× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07baafc8dbb573294ea41a06b68cefd54a8e8ec3338fe93e3000812bee9af074
File name: bin
Detection ratio: 40 / 50
Analysis date: 2014-02-24 11:24:52 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1413595 20140224
Yandex TrojanSpy.Zbot!SMKyyumocBw 20140223
AhnLab-V3 Trojan/Win32.Blocker 20140224
AntiVir TR/Spy.ZBot.aao.235 20140224
Antiy-AVL Trojan/Win32.Yakes 20140219
Avast Win32:Injector-BNO [Trj] 20140224
AVG Inject2.HXM 20140223
BitDefender Trojan.GenericKD.1413595 20140224
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140224
Commtouch W32/Trojan.WSJB-7926 20140224
Comodo TrojWare.Win32.Spy.Hesperbot.D 20140224
DrWeb Trojan.PWS.Siggen1.9985 20140224
Emsisoft Trojan.GenericKD.1413595 (B) 20140224
ESET-NOD32 Win32/Spy.Zbot.AAO 20140224
F-Prot W32/Trojan3.GOR 20140224
F-Secure Trojan.GenericKD.1413595 20140223
Fortinet W32/Kryptik.ARZ!tr 20140224
GData Trojan.GenericKD.1413595 20140224
Ikarus Trojan-Spy.Zbot 20140224
Jiangmin Trojan/PornoAsset.yjl 20140224
K7AntiVirus Trojan ( 098754d80 ) 20140221
K7GW Spyware ( 0029a43a1 ) 20140224
Kaspersky HEUR:Trojan.Win32.Generic 20140224
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140224
Malwarebytes Trojan.Ransom.ED 20140224
McAfee BackDoor-FBLZ!0564548CB167 20140224
McAfee-GW-Edition BackDoor-FBLZ!0564548CB167 20140224
Microsoft VirTool:Win32/Injector.gen!CA 20140224
eScan Trojan.GenericKD.1413595 20140224
NANO-Antivirus Trojan.Win32.Zbot.cqinpc 20140223
Norman ZBot.FXKB 20140224
nProtect Trojan.GenericKD.1413595 20140224
Panda Generic Malware 20140224
Qihoo-360 Malware.QVM07.Gen 20140224
Rising PE:Malware.Obscure/Heur!1.9E03 20140223
Sophos Troj/Zbot-GYV 20140224
SUPERAntiSpyware Trojan.Agent/Gen-Blocker 20140223
TotalDefense Win32/CInject.NWRbFdC 20140224
VBA32 TrojanSpy.Zbot 20140224
VIPRE Trojan.Win32.Fareit.if (v) 20140224
Baidu-International 20140224
Bkav 20140224
ByteHero 20140224
ClamAV 20140224
CMC 20140220
Symantec 20140224
TheHacker 20140222
TrendMicro 20140224
TrendMicro-HouseCall 20140224
ViRobot 20140224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-20 13:13:31
Entry Point 0x0000B5AE
Number of sections 4
PE sections
PE imports
RegCreateKeyW
GetTextExtentExPointA
MoveToEx
GetPixel
GetCharWidth32W
GetLastError
CompareStringW
GetCurrentDirectoryW
GetStartupInfoA
GetStringTypeA
GetModuleHandleA
OpenProcess
CopyFileA
GetOEMCP
lstrlenA
HeapDestroy
Sleep
GetLocalTime
FindFirstFileW
FlushFileBuffers
GetCurrentThreadId
GetCurrentProcessId
WinExec
Ord(2023)
Ord(4425)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(1168)
Ord(3136)
Ord(2299)
Ord(693)
Ord(6905)
Ord(6375)
Ord(4224)
Ord(3798)
Ord(2621)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(6215)
Ord(4441)
Ord(795)
Ord(616)
Ord(815)
Ord(922)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(3316)
Ord(5199)
Ord(567)
Ord(1134)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(3640)
Ord(4627)
Ord(6640)
Ord(3738)
Ord(4853)
Ord(6376)
Ord(2982)
Ord(2301)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(6907)
Ord(3574)
Ord(6052)
Ord(4424)
Ord(540)
Ord(6007)
Ord(2395)
Ord(1006)
Ord(2554)
Ord(5658)
Ord(6741)
Ord(1727)
Ord(3370)
Ord(1776)
Ord(2642)
Ord(775)
Ord(4291)
Ord(2379)
Ord(2725)
Ord(5242)
Ord(2578)
Ord(5981)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(3337)
Ord(3314)
Ord(4274)
Ord(755)
Ord(3259)
Ord(4079)
Ord(4078)
Ord(1146)
Ord(3147)
Ord(1911)
Ord(2124)
Ord(535)
Ord(2370)
Ord(4099)
Ord(4398)
Ord(2490)
Ord(3301)
Ord(3262)
Ord(2289)
Ord(6508)
Ord(1576)
Ord(1775)
Ord(4353)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(548)
Ord(3346)
Ord(858)
Ord(2411)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(5192)
Ord(2976)
Ord(4998)
Ord(2367)
Ord(1089)
Ord(503)
Ord(2985)
Ord(2609)
Ord(3922)
Ord(5703)
Ord(5010)
Ord(4837)
Ord(5163)
Ord(2818)
Ord(6123)
Ord(4160)
Ord(4376)
Ord(3286)
Ord(3402)
Ord(3582)
Ord(2582)
Ord(324)
Ord(5265)
Ord(2396)
Ord(3830)
Ord(2385)
Ord(6322)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(1994)
Ord(2055)
Ord(470)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5261)
Ord(2302)
Ord(5699)
Ord(924)
Ord(5708)
Ord(4486)
Ord(4698)
Ord(926)
Ord(1787)
Ord(6055)
Ord(6199)
Ord(1261)
Ord(4673)
Ord(5697)
Ord(5302)
Ord(6121)
Ord(860)
Ord(5731)
Ord(1774)
__p__fmode
malloc
_acmdln
fread
fclose
__dllonexit
_controlfp
fprintf
fopen
_except_handler3
fseek
_mbscmp
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_adjust_fdiv
__CxxFrameHandler
__p__commode
__getmainargs
_initterm
_setmbcp
strstr
_exit
__set_app_type
GetModuleFileNameExA
ToUnicodeEx
GetSystemMetrics
SetTimer
AppendMenuA
IsDialogMessageW
EnableWindow
RegisterHotKey
LockWindowUpdate
FindWindowW
SendMessageA
GetClientRect
GetSystemMenu
DrawIcon
GetDlgItemTextW
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 10
RT_ICON 1
MP4 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 11
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:20 14:13:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
6.0

FileAccessDate
2014:02:24 12:24:46+01:00

EntryPoint
0xb5ae

InitializedDataSize
278528

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:24 12:24:46+01:00

UninitializedDataSize
0

File identification
MD5 0564548cb16769da783d365c3387adf4
SHA1 095771ccde7a1ade3ddeb1af1ba3c48553c3f61d
SHA256 07baafc8dbb573294ea41a06b68cefd54a8e8ec3338fe93e3000812bee9af074
ssdeep
6144:a0lR3XYdmgRAFLEf3jIiUZDmRj3/hrsDpuryhOQkfentpnenn:a0lR3odmzt0jIiIDozhMkKkhnn

imphash 4c9947d9fb2d04f681dfde5404b2cf91
File size 325.0 KB ( 332800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-24 11:24:52 UTC ( 3 years, 4 months ago )
Last submission 2014-02-24 11:24:52 UTC ( 3 years, 4 months ago )
File names bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!