× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08a9aa47f219b36b0a6fbf4c05fa38204bdfccaa37501ad4d34675e899912df4
File name: vt-upload-9BCdI
Detection ratio: 30 / 53
Analysis date: 2014-07-18 15:35:06 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.97473 20140718
Yandex TrojanSpy.Zbot!4N4cnP4KhSo 20140718
AntiVir TR/Spy.ZBot.abv.7 20140718
Antiy-AVL Trojan/Win32.SGeneric 20140718
Avast Win32:Malware-gen 20140718
AVG Zbot.KXZ 20140718
BitDefender Gen:Variant.Zusy.97473 20140718
DrWeb Trojan.Siggen6.19738 20140718
Emsisoft Gen:Variant.Zusy.97473 (B) 20140718
ESET-NOD32 Win32/Spy.Zbot.ABV 20140718
F-Secure Gen:Variant.Zusy.97473 20140718
Fortinet W32/Zbot.ABV!tr.spy 20140718
GData Gen:Variant.Zusy.97473 20140718
Ikarus Trojan-Spy.Win32.Zbot 20140718
Kaspersky Trojan-Spy.Win32.Zbot.tjmc 20140718
Malwarebytes Spyware.Zbot.VXGen 20140718
McAfee Artemis!712D29A207E8 20140718
McAfee-GW-Edition Artemis!712D29A207E8 20140718
Microsoft PWS:Win32/Zbot 20140718
eScan Gen:Variant.Zusy.97473 20140718
NANO-Antivirus Trojan.Win32.Zbot.dbtpsa 20140718
Panda Trj/CI.A 20140718
Qihoo-360 Win32/Trojan.Spy.ce3 20140718
Rising PE:Trojan.Win32.Generic.16E8DDA0!384359840 20140718
Sophos AV Mal/Generic-S 20140718
Symantec WS.Reputation.1 20140718
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140718
TrendMicro TROJ_GEN.R0CBC0DFU14 20140718
TrendMicro-HouseCall TROJ_GEN.R0CBC0DFU14 20140718
VIPRE Trojan.Win32.Generic!BT 20140718
AegisLab 20140718
AhnLab-V3 20140718
Baidu-International 20140718
Bkav 20140718
ByteHero 20140718
CAT-QuickHeal 20140718
ClamAV 20140718
CMC 20140717
Commtouch 20140718
Comodo 20140718
F-Prot 20140718
Jiangmin 20140718
K7AntiVirus 20140718
K7GW 20140718
Kingsoft 20140718
Norman 20140718
nProtect 20140718
SUPERAntiSpyware 20140718
TheHacker 20140718
TotalDefense 20140718
VBA32 20140717
ViRobot 20140718
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MetaQuotes Software Corp. All rights reserved.

Publisher MetaQuotes Software Corp.
Product trade tool wizard
Original name Trade Tools Converter
Internal name Trade Library Converter Wizard
File version 1.0.6.2
Description Trade Tools Converter
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-25 19:33:50
Entry Point 0x00004C63
Number of sections 4
PE sections
PE imports
GetUserNameW
ImageList_LoadImageA
ImageList_EndDrag
GetDeviceCaps
SelectPalette
GetDIBColorTable
SetROP2
SetMapMode
DeleteDC
EnumFontFamiliesA
CreateHalftonePalette
BitBlt
CreatePalette
GetStockObject
SetWindowExtEx
SelectObject
GetObjectW
SetBkMode
TextOutA
CreateCompatibleDC
DeleteObject
RealizePalette
SetTextColor
GetObjectA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetProcessTimes
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
lstrlenW
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
IsBadReadPtr
SetStdHandle
RaiseException
CreateSemaphoreA
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetThreadTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetCurrentThread
HeapAlloc
GetSystemTimeAdjustment
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
NetUserGetInfo
NetApiBufferFree
wglDeleteContext
wglMakeCurrent
PathFindExtensionW
MapWindowPoints
RedrawWindow
GetCursorInfo
DefWindowProcW
ShowWindow
CharLowerA
IsWindow
GetWindowRect
EnableWindow
UpdateWindow
IsRectEmpty
GetDlgItemTextA
MessageBoxA
SetWindowLongA
GetDlgItemInt
GetDC
EndDeferWindowPos
ReleaseDC
GetDlgCtrlID
ShowCaret
SendMessageW
GetKeyNameTextA
BeginDeferWindowPos
SendMessageA
GetClientRect
GetDlgItem
MessageBoxW
GetWindowLongA
LoadCursorA
FillRect
ShowCursor
ValidateRect
LoadCursorW
GetUpdateRect
GetWindowInfo
SetCursor
Number of PE resources by type
RT_MANIFEST 1
RT_MENU 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.6.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
37888

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
MetaQuotes Software Corp. All rights reserved.

FileVersion
1.0.6.2

TimeStamp
2014:06:25 20:33:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Trade Library Converter Wizard

FileAccessDate
2014:07:18 16:25:37+01:00

ProductVersion
1.0.6.2

FileDescription
Trade Tools Converter

OSVersion
5.1

FileCreateDate
2014:07:18 16:25:37+01:00

OriginalFilename
Trade Tools Converter

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MetaQuotes Software Corp.

CodeSize
203776

ProductName
trade tool wizard

ProductVersionNumber
1.0.6.2

EntryPoint
0x4c63

ObjectFileType
Executable application

File identification
MD5 712d29a207e8594c448a904e90142b1b
SHA1 e4f48d155cb053bd5be53863ae2c65ffa4cdd75a
SHA256 08a9aa47f219b36b0a6fbf4c05fa38204bdfccaa37501ad4d34675e899912df4
ssdeep
6144:hYqn2pcHGGdJ5H3vszxcL4RS2FfRqwbD8E80CotkL:h3fXdJ5H3vUxcLH2jqOQ10Dt4

imphash 91ec513378e858dabd22620ce322797c
File size 237.0 KB ( 242688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-18 15:35:06 UTC ( 4 years, 8 months ago )
Last submission 2014-07-25 19:48:06 UTC ( 4 years, 8 months ago )
File names Trade Tools Converter
712d29a207e8594c448a904e90142b1b
vt-upload-9BCdI
Trade Library Converter Wizard
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests