× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04b061ab1ff5386b9fe14d6cc91c9676080f95fa9b8c69df472fa40915aca313
File name: 6d0d59ebdbddc25cb763de7729931ec1
Detection ratio: 39 / 56
Analysis date: 2015-01-22 06:44:04 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dropper.78 20150122
Yandex Trojan.Zbot!RW3nn1Lyuxo 20150121
AhnLab-V3 Trojan/Win32.Buzus 20150122
ALYac Gen:Variant.Dropper.78 20150122
Antiy-AVL Trojan/Win32.Zbot 20150122
Avast Win32:Malware-gen 20150122
AVG PSW.Generic10.BVXV 20150122
Avira (no cloud) TR/Downloader.Gen8 20150122
AVware Trojan.Win32.Zbot.z (v) 20150122
BitDefender Gen:Variant.Dropper.78 20150122
CMC Packed.Win32.Zcrypt.3!O 20150120
Comodo TrojWare.Win32.Zbot.JLEP 20150122
Cyren W32/Trojan.FHFG-5003 20150122
DrWeb Trojan.PWS.Panda.2401 20150122
Emsisoft Gen:Variant.Dropper.78 (B) 20150122
ESET-NOD32 Win32/Spy.Zbot.AAO 20150122
F-Secure Gen:Variant.Dropper.78 20150122
Fortinet W32/Jorik_Zbot.GSU!tr 20150121
GData Gen:Variant.Dropper.78 20150122
Ikarus Trojan.Win32.Loktrom 20150122
Jiangmin Trojan/Jorik.jsma 20150121
K7AntiVirus Backdoor ( 04c4d7831 ) 20150122
Kaspersky Trojan-Spy.Win32.Zbot.pgzf 20150122
Kingsoft Win32.Troj.Jorik.g.(kcloud) 20150122
Malwarebytes Trojan.Agent.ZB 20150122
McAfee PWS-FAMW!6D0D59EBDBDD 20150122
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20150122
Microsoft PWS:Win32/Zbot.gen!CI 20150122
eScan Gen:Variant.Dropper.78 20150122
NANO-Antivirus Trojan.Win32.Jorik.bxncsi 20150122
Norman Inject.AOJK 20150122
nProtect Trojan/W32.Jorik.243716 20150122
Qihoo-360 HEUR/Malware.QVM05.Gen 20150122
Sophos Mal/Generic-S 20150122
Symantec Trojan.Zbot 20150122
Tencent Win32.Trojan.Jorik.bpht 20150122
TotalDefense Win32/Inject.C!generic 20150122
VBA32 Trojan.Jorik.Zbot 20150122
VIPRE Trojan.Win32.Zbot.z (v) 20150122
AegisLab 20150122
Alibaba 20150120
Baidu-International 20150122
Bkav 20150122
ByteHero 20150122
CAT-QuickHeal 20150122
ClamAV 20150122
F-Prot 20150122
Panda 20150122
Rising 20150121
SUPERAntiSpyware 20150122
TheHacker 20150121
TrendMicro 20150122
TrendMicro-HouseCall 20150122
ViRobot 20150122
Zillya 20150121
Zoner 20150121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-18 16:00:05
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
HeapFree
LoadLibraryW
FreeLibrary
HeapDestroy
HeapAlloc
GetFileSize
GetCommandLineW
ExitProcess
HeapSize
GetProcAddress
SuspendThread
WideCharToMultiByte
GetModuleFileNameW
ReadFile
WriteFile
CloseHandle
HeapReAlloc
GetModuleHandleW
InitializeCriticalSection
HeapCreate
CreateFileW
Sleep
GetTickCount
wcslen
memmove
wcsncpy
memset
_wcsnicmp
free
_wcsdup
wcscmp
wcsncmp
memcpy
NtUnmapViewOfSection
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:18 17:00:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9728

LinkerVersion
2.5

FileAccessDate
2015:01:22 13:11:08+01:00

EntryPoint
0x1000

InitializedDataSize
241668

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:01:22 13:11:08+01:00

UninitializedDataSize
0

File identification
MD5 6d0d59ebdbddc25cb763de7729931ec1
SHA1 3431e1130d4e04aa3e148da8981dfd83057070fc
SHA256 04b061ab1ff5386b9fe14d6cc91c9676080f95fa9b8c69df472fa40915aca313
ssdeep
6144:qGw0ttmGgNh+EfaqHWyJ/VBMx132/04BObUCFaiCcOXnM:Pw0ttm11JJV+0nvCFai56M

authentihash 05d65655e8505622028867cc898b3ed4a1d537f99692276d6e7752bdffd3b95e
imphash 0d12dc1bcecfeaf0941bf616830f0769
File size 238.0 KB ( 243716 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-19 13:52:15 UTC ( 4 years, 2 months ago )
Last submission 2013-02-19 13:52:15 UTC ( 4 years, 2 months ago )
File names 6d0d59ebdbddc25cb763de7729931ec1
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications