Ix
Detection ratio: 42 / 54
Analysis date: 2014-10-16 17:52:37 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.427850 20141016
AegisLab Troj.W32.Gen 20141016
Yandex Trojan.Yakes!OdhDtsgIBaQ 20141015
AhnLab-V3 Malware/Win32.Zbot 20141016
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141016
Avast Win32:Malware-gen 20141016
AVG Crypt3.AITK 20141016
Avira (no cloud) TR/Spy.ZBot.sifgdjt 20141016
AVware Trojan.Win32.Generic!BT 20141016
BitDefender Gen:Variant.Kazy.427850 20141016
ClamAV Win.Trojan.Agent-760090 20141016
Comodo TrojWare.Win32.Necurs.CJLZ 20141016
Cyren W32/Trojan.MGLG-6558 20141016
DrWeb Trojan.Siggen6.23087 20141016
Emsisoft Gen:Variant.Kazy.427850 (B) 20141016
ESET-NOD32 Win32/Spy.Zbot.ABV 20141016
F-Prot W32/A-ceb8a79e!Eldorado 20141016
F-Secure Gen:Variant.Kazy.427850 20141016
Fortinet W32/Zbot.ABV!tr.spy 20141016
GData Gen:Variant.Kazy.427850 20141016
Ikarus Trojan-Spy.Win32.Zbot 20141016
K7AntiVirus Spyware ( 0049b8aa1 ) 20141016
K7GW Trojan ( 050000001 ) 20141016
Kaspersky Trojan-Spy.Win32.Zbot.tsxe 20141016
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141016
Malwarebytes Trojan.Agent.FA 20141016
McAfee Packed-AM!D9E104EA3DF1 20141016
McAfee-GW-Edition BehavesLike.Win32.Klez.fm 20141016
Microsoft PWS:Win32/Zbot.gen!VM 20141016
eScan Gen:Variant.Kazy.427850 20141016
NANO-Antivirus Trojan.Win32.Zbot.ddpfbv 20141016
Qihoo-360 HEUR/Malware.QVM20.Gen 20141016
Sophos AV Mal/Generic-S 20141016
SUPERAntiSpyware Trojan 20141016
Symantec Packed.Generic.459 20141016
Tencent Win32.Trojan-spy.Zbot.Wvan 20141016
TotalDefense Win32/Tnega.KZUNJR 20141016
TrendMicro TROJ_SPNR.0BHD14 20141016
TrendMicro-HouseCall TROJ_SPNR.0BHD14 20141016
VBA32 Trojan.Yakes 20141016
VIPRE Trojan.Win32.Generic!BT 20141016
Zillya Trojan.ZBot.Win32.66 20141016
Baidu-International 20141016
Bkav 20141015
ByteHero 20141016
CAT-QuickHeal 20141016
CMC 20141016
Jiangmin 20141015
Norman 20141016
nProtect 20141016
Rising 20141016
TheHacker 20141013
ViRobot 20141016
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2009-10 Adobe Systems Incorporated. All rights reserved.

Publisher Adobe Systems Incorporated
Product Adobe Updater AAM Launcher
Original name aamlauncher.exe
Description Adobe Updater AAM Launcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-06 14:12:25
Entry Point 0x00001480
Number of sections 4
PE sections
PE imports
GetTokenInformation
RegDeleteValueW
RegCloseKey
CreateWellKnownSid
OpenProcessToken
FreeSid
RegQueryInfoKeyW
DuplicateToken
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
AddFontResourceA
DeleteEnhMetaFile
DeleteDC
CloseFigure
SetBkMode
CancelDC
DeleteColorSpace
GetStockObject
EndDoc
GetSystemPaletteUse
GetEnhMetaFileW
GdiFlush
GdiGetBatchLimit
CreateCompatibleDC
GetBkColor
GetObjectType
GetLayout
LocalFree
FormatMessageW
LoadLibraryA
VirtualAllocEx
GetFileSize
GetModuleHandleA
lstrlenA
GetLastError
ReadFile
CloseHandle
SetFileAttributesW
DeleteFileW
GetFileAttributesW
MoveFileExW
GetMonitorInfoW
GetCaretBlinkTime
GetCapture
DestroyMenu
GetClipboardOwner
SetWindowPos
CharLowerA
GetMenu
DestroyIcon
IsGUIThread
IsWindowEnabled
GetSysColor
GetCursorPos
IsCharAlphaNumericA
SendMessageW
IsCharLowerA
OemKeyScan
AnyPopup
IsWindowVisible
SendMessageA
LoadStringW
CloseWindow
EnableMenuItem
InSendMessage
IsCharUpperA
LoadIconA
CountClipboardFormats
MonitorFromPoint
CharNextA
LoadIconW
SetForegroundWindow
DestroyWindow
CoInitializeEx
CoUninitialize
CoGetObject
StringFromGUID2
CoAllowSetForegroundWindow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.67

UninitializedDataSize
0

LanguageCode
Unknown (4009)

FileFlagsMask
0x0017

BuildDate
Mon Feb 15 2010 02:31:20

CharacterSet
Unicode

InitializedDataSize
315904

EntryPoint
0x1480

OriginalFileName
aamlauncher.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2009-10 Adobe Systems Incorporated. All rights reserved.

TimeStamp
2014:08:06 15:12:25+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.67 (BuildVersion: 1.0; BuildDate: BUILDDATETIME)

FileDescription
Adobe Updater AAM Launcher

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

BuildVersion
1.0.0.67

CodeSize
6144

ProductName
Adobe Updater AAM Launcher

ProductVersionNumber
1.0.0.67

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d9e104ea3df1375cb378a4f229e30fca
SHA1 2d3105d16f5427196f10619197f6b64cb1e26931
SHA256 fe6923e3fa63ea46ab2a2a4fc07f0807f528f13f1c1862589e61ac944f776db4
ssdeep
6144:PMGz18pyTnnHKxD9aR64USxMyc9Rn4pJT3ko:PayTnnqxRa8hF96r3

authentihash 08d1de8df285dbef94eb601b7c7ea63c1b55306153dffaa72e80b7c7518ee818
imphash ef062c5f04c32ddb2f0e4a19b3959415
File size 314.5 KB ( 322048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-16 17:52:37 UTC ( 4 years, 5 months ago )
Last submission 2014-10-16 17:52:37 UTC ( 4 years, 5 months ago )
File names vt-upload-Zo4Ix
aamlauncher.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.