Static Analysis

PE Compile Time

2012-02-16 04:43:40

PE Imphash

3c4da9ed0ba02990af7795e358bfd650

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00002b35 0x00002c00 6.36764237455
.data 0x00004000 0x00000c64 0x00000e00 3.23950961488
.rsrc 0x00005000 0x00002108 0x00002200 5.16340603355
.reloc 0x00008000 0x00000206 0x00000400 3.36219959862
.vmp0 0x00009000 0x00000bd0 0x00000c00 5.80653548846

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00005448 0x00001ca8 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 48 x 96 x 24, image size 7296
RT_GROUP_ICON 0x000070f0 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x000052b0 0x00000198 LANG_ENGLISH SUBLANG_ENGLISH_US OpenPGP Public Key
RT_MANIFEST 0x00005150 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library user32.dll:
0x800403c PostQuitMessage
0x8004040 GetMessageA
0x8004044 UpdateWindow
0x8004048 EndPaint
0x800404c DispatchMessageA
0x8004050 BeginPaint
0x8004054 TranslateMessage
0x8004058 CreateWindowExA
0x800405c RegisterClassExA
0x8004060 DefWindowProcA
0x8004064 MessageBoxA
0x8004068 SendMessageA
0x800406c DestroyWindow
0x8004070 LoadIconA
0x8004074 GetWindowRect
0x8004078 LoadCursorA
0x800407c ShowWindow
0x8004080 SetWindowPos
Library kernel32.dll:
0x8004008 GetLastError
0x800400c lstrcpyA
0x8004010 GetModuleHandleA
0x8004014 GetCommandLineA
0x8004018 FindFirstFileA
0x800401c GetCurrentDirectoryA
0x8004020 FindClose
0x8004024 FindNextFileA
0x8004028 DeleteFileA
0x800402c CloseHandle
0x8004030 GetCurrentProcess
0x8004034 CreateFileA
Library gdi32.dll:
0x8004000 CreateFontIndirectA
!This program cannot be run in DOS mode.
`.data
@.reloc
B.vmp0
hau|`N
9 atP
e3Rf F
u}u(3c
@@2hra
@u#uZu
FlC ua
3EPEepP
UesXV$
lws4jP
PPVsKX
uoel|u@$ tn
(dvt<"h
@PO"un
lrlWe#
QRRhlD
GGGGBBBBIu
MFa*s+
nerekos
prev.inf
static
button
uno momento
Ih`U=@
SetWindowPos
GetWindowRect
LoadCursorA
LoadIconA
DestroyWindow
SendMessageA
MessageBoxA
DefWindowProcA
RegisterClassExA
CreateWindowExA
TranslateMessage
BeginPaint
DispatchMessageA
EndPaint
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
user32.dll
GetCurrentProcess
CloseHandle
DeleteFileA
FindNextFileA
FindClose
GetCurrentDirectoryA
FindFirstFileA
GetCommandLineA
GetModuleHandleA
lstrcpyA
GetLastError
CreateFileA
kernel32.dll
CreateFontIndirectA
gdi32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
xxxtttttt
0!0*0k0
3&373<3A3S3[3x3
44-474X4
5 5;5I5V5}5
6(696F6P6V6\6p6y6
727S7Y7r7x7
8(8=8j8u8
9#9=9B9c9y9
: :*:6:A:G:K:Q:Z:g:l:q:~:
u$L97t
u*9Q<|%
LcA<E3
u HcA<H
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
u$L97t
u*9Q<|%
LcA<E3
u HcA<H
CalculatorStarted
CalculatorWinMain
"CalculatorStarted"
MicrosoftCalculator
calc.pdb
.text$mn
.text$mn$00
.text$x
.rdata$brc
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.data$brc
.pdata
.rsrc$01
.rsrc$02
ShellExecuteW
SHELL32.dll
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
KERNEL32.dll
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
msvcrt.dll
?terminate@@YAXXZ
EventRegister
EventSetInformation
EventWriteTransfer
ADVAPI32.dll
GetStartupInfoW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.calc"
processorArchitecture="amd64"
version="5.1.0.0"
type="win32"/>
<description>Windows Shell</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
</assembly>
IDR_VERSION1
VS_VERSION_INFO
FileInfo
FFFF04E3
FileVersion
2.0.1.7
ProductVersion
2.0.1.0
CompanyName
Sanny Ltd.
ProductName
LookFor
VFileInfo
Translation
C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.609\Report_03102013.exe
C:\hnHGzE1T.exe
C:\YCILDB4w.exe
C:\ffe417df234d3c7a98bb7f0590324742694b6a307e53d1f51d909cde45f5b449
C:\ebe2996c7afb6eebbb74c70e9ce3f7db91903566027affa688e53592f8309d14
C:\92959da0ccfbb714e68c17b1299e1c0415f440d4cacaae3f3611383fe6668f3d
C:\7c2f29c0686e887ac29b6f912a3c20a2d3bab9b4e84c2b6c1ca0f6833febfc48
C:\4f019024fcdafa0538f6dcb1edb34129b64732cb742f69cb46db38fb84685bc1
C:\d5958bcab03e48bc13a1b2de9ac1e0b3130b5029928c877fe741466fc97dd8ed
C:\PkfmHfLy.exe
C:\64c1304563765e748538d57f0340add9a5b364ddf186afa91a09e127a6fdcfe0
C:\49e2826a0d5e0abdfd3dd0f896b87b37f597a9749d624f519b443256f3a9b030
C:\386048a05aec537cfc7e4afbb3cf38f589d3d9aa3df0c2fb1a424fe338057e94
C:\SdtCgWMf.exe
C:\ae0ba1c18154e949aa90fd3588ad8968c0d0eb519b9b246915856e8588714cf3
C:\f56b27b272757994ff7ab86dc60632aee508dc4ca408abc60fa626af740c23d2
C:\Mluw3lxA.exe
C:\daf9ed60ed795a7588a6300c4c8ed49e8fcaf3c1014742b49e8e0ee8bc8943c8
C:\TUf8uR4T.exe
C:\d6942c65e792676b704f136c59f36747a8fb4d2c8061b2b7a8b7f3d2ae9aa01f
C:\42e3eeed07afb9543606d3e5e7eec2e6ce219fcb1369db52adc419475ec100be
C:\Cvsat_Jm.exe
C:\0c72515ab56a611613fc2f92bc5aeb0cd184efb40215b84bb00c7e6ba3c69670
C:\ad90029e1e2f79d909e78fdc331a6a2ef084f25105499cf58d664fdf2b98658e
C:\AZIz7Eo7.exe
C:\dcc60529988a662fbe419528590fdcf07c816263e07e853081d658cd872094c7
C:\uVu6Aq7Z.exe
C:\Users\Petra\AppData\Local\Temp\file.pe32
C:\Users\admin\Downloads\important_document.exe
C:\5e825df258807b8a80f25ead8ef61ea85b8530354f6d2a9db5ac7585ee7d473f
C:\Users\John\AppData\Local\Temp\pyANjxotdv.exe
C:\Users\admin\Downloads\ef6a7d6b32bc2997b88d13e396216bf7.virus.exe
C:\414c42fcd92cca569cc9b7185d63f480afdedfd113005c7c02dd27a1f8155bf6
C:\Users\admin\Downloads\pissa.exe
C:\7bf33924b343566f0f373e9d56a00289b068a7e0eb5071e86cdb7214098bb2f1
C:\Users\admin\Downloads\pissa.exe
C:\747123ae6d399e37a54dcda29920b7d2d2b1e1b4050f11f2ba8d0429b53cb24b
C:\Users\Virtual\AppData\Local\Temp\c95f50d26843d71a0e1ab2cf8bd79265e86b5bf357eab019ea8dc63e1c5cd38d.exe
C:\895ab627f591e7998bc70038968bba5db689c1f4f54f58168ce87197f540c628
C:\Users\admin\Downloads\pissa.exe
C:\523cc179cf64fd0b7bf80d05ae3d641711f767c6c6e53fc801f78681b625e004
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\29f8eade827eb453_pissa.exe
C:\WmtQT5g4.exe
C:\Users\admin\Downloads\df363be94058a07dccfcecba135026a6.virus.exe
C:\94d10d03f1b967f67dc9b815ad3abd0bda3a65e953e4b552eb8598d2a9c08c1b
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\94e3347596c84636_pissa.exe
C:\508b3caa4f1d4a5687e2ef5dff66b3a05f7023b85194b2364484882910e87b5e
C:\3d1277556df25d85d9746f5097ca7397e4a2993d9160e54b8ae3cb85ba3aa044
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\563a058d872471f7f8754a08f7bd9b3b3eeb49f9c8d0c55dd214578faa668901
C:\ff08a527bf05fc10c441fe17b5ae86ec5cbcc5445043f080c7f414b69ee98f13
C:\f99019b09da96f76c5b6b9cc1fcdf811197f7b242e26e4786dd8b12bfac3a2b3
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\a390e50556a3ee4b_pissa.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\96e9322e75aa17e3bbfefb88515d5bbd12d37be76c14c7370e7f4aaddcbdea20
C:\Users\admin\Downloads\pissa.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\c209579fbc12bfcf_pissa.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\6fb4f489d2dcf2c9ad3825f396052ddfa824fc73b69f0bcd943ccfeed4828d26
C:\Dh6QgVGx.exe
C:\a6f1afc76ba2edffb1300e688dc7980a713ce50e4c9783e0e597b70b9d46fa0d
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\908792ec73d6d1655de114dc53b912a56abf1bc70030d174188c30c168ec16b9
C:\c3a618d00b640fdc9cff34f08781d7b9744e9c7dbf4cbc2cf73b4367e06360e8
C:\f2ff2ffeea081ca707a66f637152f52a956d5e8c46f15d55d0833d9bb8eb140e
C:\Users\admin\Downloads\pissa.exe
C:\RgX4KSt3.exe
C:\Users\Petra\AppData\Local\Temp\file.pe32
C:\8dfde1464e088d2f1c906c6d79dd7bd0b2dca3eccd45ed70760231750dd37b39
C:\e6f8a27f80d67cd42948fcf6534019f2c6ecfed92f63a47ad8c0331b8720c7ea
C:\ad2825fecdc7f3516ca35f997cdb9d421aceb8cf0375c43f65b1da50d2ed3287
C:\020ba5dca09729c36ef5900427708c80816315f561d81cfb337b1efe971ead49
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\cQtippyK.exe
C:\Users\admin\Downloads\c3f8a2732a70fe22f9f24bff3de13adb.virus.exe
C:\bb66b70f84fb1143c545894705033507ae5c1ee308e4eacbf1c2e02e5c7bc3fd
C:\c5639481e039f5148d0c9cc9431fe0c860c2049835b3a23972c66ffb69e9d20f
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\0d037d1e877ba353_pissa.exe
C:\6c2c3df04bd5e9c148643b4be19cc40f588adc21c10d9b2ebc8844c910f908f4
C:\Users\admin\Downloads\pissa.exe
C:\880b572fd3bbd369faf715c333b332522e8f5f34d5390c1fb7df1874dc734548
C:\9f0cee250f69b955bb1f9d4cef5d95d7a35c8957e403249c832e9a7b9c537ad9
C:\ZtHyJTeO.exe
C:\e0d78a7ec88a48f338993587d5b654bc84aed82a45ec0810f2a5f8ac56549652
C:\f1b1d4d48be92a4e9ae44226bd180bea99b9eae73efc1e0f46cb330226fdab71
C:\Users\admin\Downloads\pissa.exe
C:\310e4a71e64496276a1219f8f97f19b6c9734f6d6076344671346c50e298d00c
C:\KroUih5D.exe
C:\Users\Petra\AppData\Local\Temp\ea16e498027103e053ff.pe32
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\RA491~1.VUL\AppData\Local\Temp\408328aa02831809daf7e28ecac203f4.exe
C:\Users\admin\Downloads\pissa.exe
C:\Users\RA491~1.VUL\AppData\Local\Temp\408328aa02831809daf7e28ecac203f4.exe
C:\Users\admin\Downloads\pissa.exe
C:\vRPjZqfS.exe
C:\Users\admin\Downloads\bc2178381225978d3daa6e158c032f43.exe
C:\d61fa845fa1b18936d0106dde4323bf131569f0cddbaa93219b33784d0d603df
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\f725beadce566924_pissa.exe
C:\e5c5468b52e716f70dc78f07e730b9a30fe39f1050d6c103fa1c5d1801c1e795
C:\7712657f4566382125dd84d7b99ce3d310953cf0aa221de70dd75b811a4b979f
C:\33c9787b0a4c1e03988810db44a267cb99df84694b69ae095a0dbd6998f33559
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\b004d7bd65ff438c_pissa.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\677cfd56502e81338b4a1ef2c47ba26f915a3998d008b2e2343fa53b6908fd6e
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\44c43728c71152eb6e18b6177ad1c406bc207c9d3c4b2a77a1d7ee924c7844a7
C:\Users\RA491~1.VUL\AppData\Local\Temp\408328aa02831809daf7e28ecac203f4.exe
C:\Users\admin\Downloads\pissa.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\f8467eb706b46729_pissa.exe
C:\Users\admin\Downloads\b96b4f3d3463323f3677a4b1872d4a64aadcb6b186cdaced6809c3644f76aac2.exe
C:\15c049b5b80173aa49863a8ae08ea35f84806adc8e76ff9023763b461d2243ec
C:\Users\admin\Downloads\pissa.exe
C:\438b13c0e4eb55a388356395bea1d596a86f8e4a961213ea3fa3a5e0673bafd9
C:\Users\admin\Downloads\pissa.exe
C:\2cd0e658a4255c51a13a915b294e54ece6ca2bf833627ea39121ca45ed2bd33e
C:\Users\admin\Downloads\pissa.exe
C:\Users\admin\Downloads\019fa3a9aa73e26c5be8c9247b1cb1cbdc1975ed786df03834c8a8c406724dc9.exe
C:\Users\admin\Downloads\0f436d003a36243b0c2edc98b7d9d89d958543a3eb6f574d40296a49167701c5.exe
C:\Users\admin\Downloads\4f99dcefc1a98d04d926020c490acdc6c88b7eee07f38f13106780ea1520bfb6.exe
C:\Users\admin\Downloads\796e8ba4f4a658ae226299af9b875323d82aaff58bdc6cf090c257f635eab2da.exe
C:\48fd38e2e96ac1c2a23a4f141edf98f98588d1c7e9a3c9f61df0cf0168d8bf88
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\97657d302f632908_pissa.exe
C:\Users\admin\Downloads\8c5fcaec2761e2ed52dbbcee5389abb4ac068af1a9b65ccea40cc3b76d382159.exe
C:\Users\admin\Downloads\9565823645c177b0c1cb32ad86c20597d0492c5f9798e1d5dd1779d155d1cec7.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\36c2c9476acc5eb5_pissa.exe
C:\Users\admin\Downloads\1df2f4e8b72d0231b06400f23685f44b680239ece693f4d9381f767fc9874b78.exe
C:\Users\Petra\AppData\Local\Temp\pissa.pe32
C:\Users\admin\Downloads\6294cd1fa5fca2cc_pissa.exe
C:\Users\Virtual\AppData\Local\Temp\dbd4d3a7365887869897e650dd2e918508102de177f3e51abf51b188e35e591e.exe
C:\Users\admin\Downloads\pissa.exe
C:\4ee7ce3228b086072375bf7d36072245ebb22fccc2432f14755c1c586eff7fd0
C:\Users\admin\Downloads\pissa.exe
C:\Users\admin\Downloads\b2e7890ff1f86105be2b9ddc842727923c3c6333bc99ab951056f534a331eec2.exe
C:\YJrCtcea.exe
C:\e51302126951736f892f15aab90346662e1e4ece208fbec6ddf6a52fc92e408c
C:\WINDOWS\system32\f751b1b151302c8ba0b9ce733a9a7bc1889859b67938c6eb00f2c25bcdae9425.exe
C:\1726efd6f0657f377f0352910fd6d25acab3901ad0c8a89c94da09003cf97e18
C:\Users\admin\Downloads\pissa.exe
C:\d275b81ef0920a46d2ade004fe529823f5006e0350708ac730194e9560fde32d
C:\Users\admin\Downloads\pissa.exe
C:\Users\RA491~1.VUL\AppData\Local\Temp\408328aa02831809daf7e28ecac203f4.exe
C:\3b3f48129fcd10b633b1b81fa1120277f472de2b6e65f27cd5dd04e7c656b607
C:\Users\admin\Downloads\pissa.exe
C:\WINDOWS\system32\799964e65ed4fcf78fd826e6c9ae4a7b881ad3a2c5c04a446ded592072adb873.exe
C:\psZWCrs5.exe
C:\957b264d2985222d8496c51e32b6b49b7f3c47e19135acb2a983b35b4da3404f
C:\3ac5be7086b7daf4d65eb10fe2e8b0ca5134dc75ac46d8e1e4e844a00ba1c2fb
C:\CuqNiqKf.exe
ms-calculator:
IDI_CALC_ICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows Calculator
FileVersion
10.0.19041.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
CALC.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.19041.1
VarFileInfo
Translation
C:\LeYyh0Fz.exe
C:\Users\Bruno\Desktop\software.exe
C:\Users\Admin\AppData\Local\Temp\ca66dc7881fd16d5409b7b0885be363555a26f2cf5362ca5f4433e467e8cfd0e.exe
C:\pYZMLBVC.exe
C:\Users\azure\Downloads\19020438cd30d830309e0678d65f2633.exe
C:\6aPazNhF.exe
C:\Users\azure\Downloads\e13b0f107b3c8c16aa57aafb3641d8714b22f461afba7a6fdead04c2741bfd17.exe
C:\Users\Admin\AppData\Local\Temp\829b8bdf60705be38bc29fb00ce99117aec2a48b6abf88447adefa090948fd68.exe
C:\Users\azure\Downloads\68fc2ad335dd243840cbc5e52e79d7cf5649f316f24f1e1a8c5223a5ae90fa86.exe
C:\Users\Admin\AppData\Local\Temp\045c610213a1bd26320192c2d5b664334455a2ff4e64fa06b5a602856d8a0e02.exe
C:\Users\azure\Downloads\c124ba5760fd8cf8c94bfaca87a29e0c9a2c5ff4847bd38bf6486735deaf0fea.exe
C:\Users\Joe Cage\Desktop\exelcudgyo.exe
C:\Users\Admin\AppData\Local\Temp\3eab06fb0464bce5097cae8ba1a0738622fb14653e310d81c5c3f45b3871233d.exe
C:\Users\azure\Downloads\58a736dc093689a9bf595e51facdaadf0c881695236b31f9d6a98a985fa4fd49.exe
C:\Users\Administrator\AppData\Local\Temp\602e38a7be0fd90c9628b0721c95fd7693498440bde6e4eca25baf077b84e358.exe
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Evo-gen [Trj]
C4S ClamAV (Linux) Win.Trojan.Upatre-3335
Trellix (Linux) Downloader-FTW
Sophos Anti-Virus (Linux) Troj/Agent-AECC
Bitdefender Antivirus (Linux) Trojan.GenericKDZ.109048
G Data Antivirus (Windows) Virus: Trojan.GenericKDZ.109048 (Engine A), Win32.Trojan-Downloader.Upatre.BJ (Engine B)
WithSecure (Linux) Trojan.TR/Bublik.wgoc
ESET Security (Windows) Win32/TrojanDownloader.Small.AAB trojan
DrWeb Antivirus (Linux) Trojan.DownLoad3.28161
ClamAV (Linux) Win.Trojan.Upatre-3335
eScan Antivirus (Linux) Trojan.GenericKDZ.109048(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Bublik.pef
Emsisoft Commandline Scanner (Windows) Trojan.GenericKDZ.109048 (B)
Cuckoo

We're processing your submission... This could take a few seconds.