× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 917627c7e3dec25d7eb80020c98804c8ff993922da9f0076200a8d4b6927a7ef
File name: 1.exe
Detection ratio: 45 / 54
Analysis date: 2015-10-26 17:24:50 UTC ( 6 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Kazy.291177 20151026
AVG Inject2.GPM 20151026
AVware Trojan.Win32.Fareit.if (v) 20151026
Yandex Trojan.Injector!heAMfAVBWhQ 20151026
AhnLab-V3 Spyware/Win32.Zbot 20151026
Antiy-AVL Trojan/Win32.Inject 20151026
Arcabit Trojan.Kazy.D47169 20151026
Avast Win32:Zbot-UIP [Trj] 20151026
Avira (no cloud) TR/Buzus.EB.85 20151026
Baidu-International Trojan.Win32.Inject.hkvs 20151026
BitDefender Gen:Variant.Kazy.291177 20151026
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151026
Comodo TrojWare.Win32.Injector.AQZT 20151026
Cyren W32/Trojan.DAZN-5968 20151026
DrWeb Trojan.DownLoader9.22851 20151026
ESET-NOD32 a variant of Win32/Injector.AQZE 20151026
Emsisoft Gen:Variant.Kazy.291177 (B) 20151026
F-Secure Gen:Variant.Kazy.291177 20151026
Fortinet W32/Kryptik.WIF!tr 20151026
GData Gen:Variant.Kazy.291177 20151026
Ikarus Trojan.Inject2 20151026
Jiangmin TrojanSpy.Zbot.fpam 20151026
K7AntiVirus Trojan ( 0048ed611 ) 20151026
K7GW Trojan ( 0048ed611 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Spyware.Zbot.ED 20151026
McAfee Downloader-FEX!C0D2E08C3F0D 20151026
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20151026
eScan Gen:Variant.Kazy.291177 20151026
Microsoft Trojan:Win32/Neurevt.C 20151026
NANO-Antivirus Trojan.Win32.Neurevt.cmwknh 20151026
Panda Trj/Zbot.M 20151026
Rising PE:Malware.Obscure/Heur!1.9E03 [F] 20151026
SUPERAntiSpyware Trojan.Agent/Gen-Graftor 20151026
Sophos Mal/Ransom-CE 20151026
Symantec Trojan.Betabot 20151026
Tencent Win32.Trojan.Inject.Syhm 20151026
TotalDefense Win32/Tnega.FIEIET 20151026
TrendMicro TROJ_SPNV.01KF13 20151026
TrendMicro-HouseCall TROJ_MALKRYPT.SM 20151026
VBA32 TrojanSpy.Zbot 20151026
VIPRE Trojan.Win32.Fareit.if (v) 20151026
ViRobot Trojan.Win32.S.Zbot.226617.B[h] 20151026
Zillya Trojan.Neurevt.Win32.120 20151026
nProtect Trojan/W32.Inject.226617 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151026
CMC 20151026
ClamAV 20151026
F-Prot 20151026
TheHacker 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-13 14:02:03
Entry Point 0x000062CB
Number of sections 4
PE sections
Overlays
MD5 2a581d04f531d7670095c04d8cc79f6e
File type data
Offset 77824
Size 148793
Entropy 8.00
PE imports
LineTo
TextOutW
SelectObject
GetCharacterPlacementW
CreatePalette
CreateDIBitmap
CreateCompatibleBitmap
SelectPalette
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
StretchDIBits
LocalFree
HeapFree
GetModuleFileNameW
GetTimeZoneInformation
MapViewOfFile
GetCurrentProcessId
GetCurrentDirectoryW
OpenProcess
GlobalFree
CreateFileW
FindClose
Sleep
FlushFileBuffers
DeleteFileW
GetCurrentThreadId
Ord(1775)
Ord(2358)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(1842)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(2648)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(4529)
Ord(2652)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(4875)
Ord(4696)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5277)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(5265)
Ord(338)
Ord(1669)
Ord(4627)
Ord(3738)
Ord(4853)
Ord(4910)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4531)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(5252)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(1727)
Ord(823)
Ord(5785)
Ord(5186)
Ord(813)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5472)
Ord(4376)
Ord(4436)
Ord(3749)
Ord(2512)
Ord(4823)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2884)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(5100)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(4892)
Ord(1726)
Ord(2366)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(5243)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(4545)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6329)
Ord(2510)
Ord(1776)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(1871)
Ord(2385)
Ord(4961)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(289)
Ord(2399)
Ord(5012)
Ord(3571)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(1640)
Ord(4543)
Ord(4610)
Ord(2879)
Ord(4486)
Ord(4698)
Ord(4370)
Ord(613)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
Ord(3318)
__CxxFrameHandler
cos
_ftol
memset
malloc
memcpy
sin
GetModuleFileNameExA
CreateDialogParamW
DrawEdge
GetParent
ReleaseDC
DispatchMessageA
EnableWindow
UpdateWindow
GetSystemMenu
SystemParametersInfoW
GetCursorPos
MessageBoxIndirectW
InvalidateRect
Number of PE resources by type
RT_STRING 11
RT_DIALOG 3
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 13
NEUTRAL 2
FRENCH CANADIAN 1
GERMAN SWISS 1
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:13 15:02:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x62cb

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c0d2e08c3f0d964858b8a9788aa6732e
SHA1 fd8749ed0eedb4ca07803565881a706c8869bd01
SHA256 917627c7e3dec25d7eb80020c98804c8ff993922da9f0076200a8d4b6927a7ef
ssdeep
6144:MTKdP784r0r2H/FQ4IoRKbxvXfHixWjovW1:phrJHK4L6/ixU

authentihash 8993f6e63571fa3b04a4a32bdf816b924058a44f7eaa7eed336a19a83b7a92c1
imphash 56139a0cc47318858ccbd48d25fb0d0b
File size 221.3 KB ( 226617 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-11-14 20:38:03 UTC ( 2 years, 5 months ago )
Last submission 2013-12-18 15:38:14 UTC ( 2 years, 4 months ago )
File names 57edbb8a2ee5b4d7210562e5dce41bec27dca90f
17211349
1.exe
output.17211349.txt
nngiwsnjb.exe
fd8749ed0eedb4ca07803565881a706c8869bd01
1.ex
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!