× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 917627c7e3dec25d7eb80020c98804c8ff993922da9f0076200a8d4b6927a7ef
File name: 1.exe
Detection ratio: 44 / 50
Analysis date: 2014-02-06 16:17:35 UTC ( 2 months, 1 week ago )
Antivirus Result Update
AVG Inject2.GPM 20140206
Ad-Aware Gen:Variant.Kazy.291512 20140206
Agnitum Trojan.Injector!heAMfAVBWhQ 20140204
AhnLab-V3 Spyware/Win32.Zbot 20140206
AntiVir TR/Buzus.226617.1 20140206
Antiy-AVL Trojan/Win32.Neurevt 20140205
Avast Win32:Crypt-QEA [Trj] 20140206
Baidu-International Trojan.Win32.Injector.AQZE 20140206
BitDefender Gen:Variant.Kazy.291177 20140206
Bkav W32.GenericJanymusH.Trojan 20140125
CAT-QuickHeal Trojan.CeeInject.gen 20140206
Comodo TrojWare.Win32.Injector.AQZT 20140206
DrWeb Trojan.DownLoader9.22851 20140206
ESET-NOD32 a variant of Win32/Injector.AQZT 20140206
Emsisoft Gen:Variant.Kazy.291512 (B) 20140206
F-Secure Gen:Variant.Kazy.291512 20140206
Fortinet W32/Neurevt.KB!tr 20140206
GData Gen:Variant.Kazy.291177 20140206
Ikarus Virus.Win32.CeeInject 20140206
Jiangmin TrojanSpy.Zbot.fpam 20140206
K7AntiVirus Trojan ( 0048ed611 ) 20140206
K7GW Trojan ( 0048ed611 ) 20140206
Kaspersky Trojan.Win32.Inject.hkur 20140206
Kingsoft Win32.Troj.Neurevt.kb.(kcloud) 20140206
Malwarebytes Spyware.Zbot.ED 20140206
McAfee Downloader-FEX!C0D2E08C3F0D 20140206
McAfee-GW-Edition Downloader-FEX!C0D2E08C3F0D 20140206
MicroWorld-eScan Gen:Variant.Kazy.291512 20140206
Microsoft VirTool:Win32/CeeInject 20140206
NANO-Antivirus Trojan.Win32.Neurevt.cmwknh 20140206
Norman Suspicious_Gen4.FIMPH 20140206
Panda Trj/Zbot.M 20140206
Qihoo-360 Win32/Trojan.516 20140206
Rising PE:Malware.Obscure/Heur!1.9E03 20140206
SUPERAntiSpyware Trojan.Agent/Gen-Graftor 20140206
Sophos Mal/Ransom-CE 20140206
Symantec Trojan.Betabot 20140206
TotalDefense Win32/Tnega.FIEIET 20140205
TrendMicro TROJ_SPNV.01KF13 20140206
TrendMicro-HouseCall TROJ_SPNV.01KF13 20140206
VBA32 TrojanSpy.Zbot 20140206
VIPRE Trojan.Win32.Fareit.if (v) 20140206
ViRobot Trojan.Win32.S.Zbot.226617.B 20140206
nProtect Trojan/W32.Inject.226617 20140206
ByteHero 20140206
CMC 20140122
ClamAV 20140206
Commtouch 20140206
F-Prot 20140206
TheHacker 20140205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-13 14:02:03
Entry Point 0x000062CB
Number of sections 4
PE sections
PE imports
LineTo
TextOutW
SelectObject
GetCharacterPlacementW
CreatePalette
CreateDIBitmap
CreateCompatibleBitmap
SelectPalette
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
StretchDIBits
LocalFree
HeapFree
GetModuleFileNameW
GetTimeZoneInformation
MapViewOfFile
GetCurrentProcessId
GetCurrentDirectoryW
OpenProcess
GlobalFree
CreateFileW
FindClose
Sleep
FlushFileBuffers
DeleteFileW
GetCurrentThreadId
Ord(1775)
Ord(2358)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(1842)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(2648)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(4529)
Ord(2652)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(4875)
Ord(4696)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5277)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(5265)
Ord(338)
Ord(1669)
Ord(4627)
Ord(3738)
Ord(4853)
Ord(4910)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4531)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(5252)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(1727)
Ord(823)
Ord(5785)
Ord(5186)
Ord(813)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5472)
Ord(4376)
Ord(4436)
Ord(3749)
Ord(2512)
Ord(4823)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2884)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(5100)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(4892)
Ord(1726)
Ord(2366)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(5243)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(4545)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6329)
Ord(2510)
Ord(1776)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(1871)
Ord(2385)
Ord(4961)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(289)
Ord(2399)
Ord(5012)
Ord(3571)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(1640)
Ord(4543)
Ord(4610)
Ord(2879)
Ord(4486)
Ord(4698)
Ord(4370)
Ord(613)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
Ord(3318)
__CxxFrameHandler
cos
_ftol
memset
malloc
memcpy
sin
GetModuleFileNameExA
CreateDialogParamW
DrawEdge
GetParent
ReleaseDC
DispatchMessageA
EnableWindow
UpdateWindow
GetSystemMenu
SystemParametersInfoW
GetCursorPos
MessageBoxIndirectW
InvalidateRect
Number of PE resources by type
RT_STRING 11
RT_DIALOG 3
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 13
NEUTRAL 2
FRENCH CANADIAN 1
ENGLISH US 1
GERMAN SWISS 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:13 15:02:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

FileAccessDate
2014:02:06 17:18:17+01:00

EntryPoint
0x62cb

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:06 17:18:17+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c0d2e08c3f0d964858b8a9788aa6732e
SHA1 fd8749ed0eedb4ca07803565881a706c8869bd01
SHA256 917627c7e3dec25d7eb80020c98804c8ff993922da9f0076200a8d4b6927a7ef
ssdeep
6144:MTKdP784r0r2H/FQ4IoRKbxvXfHixWjovW1:phrJHK4L6/ixU

imphash 56139a0cc47318858ccbd48d25fb0d0b
File size 221.3 KB ( 226617 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-14 20:38:03 UTC ( 5 months ago )
Last submission 2013-12-18 15:38:14 UTC ( 4 months ago )
File names 57edbb8a2ee5b4d7210562e5dce41bec27dca90f
17211349
1.exe
output.17211349.txt
nngiwsnjb.exe
fd8749ed0eedb4ca07803565881a706c8869bd01
1.ex
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!