× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63
File name: bot64.exe
Detection ratio: 5 / 56
Analysis date: 2016-11-08 15:15:12 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:MDE-B [Susp] 20161108
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20161107
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
TrendMicro Cryp_Xin1 20161108
TrendMicro-HouseCall Cryp_Xin1 20161108
Ad-Aware 20161108
AegisLab 20161108
AhnLab-V3 20161108
Alibaba 20161108
ALYac 20161108
Antiy-AVL 20161108
Arcabit 20161108
AVG 20161108
Avira (no cloud) 20161108
AVware 20161108
BitDefender 20161108
Bkav 20161108
CAT-QuickHeal 20161108
ClamAV 20161108
CMC 20161108
Comodo 20161108
Cyren 20161108
DrWeb 20161108
Emsisoft 20161108
ESET-NOD32 20161108
F-Prot 20161108
F-Secure 20161108
Fortinet 20161108
GData 20161108
Ikarus 20161108
Sophos ML 20161018
Jiangmin 20161108
K7AntiVirus 20161108
K7GW 20161108
Kaspersky 20161108
Kingsoft 20161108
Malwarebytes 20161108
McAfee 20161108
McAfee-GW-Edition 20161108
Microsoft 20161108
eScan 20161108
NANO-Antivirus 20161108
nProtect 20161108
Panda 20161108
Qihoo-360 20161108
Rising 20161108
Sophos AV 20161108
SUPERAntiSpyware 20161108
Symantec 20161108
Tencent 20161108
TheHacker 20161106
VBA32 20161108
VIPRE 20161108
ViRobot 20161108
Yandex 20161107
Zillya 20161108
Zoner 20161108
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2016-10-05 10:19:10
Entry Point 0x00015134
Number of sections 4
PE sections
Overlays
MD5 6213297cb246598710d751e7f904e11b
File type ASCII text
Offset 159232
Size 71892
Entropy 0.00
PE imports
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
CryptGetHashParam
SetNamedSecurityInfoW
OpenThreadToken
GetSecurityDescriptorSacl
GetSidSubAuthority
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
CryptAcquireContextW
SetSecurityDescriptorSacl
CryptDestroyHash
CryptCreateHash
CertCloseStore
GetNativeSystemInfo
HeapFree
SystemTimeToFileTime
UnmapViewOfFile
FileTimeToDosDateTime
RemoveDirectoryW
FreeLibrary
HeapDestroy
HeapAlloc
LoadLibraryA
GetCurrentProcess
FileTimeToLocalFileTime
GetModuleHandleW
SetFilePointerEx
GetFileInformationByHandle
WaitForMultipleObjects
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
GetTempPathW
GetVolumeNameForVolumeMountPointW
GetProcAddress
GetTimeZoneInformation
HeapCreate
Sleep
IsBadReadPtr
SetEndOfFile
OutputDebugStringA
SHGetFolderPathW
PathMatchSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsURLW
StrCmpNIA
PathAddExtensionW
PathSkipRootW
UrlUnescapeA
PathCombineW
PathRemoveBackslashW
wsprintfA
MessageBoxA
LoadImageW
CharUpperW
DispatchMessageW
getaddrinfo
WSAEventSelect
recvfrom
freeaddrinfo
getsockname
sendto
getpeername
recv
select
memcpy
CLSIDFromString
CoCreateInstance
CoInitialize
StringFromGUID2
File identification
MD5 d4c5384da41fd391d16eff60abc21405
SHA1 75f47640299fc2b33492c3640128d58ac2dc1463
SHA256 0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63
ssdeep
3072:SaChOaBKqo6hr/Gfso1by929XBVyBRrHpnOK7cUpvxETcjCl:BTQo6hTICgX+5nb71xEOy

authentihash 05767b6a2940045be494094eada8b90c9ad8344089855f6ef9ed7538a2b60c64
imphash 461d52c3279e455328dda2dd24ae6130
File size 225.7 KB ( 231124 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID DOS Executable Borland Pascal 7.0x (28.6%)
Generic Win/DOS Executable (28.2%)
DOS Executable Generic (28.2%)
Music Craft Score (14.1%)
VXD Driver (0.4%)
Tags
mz overlay

VirusTotal metadata
First submission 2016-11-08 15:15:12 UTC ( 2 years, 6 months ago )
Last submission 2016-11-08 15:15:12 UTC ( 2 years, 6 months ago )
File names bot64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!