× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a76264fbcdce99e8a1d9663662c1d3798351b22431b2d54bd1f09d57a4371548
File name: zlz05cqktnQC.exe
Detection ratio: 6 / 56
Analysis date: 2016-05-26 10:23:37 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160526
Bkav HW32.Packed.7ACD 20160525
Fortinet W32/Kryptik.EYDH!tr 20160526
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20160526
Rising Malware.Generic!5ouN2qqBQ9G@1 (Thunder) 20160526
Sophos Mal/Ransom-EH 20160526
Ad-Aware 20160526
AegisLab 20160526
AhnLab-V3 20160525
Alibaba 20160526
ALYac 20160526
Antiy-AVL 20160526
Arcabit 20160526
Avast 20160526
AVG 20160526
Avira (no cloud) 20160526
AVware 20160526
Baidu-International 20160526
BitDefender 20160526
CAT-QuickHeal 20160526
ClamAV 20160526
CMC 20160523
Comodo 20160526
Cyren 20160526
DrWeb 20160526
Emsisoft 20160526
ESET-NOD32 20160526
F-Prot 20160526
F-Secure 20160526
GData 20160526
Ikarus 20160526
Jiangmin 20160526
K7AntiVirus 20160526
K7GW 20160526
Kaspersky 20160526
Kingsoft 20160526
Malwarebytes 20160526
McAfee 20160526
McAfee-GW-Edition 20160526
Microsoft 20160526
eScan 20160526
NANO-Antivirus 20160526
nProtect 20160526
Panda 20160525
SUPERAntiSpyware 20160526
Symantec 20160526
Tencent 20160526
TheHacker 20160526
TrendMicro 20160526
TrendMicro-HouseCall 20160526
VBA32 20160525
VIPRE 20160526
ViRobot 20160526
Yandex 20160525
Zillya 20160525
Zoner 20160526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-26 06:03:34
Entry Point 0x00008000
Number of sections 7
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegEnumKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
SetTokenInformation
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
BuildExplicitAccessWithNameW
CreateProcessAsUserW
GetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
ChangeServiceConfigW
SetNamedSecurityInfoW
CheckColorsInGamut
AnimatePalette
ColorMatchToTarget
AddFontMemResourceEx
AngleArc
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindResourceExW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetFileAttributesA
GetFileTime
GetTempPathA
GetShortPathNameA
GetCPInfo
GetProcAddress
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceFrequency
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FindNextChangeNotification
GetModuleHandleA
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
CopyFileA
SearchPathA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapCreate
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
UnlockFile
DosDateTimeToFileTime
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
CreateProcessA
GetFileInformationByHandle
lstrcmpA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
LocalFileTimeToFileTime
GlobalFree
GetConsoleCP
GlobalGetAtomNameA
GetThreadLocale
GlobalUnlock
GetEnvironmentStringsW
FindResourceExA
LockFile
lstrlenW
WinExec
OpenFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
SetStdHandle
LoadLibraryW
WideCharToMultiByte
IsValidCodePage
lstrlenA
FindResourceW
Sleep
GetFileAttributesExA
FindResourceA
GetOEMCP
CompareStringA
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetParent
LoadIconA
GetMessageW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
LoadStringA
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
GetWindow
PostMessageW
InvalidateRect
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
TranslateAcceleratorW
SendMessageA
LoadStringW
SetWindowTextW
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
CharNextW
TrackPopupMenuEx
SetTimer
CallWindowProcW
GetClassNameW
GetMenuItemCount
CharLowerW
MonitorFromPoint
GetClientRect
GetWindowTextW
LoadCursorW
GetFocus
GetWindowLongW
SetForegroundWindow
GetMenuItemInfoW
PtInRect
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_CIsin
free
exit
_CIcos
calloc
__set_app_type
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 24
RT_GROUP_ICON 2
RT_STRING 1
Number of PE resources by language
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:26 07:03:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67072

LinkerVersion
8.0

EntryPoint
0x8000

InitializedDataSize
152576

SubsystemVersion
5.1

ImageVersion
8.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 420e191a7edfaef909ae92a895d04552
SHA1 40dc7217349383921c6ee7b1caa8381c9f9e5bf8
SHA256 a76264fbcdce99e8a1d9663662c1d3798351b22431b2d54bd1f09d57a4371548
ssdeep
3072:iqooJhM7stNviwvXWhtzgiYVZw1uM97F:FooJhX8tzgXw1uM9

authentihash 775fe7bd18f502950483d1db4ecffea7f14abf6232afd45c2ae9c1757f254882
imphash 1dc8093e34e0d4e835a21fd7b5971c8c
File size 171.5 KB ( 175616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-26 10:16:18 UTC ( 11 months, 1 week ago )
Last submission 2016-05-27 06:47:38 UTC ( 11 months, 1 week ago )
File names mkc27f.reversed.decrypted
zlz05cqktnQC.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications