Additional information from VT:
ssdeep
1536:7aLet+6XUziU0+uSJdLX/SYgFBl7dofv6gSW+aOFrFKzgINiFAMbO:u964nuSj9gFn7daCc+8DNgAMa
TrID
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEiD packer identifier
Armadillo v1.71
ExifTool
MIMEType…: application/octet-stream
Subsystem…: Windows GUI
MachineType…: Intel 386 or later, and compatibles
TimeStamp…: 2008:10:12 19:35:28+02:00
FileType…: Win32 EXE
PEType…: PE32
CodeSize…: 5120
LinkerVersion…: 6.0
EntryPoint…: 0x1734
InitializedDataSize…: 28672
SubsystemVersion…: 5.0
ImageVersion…: 0.0
OSVersion…: 5.0
UninitializedDataSize…: 0
Sigcheck
publisher…: unoo Nc
product…: Imeto
internal name…: Exuize Cabl
copyright…: ilooism (c) aci 1991 - 2001
original name…: hize.exe
file version…: 7.4.2800.3300
description…: Unee
Portable Executable structural information
Compilation timedatestamp…: 2008-10-12 17:35:28
Target machine…: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address…: 0x00001734
PE Sections…:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 4819 5120 5.77 2678e5dc1e76c46bb1f67e11346eb5f9
.data 12288 50685 9216 6.70 383fa2b40191b396019c7e6f5109d811
.rsrcE 65536 19396 19456 4.38 0052611b59e60112162fb63efc4cec12
PE Imports…:
[[comdlg32.dll]]
GetOpenFileNameA
[[gdi32.dll]]
TranslateCharsetInfo, CreateCompatibleDC, ScaleViewportExtEx, FillPath, BeginPath, InvertRgn, LineTo, GetNearestPaletteIndex, ExtCreateRegion, GetBkMode, RectInRegion, TextOutA, PtInRegion, GetStretchBltMode, OffsetClipRgn, CombineRgn, CreateDCW, GetEnhMetaFileBits, EnumFontsA, SetViewportOrgEx, PolyBezierTo
[[kernel32.dll]]
SetThreadLocale, LCMapStringW, GetStartupInfoA, GetTempPathA, RaiseException, LCMapStringA, GetPrivateProfileStringA, GetSystemInfo, GetNumberFormatA, GetFileAttributesA, IsValidCodePage, SetUnhandledExceptionFilter, GetTempPathW, InterlockedDecrement, GetThreadLocale, lstrcpynA
[[msvcrt.dll]]
_except_handler3, strchr, _acmdln, __p__fmode, realloc, _adjust_fdiv, __setusermatherr, _iob, sqrt, _cexit, _exit, memcpy, fprintf, _XcptFilter, __getmainargs, calloc, free, _initterm, fopen, __p__commode, __set_app_type
[[advapi32.dll]]
RegFlushKey, GetSecurityDescriptorDacl, RegOpenKeyExW, OpenThreadToken, ControlService, InitializeAcl, LookupPrivilegeValueW, RegOpenKeyW, RegCreateKeyA
[[ole32.dll]]
CreateItemMoniker, StgCreateDocfileOnILockBytes, CoGetInterfaceAndReleaseStream, CoRevokeClassObject, CoDisconnectObject, OleSetMenuDescriptor, PropVariantClear, OleSetClipboard, OleInitialize
[[user32.dll]]
InsertMenuA, GetDesktopWindow, BeginPaint, CheckMenuItem, TranslateMessage, InflateRect, GetMenuStringA, SetDlgItemTextA, OffsetRect, RegisterWindowMessageA, SetPropA, SetTimer, GetDlgItem, GetTopWindow, SetClassLongA, GetSysColor, WaitMessage, LoadBitmapA, RemoveMenu
[[comctl32.dll]]
ImageList_Read, ImageList_GetImageCount, ImageList_GetIconSize, InitCommonControlsEx, ImageList_Destroy, ImageList_GetImageInfo, CreatePropertySheetPageW, ImageList_DragLeave, ImageList_DragShowNolock, ImageList_Create, PropertySheetW, ImageList_LoadImageW, ImageList_Add
PE Resources…:
Resource type Number of resources
RT_ICON 9
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Resource language Number of resources
ENGLISH US 13
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2012-08-25 17:53:57 UTC ( 50 minutes ago )
Last seen by VirusTotal
2012-08-25 17:53:57 UTC ( 50 minutes ago )
File names (max. 25)
hize.exe
mirarka.exe
Exuize Cabl
Look at time stamp: TimeStamp…: 2008:10:12 19:35:28+02:00
This one is daaamn old malware…
I wonder how many rootkits in the wild weren’t still spotted and researched?