× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0bcb9d606151328b9d8f729d5247615e3865025f3fc5689d165257c2e196d718
File name: Bodo
Detection ratio: 43 / 55
Analysis date: 2015-11-25 12:38:53 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.394595 20151125
Yandex TrojanSpy.Zbot!EoJ3b4zqU48 20151125
AhnLab-V3 Trojan/Win32.Crilock 20151125
ALYac Gen:Variant.Kazy.394595 20151125
Arcabit Trojan.Kazy.D60563 20151125
Avast Win32:Agent-ATVN [Trj] 20151125
AVG Zbot.KAF 20151125
Avira (no cloud) TR/Crypt.ZPACK.71702 20151125
AVware Trojan.Win32.Generic!BT 20151125
Baidu-International Trojan.Win32.Zbot.AAO 20151125
BitDefender Gen:Variant.Kazy.394595 20151125
Bkav HW32.Packed.E4C8 20151125
CAT-QuickHeal TrojanSpy.Zbot.r5 20151125
Comodo UnclassifiedMalware 20151125
DrWeb Trojan.PWS.Panda.2977 20151125
Emsisoft Gen:Variant.Kazy.394595 (B) 20151125
ESET-NOD32 Win32/Spy.Zbot.AAO 20151125
F-Secure Gen:Variant.Kazy.394595 20151125
Fortinet W32/Zbot.AAU!tr 20151125
GData Gen:Variant.Kazy.394595 20151125
Ikarus Trojan-Spy.Win32.Zbot 20151125
Jiangmin TrojanSpy.Zbot.hfsw 20151125
K7AntiVirus Trojan ( 0040f8c71 ) 20151125
K7GW Trojan ( 0040f8c71 ) 20151125
Kaspersky HEUR:Trojan.Win32.Generic 20151125
Malwarebytes Spyware.Zbot.VXGen 20151125
McAfee RDN/Spybot.bfr!l 20151125
McAfee-GW-Edition RDN/Spybot.bfr!l 20151125
Microsoft PWS:Win32/Zbot!CI 20151125
eScan Gen:Variant.Kazy.394595 20151125
NANO-Antivirus Trojan.Win32.Zbot.daxrmg 20151125
nProtect Trojan-Spy/W32.ZBot.228352.AJ 20151125
Panda Trj/Dtcontx.M 20151125
Qihoo-360 Win32/Trojan.d33 20151125
Sophos Mal/Ransom-CV 20151125
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20151125
Symantec Trojan.Gen 20151125
TotalDefense Win32/Zbot.LSBYfXB 20151125
TrendMicro TROJ_SPNR.0BFJ14 20151125
TrendMicro-HouseCall TROJ_SPNR.0BFJ14 20151125
VBA32 Malware-Cryptor.Limpopo 20151125
VIPRE Trojan.Win32.Generic!BT 20151125
Zillya Trojan.Zbot.Win32.158740 20151123
AegisLab 20151125
Alibaba 20151125
ByteHero 20151125
ClamAV 20151125
CMC 20151124
Cyren 20151125
F-Prot 20151125
Rising 20151124
Tencent 20151202
TheHacker 20151125
ViRobot 20151125
Zoner 20151125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 2000

Product Gydi
Original name Hoagsbg.exe
Internal name Bodo
File version 8, 6, 5
Description Ted Agikas Datufa
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-18 14:23:39
Entry Point 0x0001F93A
Number of sections 5
PE sections
PE imports
GetModuleFileNameA
AssignProcessToJobObject
GetCurrentProcessId
IsCharAlphaNumericW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:05:18 15:23:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
7.1

EntryPoint
0x1f93a

InitializedDataSize
462848

SubsystemVersion
4.0

ImageVersion
9.4

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8dc7b3cf18defe40b89a4d24dbdab736
SHA1 3fefb4e82dd5edc8f195d00d2c1cdf63b9a98d08
SHA256 0bcb9d606151328b9d8f729d5247615e3865025f3fc5689d165257c2e196d718
ssdeep
6144:GFA/lVpl4TGkOsr6LSh+4bpy+GjcnHKSN:l/lLlhlidbQ7sxN

authentihash 1562ca7b34bdf9291fdff582fd31ff5959de21ce27c7b08e13888e6169cb89b1
imphash e6e08fb17e2dcda7799c1f165603af28
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-13 05:16:03 UTC ( 2 years, 10 months ago )
Last submission 2014-06-13 05:16:03 UTC ( 2 years, 10 months ago )
File names vt-upload-fIiZj
Hoagsbg.exe
Bodo
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.