× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04b80d0d5ebf2249f41f82936c70b800fb7b11a01a1b529da2513700f5ecc52f
File name: Cecat
Detection ratio: 50 / 55
Analysis date: 2017-02-01 18:58:58 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1703300 20170201
AegisLab Troj.Spy.W32.Zbot.tdfz!c 20170201
AhnLab-V3 Trojan/Win32.Zbot.C401399 20170201
ALYac Trojan.GenericKD.1703300 20170201
Arcabit Trojan.Generic.D19FD84 20170201
Avast Win32:Xpaj-gen 20170201
AVG Win32/Heim.A 20170201
Avira (no cloud) TR/Crypt.ZPACK.42927 20170201
AVware Trojan.Win32.Generic!BT 20170201
Baidu Win32.Trojan.Kryptik.ho 20170125
BitDefender Trojan.GenericKD.1703300 20170201
CAT-QuickHeal Trojan.Zbot.AM4 20170201
ClamAV Win.Trojan.Agent-1427159 20170201
Comodo UnclassifiedMalware 20170201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.FHYN-2482 20170201
DrWeb Trojan.PWS.Panda.2401 20170201
Emsisoft Trojan.GenericKD.1703300 (B) 20170201
ESET-NOD32 Win32/Spy.Zbot.AAO 20170201
F-Prot W32/Trojan2.OEYP 20170201
F-Secure Trojan.GenericKD.1703300 20170201
Fortinet W32/Zbot.TDFZ!tr 20170201
GData Trojan.GenericKD.1703300 20170201
Invincea virus.win32.ramnit.p 20170111
Jiangmin TrojanSpy.Zbot.eelu 20170201
K7AntiVirus Trojan ( 0040f8c71 ) 20170201
K7GW Trojan ( 0040f8c71 ) 20170201
Kaspersky Trojan-Spy.Win32.Zbot.tdfz 20170201
Malwarebytes Spyware.Zbot.VXGen 20170201
McAfee PWS-Zbot.dx 20170201
McAfee-GW-Edition BehavesLike.Win32.ZBot.dc 20170201
Microsoft PWS:Win32/Zbot 20170201
eScan Trojan.GenericKD.1703300 20170201
NANO-Antivirus Trojan.Win32.Zbot.daatyw 20170201
nProtect Trojan-Spy/W32.ZBot.233472.BN 20170201
Panda Trj/WLT.A 20170201
Qihoo-360 HEUR/Malware.QVM20.Gen 20170201
Rising Trojan.Generic-XT6A7vcm16J (cloud) 20170201
Sophos Troj/Zbot-IKX 20170201
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20170201
Symantec Trojan.Zbot 20170201
Tencent Win32.Trojan-spy.Zbot.Wsaa 20170201
TotalDefense Win32/Zbot.GODNMKD 20170201
TrendMicro TSPY_ZBOT.YUYEV 20170201
TrendMicro-HouseCall TSPY_ZBOT.YUYEV 20170201
VBA32 TrojanSpy.Zbot 20170201
VIPRE Trojan.Win32.Generic!BT 20170201
Yandex TrojanSpy.Zbot!d8BiZkINURo 20170201
Zillya Trojan.Zbot.Win32.157227 20170201
Zoner Trojan.Zbot.AAO 20170201
Alibaba 20170122
Bkav 20170123
CMC 20170201
Kingsoft 20170201
TheHacker 20170129
Trustlook 20170201
ViRobot 20170201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name Eymigyiocm.exe
Internal name Cecat
File version 9, 3, 9
Description Azepa Ydezivi Duj
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-16 05:06:29
Entry Point 0x00020356
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
SetNamedSecurityInfoExW
BuildTrusteeWithObjectsAndSidA
TrusteeAccessToObjectW
ControlService
LsaStorePrivateData
OpenThreadToken
CryptSetProviderA
CloseTrace
SetSecurityDescriptorDacl
SystemFunction026
RegFlushKey
LsaEnumerateTrustedDomainsEx
CloseEncryptedFileRaw
OpenEventLogW
CryptEnumProviderTypesA
GetUserNameW
IsValidSid
AddAccessAllowedAceEx
RegEnumKeyExA
CryptGetProvParam
GetTrusteeNameA
SetAclInformation
SetSecurityDescriptorControl
MakeSelfRelativeSD
InitiateSystemShutdownExW
RegisterServiceCtrlHandlerExW
CryptEnumProvidersA
SystemFunction021
SystemFunction006
EnumDependentServicesA
InternalSetTcpEntry
InternalSetIpForwardEntry
GetTcpTable
SetIpNetEntry
GetInterfaceInfo
GetBestInterface
NhGetInterfaceNameFromGuid
SetIfEntry
GetIpForwardTable
InternalGetIfTable
InternalDeleteIpNetEntry
NotifyAddrChange
SendARP
GetPerAdapterInfo
SetTcpEntry
CreateIpForwardEntry
GetTcpStatistics
InternalSetIfEntry
SetIpForwardEntry
GetAdaptersInfo
NhpAllocateAndGetInterfaceInfoFromStack
FlushIpNetTable
NTPTimeToNTFileTime
InternalGetUdpTable
NhGetGuidFromInterfaceName
FileTimeToSystemTime
SetThreadIdealProcessor
GetThreadSelectorEntry
FindNextVolumeMountPointA
Process32FirstW
acmDriverID
acmFormatEnumW
acmFormatDetailsA
acmMetrics
acmStreamConvert
acmFilterTagDetailsW
acmFormatTagDetailsA
acmStreamOpen
acmStreamMessage
acmFormatTagDetailsW
XRegThunkEntry
acmFormatTagEnumW
acmDriverDetailsW
acmStreamPrepareHeader
acmMessage32
acmDriverMessage
acmStreamReset
acmFormatTagEnumA
acmDriverAddA
acmFilterChooseW
acmDriverRemove
acmDriverAddW
acmStreamSize
acmDriverPriority
acmFilterDetailsW
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
RtlPrefixString
NtOpenProcess
NtSetInformationThread
NtCancelTimer
ZwOpenProcess
RtlCheckRegistryKey
RtlQueryRegistryValues
ZwQueryQuotaInformationFile
RtlUpcaseUnicodeToCustomCPN
DbgUiConnectToDbg
NtRaiseException
NtSetInformationObject
RtlAreBitsClear
RtlDefaultNpAcl
RtlPrefixUnicodeString
RtlGetOwnerSecurityDescriptor
NtResumeThread
LdrShutdownThread
RtlSecondsSince1970ToTime
ZwSetHighWaitLowEventPair
NtCreateSemaphore
RtlRealPredecessor
RtlResetRtlTranslations
ZwAdjustPrivilegesToken
RtlSetIoCompletionCallback
ZwOpenThread
RtlCompareUnicodeString
RtlpNtQueryValueKey
ZwQueryTimer
ZwCreateDirectoryObject
OleUIChangeSourceA
OleUIConvertW
OleUIObjectPropertiesW
OleUIChangeIconW
OleUIUpdateLinksA
OleUIObjectPropertiesA
OleUIPasteSpecialW
OleUICanConvertOrActivateAs
OleUIEditLinksA
OleUIBusyA
OleUIInsertObjectA
CIState
CollectFILTERPerformanceData
SetupCache
BindIFilterFromStorage
CollectCIPerformanceData
BindIFilterFromStream
CIMakeICommand
InitializeFILTERPerformanceData
CICreateCommand
EndCacheTransaction
CIGetGlobalPropertyList
LoadTextFilter
DoneFILTERPerformanceData
CITextToSelectTreeEx
EmptyClipboard
SetWindowRgn
GetKeyboardLayoutNameA
GetDoubleClickTime
SetClassLongA
FlashWindowEx
SetWindowPos
GetClassInfoExW
MessageBoxW
GetKBCodePage
SetMenu
CreateDesktopA
SetRectEmpty
WindowFromPoint
GetWindowWord
SetScrollInfo
CharLowerBuffW
RemovePropA
SetClassWord
DefFrameProcW
EnumDisplayDevicesA
DrawIconEx
UnregisterClassW
IsHungAppWindow
LoadIconA
SetDlgItemInt
GetDialogBaseUnits
GetCursor
CreateCursor
CreateAcceleratorTableA
VDMGetPointer
VDMGetAddrExpression
VDMBreakThread
VDMSetThreadContext
VDMGlobalFirst
VDMModuleNext
VDMProcessException
VDMGetSegtablePointer
VDMGetSegmentInfo
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:04:16 06:06:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
7.1

EntryPoint
0x20356

InitializedDataSize
372736

SubsystemVersion
4.0

ImageVersion
7.3

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d5a82031d45db1f2a3644f08ba09369b
SHA1 207e369a7eee8a95c6e13a163a2d134dd436a3a1
SHA256 04b80d0d5ebf2249f41f82936c70b800fb7b11a01a1b529da2513700f5ecc52f
ssdeep
6144:/p6qQSig/SEGdekWNxKTvrscJxRTamd0mXVfhNr:NGdKNxKjJxVZ0m

authentihash 53bc320beb53952972933e3bf015418343cc50b3520e4faa15dc5132ff8a47c5
imphash 7d3ab501fc166293cd314c86edb6d71e
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-03 05:26:14 UTC ( 3 years ago )
Last submission 2016-06-11 10:49:18 UTC ( 1 year ago )
File names isheriff_d5a82031d45db1f2a3644f08ba09369b.bin
Conto_Telecom_Italia_-_scadenza.PDF.exe
Eymigyiocm.exe
c-873ed-4587-1401773162
Cecat
From_071205490_03062014_07h04_11895.pdf.exe
Conto Telecom Italia - scadenza.PDF.exe
d5a82031d45db1f2a3644f08ba09369b
file-7069245_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.