× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 051de5e933e3bf688254319e1a20628fd517a8c1cf0f1f0e7211ef091f4d9b12
File name: b.exe
Detection ratio: 43 / 54
Analysis date: 2014-06-24 23:59:38 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.6550 20140624
Yandex TrojanSpy.Zbot!qeovLy40CCo 20140624
AhnLab-V3 Trojan/Win32.Diple 20140624
AntiVir TR/ATRAPS.Gen 20140625
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140624
Avast Sf:Zbot-CX [Trj] 20140625
AVG Zbot.JUT 20140624
Baidu-International Trojan.Win32.Zbot.bYW 20140624
BitDefender Gen:Variant.Kazy.6550 20140625
CAT-QuickHeal TrojanSpy.Zbot.r4 20140624
Commtouch W32/Trojan.CFNP-8143 20140625
Comodo UnclassifiedMalware 20140624
DrWeb Trojan.Siggen6.19347 20140625
Emsisoft Gen:Variant.Kazy.6550 (B) 20140625
ESET-NOD32 Win32/Spy.Zbot.YW 20140624
F-Secure Gen:Variant.Kazy.6550 20140624
Fortinet W32/Zbot.TEYB!tr 20140624
GData Gen:Variant.Kazy.6550 20140625
Ikarus Trojan-Spy.Win32.Zbot 20140624
K7AntiVirus Spyware ( 00009b291 ) 20140624
K7GW Trojan ( 050000001 ) 20140624
Kingsoft Win32.Troj.Zbot.te.(kcloud) 20140625
Malwarebytes Trojan.SelfDel 20140625
McAfee RDN/Generic PWS.y!zw 20140625
McAfee-GW-Edition RDN/Generic PWS.y!zw 20140624
Microsoft PWS:Win32/Zbot.gen!Y 20140624
eScan Gen:Variant.Kazy.6550 20140624
NANO-Antivirus Trojan.Win32.ATRAPS.daokuq 20140624
Norman ZBot.TSFA 20140624
nProtect Trojan-Spy/W32.ZBot.141824.FA 20140624
Panda Generic Malware 20140624
Qihoo-360 Win32/Trojan.6ab 20140625
Sophos AV Mal/Generic-S 20140625
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140624
Symantec Trojan.ADH 20140625
Tencent Win32.Trojan-spy.Zbot.Egog 20140625
TotalDefense Win32/Zbot.BaHXDFC 20140624
TrendMicro Cryp_Xin1 20140624
TrendMicro-HouseCall Suspicious_GEN.F47V0612 20140625
VBA32 BScope.Trojan-Spy.Zbot 20140624
VIPRE Trojan.Win32.Generic!BT 20140624
ViRobot Trojan.Win32.S.Zbot.141824.FZ 20140624
Zillya Trojan.Zbot.Win32.157477 20140624
AegisLab 20140624
Bkav 20140624
ByteHero 20140625
ClamAV 20140624
CMC 20140624
F-Prot 20140625
Jiangmin 20140624
Kaspersky 20140624
Rising 20140623
TheHacker 20140624
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-03 21:41:13
Entry Point 0x0001537D
Number of sections 4
PE sections
Overlays
MD5 ef2a78f80476e949da92f4a02e70ce68
File type data
Offset 141312
Size 512
Entropy 7.60
PE imports
GetModuleHandleA
HeapCreate
InterlockedExchange
InterlockedDecrement
GetProcAddress
InterlockedIncrement
LoadLibraryA
GetProcessHeap
CharLowerW
ExifTool file metadata
FileAccessDate
2014:12:13 16:39:46+01:00

FileCreateDate
2014:12:13 16:39:46+01:00

Compressed bundles
File identification
MD5 f9da502e4780be34b9ec0fcc359926f2
SHA1 4da2e689fb1cae3d6f0ee221cb1b481781518305
SHA256 051de5e933e3bf688254319e1a20628fd517a8c1cf0f1f0e7211ef091f4d9b12
ssdeep
3072:UdqqJn0ACYv1cl6Uj+WJM2ul+Syiazdhrs1MavbRNOCyc4I:Ur0/YNcl6UJJqRyzDrs1MavbvO7cX

authentihash 2fb602832102735de8377dfae1af7d2e321b626622d78acdba2ace97738d1314
imphash 35c37509f6948f3c1dc36dbf18a89d95
File size 138.5 KB ( 141824 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2014-06-12 19:27:33 UTC ( 4 years, 9 months ago )
Last submission 2016-06-11 22:00:57 UTC ( 2 years, 9 months ago )
File names b.exe-g7HcFy
12212112211221.exe
isheriff_f9da502e4780be34b9ec0fcc359926f2.bin
file-7121363_
b
f9da502e4780be34b9ec0fcc359926f2
b.exe
vti-rescan
Trojan.Siggen6.19347.exe
6D1yiN.dotx
b (3).exe
13.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections