× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fecbe0ada79c6c22ec4d37f7f54c57c10b58492f20082c77aacee8ca733e8096
File name: 5e6b97087c2cc6006b1087626a329e64
Detection ratio: 36 / 51
Analysis date: 2014-03-22 17:35:17 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Downloader.JQHR 20140322
Yandex Trojan.Injector!uop5EcDA/FE 20140322
AhnLab-V3 Trojan/Win32.Zbot 20140322
AntiVir TR/Injector.hhj 20140322
Antiy-AVL Trojan/Win32.SGeneric 20140320
Avast Win32:Downloader-UUI [Trj] 20140322
AVG Generic35.BCFV 20140322
BitDefender Trojan.Downloader.JQHR 20140322
CAT-QuickHeal TrojanPWS.Zbot.AP4 20140322
Comodo TrojWare.Win32.Spy.Zbot.AXV 20140322
DrWeb Trojan.DownLoader9.22851 20140322
Emsisoft Trojan.Downloader.JQHR (B) 20140322
ESET-NOD32 a variant of Win32/Injector.AURA 20140322
F-Secure Trojan.Downloader.JQHR 20140322
Fortinet W32/Zbot.OA!tr 20140322
GData Trojan.Downloader.JQHR 20140322
Jiangmin TrojanSpy.Zbot.hbot 20140322
K7AntiVirus Trojan ( 0049294c1 ) 20140321
K7GW Trojan ( 0049294c1 ) 20140321
Kaspersky HEUR:Trojan.Win32.Generic 20140322
Malwarebytes Trojan.Inject.ED 20140322
McAfee Downloader-FEX!5E6B97087C2C 20140322
McAfee-GW-Edition Downloader-FEX!5E6B97087C2C 20140322
Microsoft VirTool:Win32/CeeInject.gen!KK 20140322
eScan Trojan.Downloader.JQHR 20140322
Norman Suspicious.FZN 20140322
nProtect Trojan.Downloader.JQHR 20140321
Panda Trj/Genetic.gen 20140322
Rising PE:Trojan.Injector!1.9F7C 20140322
Sophos Mal/Inject-EN 20140322
SUPERAntiSpyware Trojan.Agent/Gen-Upatre 20140322
Symantec Trojan.FakeAV 20140322
TrendMicro TROJ_GEN.R03EC0ECM14 20140322
TrendMicro-HouseCall TROJ_GEN.R03EC0ECM14 20140322
VBA32 TrojanPSW.Tepfer 20140321
VIPRE Trojan.Win32.Fareit.if (v) 20140322
AegisLab 20140322
Baidu-International 20140322
Bkav 20140322
ByteHero 20140322
ClamAV 20140322
CMC 20140319
Commtouch 20140322
F-Prot 20140322
Ikarus 20140322
Kingsoft 20140322
NANO-Antivirus 20140322
Qihoo-360 20140322
TheHacker 20140321
TotalDefense 20140321
ViRobot 20140322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
???? (C) 2007

Product Jjb ????
Original name Jjb.EXE
Internal name Jjb
File version 1, 0, 0, 1
Description Jjb Microsoft ???????
Packers identified
F-PROT 7Z, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-02 20:41:29
Entry Point 0x00005724
Number of sections 4
PE sections
PE imports
SetPixel
Ellipse
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
CreateFileW
CreateFileA
GetModuleFileNameA
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(4545)
Ord(3136)
Ord(4524)
Ord(554)
Ord(5012)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(4297)
Ord(4163)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(3869)
Ord(4529)
Ord(354)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(2494)
Ord(3403)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(2379)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(1859)
Ord(6376)
Ord(4246)
Ord(4614)
Ord(2117)
Ord(401)
Ord(1727)
Ord(823)
Ord(5186)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4303)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(6000)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(1726)
Ord(560)
Ord(5101)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4152)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(289)
Ord(2364)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(4238)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(2383)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(2818)
Ord(4376)
Ord(6055)
Ord(1776)
Ord(2878)
Ord(2621)
Ord(4623)
Ord(324)
Ord(296)
Ord(2391)
Ord(3830)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(402)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(4428)
Ord(807)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(5102)
Ord(4543)
Ord(4133)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(613)
Ord(5163)
Ord(2626)
Ord(5265)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
malloc
_XcptFilter
_acmdln
__CxxFrameHandler
_ftol
__p__commode
__dllonexit
_setmbcp
_controlfp
exit
_exit
__getmainargs
_initterm
__setusermatherr
_onexit
_adjust_fdiv
__set_app_type
EnableWindow
GetClientRect
UpdateWindow
InvalidateRect
Number of PE resources by type
RT_STRING 14
RT_DIALOG 5
RT_MENU 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 25
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
20480

ImageVersion
0.0

ProductName
Jjb

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Jjb.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2014:01:02 21:41:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Jjb

FileAccessDate
2014:03:22 18:35:42+01:00

ProductVersion
1, 0, 0, 1

FileDescription
Jjb Microsoft

OSVersion
4.0

FileCreateDate
2014:03:22 18:35:42+01:00

FileOS
Win32

LegalCopyright
(C) 2007

MachineType
Intel 386 or later, and compatibles

CodeSize
86016

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x5724

ObjectFileType
Executable application

File identification
MD5 5e6b97087c2cc6006b1087626a329e64
SHA1 0917c71c2e9c41a4bd6a51f405b19bdd08a87f7c
SHA256 fecbe0ada79c6c22ec4d37f7f54c57c10b58492f20082c77aacee8ca733e8096
ssdeep
3072:t2/5rnCHYBDv1cctYdcKJJdOv2awcn8lFwEntYWZ9F0cTDDF9rSjwbeT028ObyhS:kC41Ncuc/J/dzc8lismWZ9FDGQLObqsF

imphash a2955b14e9d1ade5f4624afcc2605923
File size 206.8 KB ( 211769 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-22 17:35:17 UTC ( 3 years, 1 month ago )
Last submission 2014-03-22 17:35:17 UTC ( 3 years, 1 month ago )
File names Jjb.EXE
Jjb
5e6b97087c2cc6006b1087626a329e64
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.