× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07b935200d2dccb8f315008c4364e3ecbee10497069c652aaf3245f20ff7777e
File name: 204adcc32ec3cd544d19b031d780a1c5
Detection ratio: 32 / 56
Analysis date: 2015-02-07 02:51:37 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.12644742 20150207
ALYac Trojan.Generic.12644742 20150207
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150206
Avast Win32:Malware-gen 20150206
AVG Zbot.XPW 20150207
Avira (no cloud) TR/Crypt.ZPACK.122171 20150207
AVware Trojan.Win32.Generic!BT 20150207
Baidu-International Trojan.Win32.Zbot.aQs 20150206
BitDefender Trojan.Generic.12644742 20150207
Comodo Backdoor.Win32.Simda.DA 20150207
Cyren W32/Trojan.QXFO-0153 20150207
Emsisoft Trojan.Generic.12644742 (B) 20150207
ESET-NOD32 Win32/Spy.Zbot.ACB 20150207
F-Secure Trojan.Generic.12644742 20150207
Fortinet W32/Zbot.ACB!tr.spy 20150207
GData Trojan.Generic.12644742 20150207
Ikarus Trojan-Spy.Agent 20150206
Kaspersky Trojan-Spy.Win32.Zbot.uwcc 20150207
McAfee Packed-APIXOR!204ADCC32EC3 20150207
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20150206
Microsoft Trojan:Win32/Dynamer!ac 20150207
eScan Trojan.Generic.12644742 20150207
NANO-Antivirus Trojan.Win32.Zbot.dmpton 20150207
Norman Simda.TLT 20150206
nProtect Trojan.Generic.12644742 20150206
Panda Trj/Genetic.gen 20150206
Qihoo-360 Win32/Trojan.45c 20150207
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150206
Sophos AV Mal/Generic-S 20150207
TrendMicro TROJ_GEN.R021C0FB615 20150207
TrendMicro-HouseCall TROJ_GEN.R021C0FB615 20150207
VIPRE Trojan.Win32.Generic!BT 20150207
AegisLab 20150207
Yandex 20150206
AhnLab-V3 20150206
Alibaba 20150206
Bkav 20150206
ByteHero 20150207
CAT-QuickHeal 20150205
ClamAV 20150206
CMC 20150205
DrWeb 20150207
F-Prot 20150207
K7AntiVirus 20150206
K7GW 20150207
Kingsoft 20150207
Malwarebytes 20150207
SUPERAntiSpyware 20150207
Symantec 20150207
Tencent 20150207
TheHacker 20150206
TotalDefense 20150206
VBA32 20150206
ViRobot 20150206
Zillya 20150206
Zoner 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-19 19:58:02
Entry Point 0x00001180
Number of sections 5
PE sections
PE imports
SetEntriesInAclW
RegOpenKeyA
RegCloseKey
IsValidSid
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
AllocateAndInitializeSid
RegCreateKeyExA
GetSecurityInfo
SetSecurityInfo
GetMetaFileBitsEx
GetBkColor
CreatePalette
GetStockObject
SetMetaFileBitsEx
CloseMetaFile
GetPaletteEntries
AddFontResourceW
GetObjectW
PlayMetaFile
DeleteObject
DeleteMetaFile
CreateMetaFileW
GetLastError
HeapFree
EnterCriticalSection
ReleaseMutex
VirtualAllocEx
lstrlenA
GetOverlappedResult
GlobalFree
WaitForSingleObject
SetEvent
QueryPerformanceCounter
HeapAlloc
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
LoadLibraryA
lstrlenW
GetLocalTime
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetEnvironmentStrings
LocalAlloc
ProcessIdToSessionId
GetModuleHandleW
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
CancelIo
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
PulseEvent
CreateMutexW
ResetEvent
GetSystemTimeAsFileTime
TerminateProcess
ExitThread
WaitForMultipleObjects
CreateThread
GlobalLock
GetDiskFreeSpaceA
LocalFree
WaitForMultipleObjectsEx
GlobalMemoryStatus
DeviceIoControl
CreateEventW
InitializeCriticalSection
UnmapViewOfFile
OpenEventW
GlobalAlloc
InterlockedDecrement
Sleep
CloseHandle
GetTickCount
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
SetLastError
LeaveCriticalSection
SHFileOperationW
SHFileOperationA
RegisterWindowMessageW
EmptyClipboard
PostQuitMessage
DefWindowProcW
GetClipboardOwner
GetMessageW
GetClipboardData
GetClipboardViewer
SetWindowLongW
GetClipboardFormatNameW
SetClipboardViewer
TranslateMessage
PostMessageW
RegisterClipboardFormatW
DispatchMessageW
ChangeClipboardChain
SendMessageW
RegisterClassW
LoadStringW
LoadIconA
CountClipboardFormats
UnregisterClassW
EnumClipboardFormats
LoadIconW
CreateWindowExW
CloseClipboard
OpenClipboard
DestroyWindow
__p__fmode
malloc
rand
realloc
_wcsnicmp
_cexit
_except_handler3
_c_exit
__p__commode
wcslen
wcscmp
exit
_XcptFilter
wcsrchr
__setusermatherr
wcsncpy
_acmdln
_exit
_adjust_fdiv
free
__getmainargs
wcschr
_initterm
strchr
wcscpy
strrchr
_strnicmp
_controlfp
__set_app_type
OleIsCurrentClipboard
OleSetClipboard
OleInitialize
CoGetMalloc
Number of PE resources by type
RT_BITMAP 11
RT_RCDATA 6
MAD 2
Number of PE resources by language
NEUTRAL 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:19 20:58:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
211968

LinkerVersion
9.0

EntryPoint
0x1180

InitializedDataSize
109568

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 204adcc32ec3cd544d19b031d780a1c5
SHA1 ade1bed690c614f9bb071324569dac978f3ba85c
SHA256 07b935200d2dccb8f315008c4364e3ecbee10497069c652aaf3245f20ff7777e
ssdeep
6144:jieYbZbkOkjOc7BjuveiY5JBSS0D6q1cbI5jE9Fa:OeYuOSjuvehF876Imna

authentihash 57c03b5543236128f14a3f70b225c92dbedb226139d794a2695486afd8789964
imphash 5ff5db3350224865e635a4c157d7d733
File size 314.5 KB ( 322048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-07 02:51:37 UTC ( 4 years, 3 months ago )
Last submission 2015-02-07 02:51:37 UTC ( 4 years, 3 months ago )
File names 204adcc32ec3cd544d19b031d780a1c5
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.