× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05bab90fc847a7383bd8fe570dabf0957f1b500a93bbcdaed9215bac72425416
File name: 20b475f2c8ce958e6de9f180891e2c3c
Detection ratio: 9 / 53
Analysis date: 2014-07-11 15:48:16 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
AVG Zbot.LLS 20140711
CMC Trojan.Win32.Krap.2!O 20140711
ESET-NOD32 Win32/Spy.Zbot.ABV 20140711
Kaspersky Trojan-Spy.Win32.Zbot.tmli 20140711
Malwarebytes Spyware.Zbot.VXGen 20140711
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140711
Sophos AV Mal/Ransom-CV 20140711
Symantec Suspicious.Cloud.5 20140711
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140711
Ad-Aware 20140711
AegisLab 20140711
Yandex 20140711
AhnLab-V3 20140711
AntiVir 20140711
Antiy-AVL 20140711
Avast 20140711
Baidu-International 20140711
BitDefender 20140711
ByteHero 20140711
CAT-QuickHeal 20140711
ClamAV 20140711
Commtouch 20140711
Comodo 20140711
DrWeb 20140711
Emsisoft 20140711
F-Prot 20140711
F-Secure 20140711
Fortinet 20140711
GData 20140711
Ikarus 20140711
Jiangmin 20140711
K7AntiVirus 20140711
K7GW 20140711
Kingsoft 20140711
McAfee 20140711
McAfee-GW-Edition 20140711
Microsoft 20140711
eScan 20140711
NANO-Antivirus 20140711
Norman 20140711
nProtect 20140711
Panda 20140711
Qihoo-360 20140711
SUPERAntiSpyware 20140711
TheHacker 20140711
TotalDefense 20140711
TrendMicro 20140711
TrendMicro-HouseCall 20140711
VBA32 20140710
VIPRE 20140711
ViRobot 20140711
Zillya 20140710
Zoner 20140711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-25 13:45:34
Entry Point 0x000219C2
Number of sections 4
PE sections
PE imports
GetTextMetricsW
GetGlyphOutlineW
GetPaletteEntries
RemoveFontMemResourceEx
TranslateCharsetInfo
EnumFontFamiliesExA
DeleteDC
GetTextExtentPointA
GetWorldTransform
PtInRegion
GdiPlayEMF
GdiComment
EndFormPage
CreateDIBPatternBrushPt
SelectClipPath
GdiResetDCEMF
GetAspectRatioFilterEx
RoundRect
CreateDIBSection
GetFontUnicodeRanges
CloseFigure
CreateSolidBrush
GetKerningPairsA
CombineTransform
ExtCreatePen
CopyMetaFileA
Ellipse
DeleteMetaFile
CheckColorsInGamut
CallNamedPipeW
DosDateTimeToFileTime
LCMapStringW
CreateJobObjectW
WritePrivateProfileSectionW
TlsAlloc
SetThreadPriorityBoost
lstrcmpiW
GetFileAttributesW
GetPriorityClass
FileTimeToLocalFileTime
LocalAlloc
SetVolumeMountPointA
EnumTimeFormatsA
MapViewOfFile
DeleteFileW
GetSystemPowerStatus
GetCommModemStatus
SetCalendarInfoA
SetEnvironmentVariableW
GetStringTypeA
DeleteVolumeMountPointW
WritePrivateProfileStructA
GetDiskFreeSpaceW
_hwrite
FindResourceExW
FindNextVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GetCompressedFileSizeA
GetLongPathNameW
ResetWriteWatch
SetProcessShutdownParameters
IMPGetIMEW
Number of PE resources by type
RT_MESSAGETABLE 5
RT_RCDATA 3
RT_STRING 2
Struct(13) 1
RT_FONT 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 11
ENGLISH AUS 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:02:25 14:45:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
142848

LinkerVersion
6.0

EntryPoint
0x219c2

InitializedDataSize
52224

SubsystemVersion
4.0

ImageVersion
10.1

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 20b475f2c8ce958e6de9f180891e2c3c
SHA1 c2e13748223854bf19a1a765c2f5d3bd85b274a0
SHA256 05bab90fc847a7383bd8fe570dabf0957f1b500a93bbcdaed9215bac72425416
ssdeep
3072:1CE7Zf6JTiq8RWO7CZUJrlLvCtf/3G0R0xPFITmGm8d76rsRJ2BLsx:1HKTQsjZwlzInGK0IrGsr2Js

authentihash 7114123383a87b4066741db891b5f392f792a0256a2c43c14921e45389209e74
imphash 50a349d6c18303788cf5fdcd1a6335f9
File size 191.5 KB ( 196096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-11 15:48:16 UTC ( 4 years, 8 months ago )
Last submission 2014-07-11 15:48:16 UTC ( 4 years, 8 months ago )
File names 20b475f2c8ce958e6de9f180891e2c3c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.