× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04c6874afa555cbfb451dba77aa7924270a041d0351209fe586ca4f853da97d6
File name: COPY_OF_THE_COMPLAINT.DOC.scr
Detection ratio: 42 / 56
Analysis date: 2015-10-26 06:09:49 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.24222 20151026
Yandex TrojanSpy.Zbot!D49/1n3XIno 20151025
AhnLab-V3 Spyware/Win32.Zbot 20151026
ALYac Trojan.GenericKDZ.24222 20151026
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151026
Arcabit Trojan.Generic.D5E9E 20151026
Avast Win32:Androp [Drp] 20151026
AVG Win32/Cryptor 20151026
Avira (no cloud) TR/ATRAPS.Gen4 20151026
AVware Trojan.Win32.Generic!BT 20151026
Baidu-International Trojan.Win32.Zbot.AAO 20151026
BitDefender Trojan.GenericKDZ.24222 20151026
CAT-QuickHeal Worm.Gamarue.I3 20151026
Comodo TrojWare.Win32.Carberp.AV 20151026
Cyren W32/Zbot.FHRJ-0659 20151026
DrWeb Trojan.Packed.25065 20151026
Emsisoft Trojan.GenericKDZ.24222 (B) 20151026
ESET-NOD32 Win32/Spy.Zbot.AAO 20151026
F-Prot W32/Zbot.BWI 20151026
F-Secure Trojan.GenericKDZ.24222 20151026
Fortinet W32/Zbot.AAO!tr 20151026
GData Trojan.GenericKDZ.24222 20151026
Ikarus Virus.Win32.Cryptor 20151026
Jiangmin TrojanSpy.Zbot.fswi 20151025
K7AntiVirus Spyware ( 0029a43a1 ) 20151026
K7GW Spyware ( 0029a43a1 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Backdoor.Agent.RV 20151026
McAfee PWSZbot-FMT!0C5DF80B23B7 20151026
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20151026
Microsoft PWS:Win32/Zbot 20151026
eScan Trojan.GenericKDZ.24222 20151026
NANO-Antivirus Trojan.Win32.Zbot.cqwtbh 20151026
nProtect Trojan-Spy/W32.ZBot.280781 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 Win32/Trojan.Spy.6ef 20151026
Sophos Troj/Zbot-HCX 20151026
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20151026
Symantec Trojan.Zbot 20151026
VBA32 SScope.Worm.Ngrbot.2414 20151026
VIPRE Trojan.Win32.Generic!BT 20151026
Zillya Trojan.Zbot.Win32.144725 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151026
ClamAV 20151026
CMC 20151026
Rising 20151026
Tencent 20151026
TheHacker 20151026
TotalDefense 20151026
TrendMicro 20151026
TrendMicro-HouseCall 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Announced 2004-2013

Publisher Screen castle introduced - www.Announced.com
Product Announced
File version 6.0.0.5
Description Tribe stretch affect Don Johnson seldom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-06 01:48:42
Entry Point 0x00008581
Number of sections 4
PE sections
Overlays
MD5 942b97b8925d98055c91e951a87e963c
File type data
Offset 279552
Size 1229
Entropy 7.79
PE imports
CloseMetaFile
ColorCorrectPalette
CombineRgn
CreateDCW
SetThreadLocale
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetCommandLineA
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetProcessHeaps
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WriteProfileSectionW
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
GetExitCodeProcess
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
GetStringTypeExA
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
GetSubMenu
DlgDirSelectComboBoxExA
CheckMenuItem
LookupIconIdFromDirectory
RegisterHotKey
SendDlgItemMessageW
DdeCreateStringHandleW
SetProcessWindowStation
CharPrevW
GetWindowContextHelpId
GetKeyState
SetWindowsHookA
SetCursor
UnlockUrlCacheEntryStream
InternetLockRequestFile
InternetConnectW
GopherGetLocatorTypeW
InternetSetOptionW
InternetSetOptionExA
FtpSetCurrentDirectoryW
GetSoftwareUpdateInfo
URLOpenBlockingStreamW
HlinkGoForward
Number of PE resources by type
JPEG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SAAMI ARABIC MOROCCO 2
PE resources
ExifTool file metadata
LegalTrademarks
Announced

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Tribe stretch affect Don Johnson seldom

CharacterSet
Windows, Latin1

InitializedDataSize
219136

FileOS
Windows 16-bit

EntryPoint
0x8581

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Announced 2004-2013

FileVersion
6.0.0.5

TimeStamp
2013:12:06 02:48:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bee.exe

ProductVersion
3.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Bee.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Screen castle introduced - www.Announced.com

CodeSize
59392

ProductName
Announced

ProductVersionNumber
7.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0c5df80b23b7712bc39655d79549b0b4
SHA1 c7e63be60d07d91c6b22870d6005dd41014bf35c
SHA256 04c6874afa555cbfb451dba77aa7924270a041d0351209fe586ca4f853da97d6
ssdeep
3072:hn8WR/hfAaA0UXKHYxaYOY0+y/jxXUmcSi1prQsaOWIAEV5vBNQF3TVtXyAt0032:h5R/dCXwYMV8Usa3ILvBNy3TjtJ32

authentihash 6f8c988b4bea63f6d433f154395009d30aa2d2ebb7aeb4e7b77433b29aa4dfca
imphash 43b383dd57cb3b9252a7c76a66045f90
File size 274.2 KB ( 280781 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-12-06 09:45:06 UTC ( 3 years, 6 months ago )
Last submission 2013-12-14 11:31:41 UTC ( 3 years, 6 months ago )
File names COPY_OF_THE_COMPLAINT.DOC.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!