× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 049c9c12d5596cb3e45cf626431225ac6789f4c2dec92ed62df22af4f87b23d6
File name: ft.exe
Detection ratio: 26 / 54
Analysis date: 2014-08-23 05:16:38 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.435416 20140823
AhnLab-V3 Trojan/Win32.Agent 20140822
AntiVir TR/ZbotCitadel.A.926 20140822
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140823
Avast Win32:Malware-gen 20140823
AVG Zbot.MZE 20140823
AVware Trojan.Win32.Generic!BT 20140823
BitDefender Gen:Variant.Kazy.435416 20140823
Commtouch W32/PWS.MYVS-8831 20140823
Emsisoft Gen:Variant.Kazy.435416 (B) 20140823
ESET-NOD32 Win32/Spy.Zbot.AAO 20140822
F-Secure Gen:Variant.Kazy.435416 20140823
GData Gen:Variant.Kazy.435416 20140823
Kaspersky Trojan-Spy.Win32.Zbot.tvgn 20140823
Kingsoft Win32.Troj.Zbot.tv.(kcloud) 20140823
Malwarebytes Trojan.Agent.ED 20140822
McAfee RDN/Generic PWS.y!b2s 20140823
Microsoft Trojan:Win32/Dynamer!ac 20140823
eScan Gen:Variant.Kazy.435416 20140823
NANO-Antivirus Trojan.Win32.Zbot.debbit 20140823
Qihoo-360 Win32/Trojan.BO.5c1 20140823
Sophos AV Mal/Generic-S 20140823
Symantec Trojan.Gen.SMH 20140823
TrendMicro TROJ_GEN.R0CBC0CHM14 20140823
TrendMicro-HouseCall TROJ_GEN.R0CBC0CHM14 20140823
VIPRE Trojan.Win32.Generic!BT 20140823
AegisLab 20140823
Yandex 20140822
Baidu-International 20140822
Bkav 20140821
ByteHero 20131127
CAT-QuickHeal 20140822
ClamAV 20140822
CMC 20140822
Comodo 20140823
DrWeb 20140823
F-Prot 20140823
Fortinet 20140823
Ikarus 20140823
Jiangmin 20140822
K7AntiVirus 20140822
K7GW 20140822
McAfee-GW-Edition 20140822
Norman 20140822
nProtect 20140822
Panda 20140822
Rising 20140822
SUPERAntiSpyware 20140823
Tencent 20140823
TheHacker 20140822
TotalDefense 20140822
VBA32 20140822
ViRobot 20140823
Zillya 20140822
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright 2007-2010 Google Inc.

Publisher Google Inc.
Product Google Update
Original name GoogleUpdateSetup.exe
Internal name Google Update Setup
File version 1.3.2.8
Description Google Update Setup
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-19 08:24:09
Entry Point 0x00005CC8
Number of sections 4
PE sections
Number of PE resources by type
RT_ICON 6
RT_DIALOG 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
File identification
MD5 bdef2c551422df983f12529c1b62964b
SHA1 3b2d644a57dea683e572f9d99dbccc7606e01fd1
SHA256 049c9c12d5596cb3e45cf626431225ac6789f4c2dec92ed62df22af4f87b23d6
ssdeep
6144:WThDhc5fKiMh3b7O1y7ysSniDhYPBE+F3uDyC8poMq:qDhco73bqs7qPmylp5q

imphash d19cbcf4ee61099ad0aa94d906ce1325
File size 325.0 KB ( 332800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-23 05:16:38 UTC ( 4 years, 6 months ago )
Last submission 2014-08-23 05:16:38 UTC ( 4 years, 6 months ago )
File names Google Update Setup
ft.exe
Xbjr7Q.docx
GoogleUpdateSetup.exe
vt-upload-YiI_i
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications