× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff56ddacb0031e84c5ef766cf897a6082c090414d7eb763d899f9e0b67138359
File name: tmp3f04c54c.exe
Detection ratio: 36 / 54
Analysis date: 2014-07-31 00:04:54 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11568041 20140731
AhnLab-V3 Trojan/Win32.ZBot 20140730
AntiVir TR/Crypt.ZPACK.Gen9 20140730
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20140730
Avast Win32:Malware-gen 20140731
AVG Zbot.LWF 20140730
AVware Trojan.Win32.Generic!BT 20140731
BitDefender Trojan.Generic.11568041 20140731
Comodo UnclassifiedMalware 20140731
DrWeb Trojan.Siggen6.21278 20140731
Emsisoft Trojan.Generic.11568041 (B) 20140731
ESET-NOD32 Win32/Spy.Zbot.ABX 20140731
F-Secure Trojan.Generic.11568041 20140731
Fortinet W32/Foreign.ABX!tr 20140730
GData Trojan.Generic.11568041 20140731
Ikarus Trojan.Win32.Spy 20140730
K7AntiVirus Spyware ( 0049cffa1 ) 20140730
K7GW Spyware ( 0049cffa1 ) 20140730
Kaspersky Trojan-Ransom.Win32.Foreign.kzjg 20140730
Malwarebytes Trojan.Ransom.FG 20140730
McAfee Artemis!4B47A04A8C48 20140730
McAfee-GW-Edition Artemis!4B47A04A8C48 20140730
Microsoft PWS:Win32/Zbot.CIA 20140731
eScan Trojan.Generic.11568041 20140730
NANO-Antivirus Trojan.Win32.Foreign.dcuhll 20140730
nProtect Trojan.Generic.11568041 20140730
Panda Trj/Chgt.C 20140730
Qihoo-360 Win32/Trojan.Ransom.364 20140731
Rising PE:Trojan.Win32.Generic.170C28AA!386672810 20140730
Sophos AV Mal/Generic-S 20140730
Symantec WS.Reputation.1 20140730
Tencent Win32.Trojan.Foreign.Pdml 20140731
TotalDefense Win32/Zbot.eNdYDZC 20140730
TrendMicro TROJ_GEN.R0CBC0DGS14 20140730
TrendMicro-HouseCall TROJ_GEN.R0CBC0DGS14 20140731
VIPRE Trojan.Win32.Generic!BT 20140731
AegisLab 20140731
Yandex 20140730
Baidu-International 20140730
Bkav 20140730
ByteHero 20140731
CAT-QuickHeal 20140730
ClamAV 20140730
CMC 20140728
Commtouch 20140730
F-Prot 20140731
Jiangmin 20140725
Kingsoft 20140731
Norman 20140730
SUPERAntiSpyware 20140731
TheHacker 20140728
VBA32 20140729
ViRobot 20140730
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-23 16:31:08
Entry Point 0x00007C3E
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
GetSecurityInfo
LookupAccountSidA
RegCloseKey
RegSetValueExW
GetOpenFileNameA
CommDlgExtendedError
GetObjectA
GetBkColor
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetLogicalDriveStringsA
InitializeCriticalSection
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GlobalReAlloc
GetTempFileNameA
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
PathFileExistsW
AssocCreate
PathFindExtensionW
GetForegroundWindow
UpdateWindow
EndDialog
CreatePopupMenu
ShowWindow
IsWindow
GetMenu
GetWindowRect
EnableWindow
SetMenu
MoveWindow
EnumChildWindows
WindowFromPoint
MessageBoxA
GetClassNameA
IsWindowEnabled
GetDlgItemTextW
SetDlgItemTextW
GetCursorPos
SetWindowTextA
CheckMenuItem
SendMessageW
SendMessageA
GetClientRect
GetDlgItem
GetLastInputInfo
IsIconic
CreateMenu
LoadImageW
GetMenuItemCount
SetWindowTextW
IsMenu
GetWindowTextLengthW
CreateWindowExW
AppendMenuW
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipFree
GdipSaveImageToFile
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdipGetImageWidth
GdipCloneImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
CoTaskMemAlloc
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:23 17:31:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
211968

LinkerVersion
10.0

FileAccessDate
2014:07:24 01:04:47+01:00

EntryPoint
0x7c3e

InitializedDataSize
39424

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:07:24 01:04:47+01:00

UninitializedDataSize
0

File identification
MD5 4b47a04a8c48763c4fa53b2dbedd1245
SHA1 e9f427f9b0668b3f688f60f861a03ffec296b6d9
SHA256 ff56ddacb0031e84c5ef766cf897a6082c090414d7eb763d899f9e0b67138359
ssdeep
6144:Alf0cXX1AEP8+fSqmn4qYwRVH22yL/Hh6FopLgJ:AlfzXXWEP8bqm4qYQH21/Ru

imphash 4a33d4fb2e785871bb01decba4b5d440
File size 246.5 KB ( 252416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-24 00:04:26 UTC ( 4 years, 8 months ago )
Last submission 2014-07-24 00:04:26 UTC ( 4 years, 8 months ago )
File names tmp3f04c54c.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.