× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d263b92fe3cd547dfe4389110a2e8f2ebd0f51d89b621aac05cb05fb7fe9a0d
File name: MFB TextExpress
Detection ratio: 49 / 56
Analysis date: 2015-07-27 18:41:48 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDV.1370521 20150727
Yandex TrojanSpy.Zbot!s83Sd3ElDiA 20150727
AhnLab-V3 Trojan/Win32.Foreign 20150727
ALYac Trojan.GenericKDV.1370521 20150727
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150727
Arcabit Trojan.GenericV.D14E999 20150727
Avast Win32:Malware-gen 20150727
AVG Zbot.DBV 20150727
Avira (no cloud) TR/Crypt.ZPACK.33796 20150727
AVware Trojan.Win32.Generic!SB.0 20150727
Baidu-International Trojan.Win32.Zbot.qnnp 20150727
BitDefender Trojan.GenericKDV.1370521 20150727
CAT-QuickHeal TrojanSpy.Zbot.Y 20150727
Comodo UnclassifiedMalware 20150727
Cyren W32/Trojan.HQCT-6499 20150727
DrWeb Trojan.PWS.Panda.2401 20150727
Emsisoft Trojan.GenericKDV.1370521 (B) 20150727
ESET-NOD32 Win32/Spy.Zbot.AAO 20150727
F-Prot W32/Trojan2.OCHT 20150727
F-Secure Trojan.GenericKDV.1370521 20150727
Fortinet W32/Zbot.AAO!tr.spy 20150727
GData Trojan.GenericKDV.1370521 20150727
Ikarus Virus.Win32.Zbot 20150727
Jiangmin TrojanSpy.Zbot.fnsd 20150726
K7AntiVirus Spyware ( 0029a43a1 ) 20150727
K7GW Spyware ( 0029a43a1 ) 20150727
Kaspersky Trojan-Spy.Win32.Zbot.qnnp 20150727
Kingsoft Win32.Troj.Zbot.qn.(kcloud) 20150727
Malwarebytes Trojan.Ransom.URY 20150727
McAfee Generic.dx!1448E9494F3E 20150727
McAfee-GW-Edition Generic.dx!1448E9494F3E 20150727
Microsoft Trojan:Win32/Bulta!rfn 20150727
eScan Trojan.GenericKDV.1370521 20150727
NANO-Antivirus Trojan.Win32.Zbot.cyjstm 20150727
nProtect Trojan.GenericKDV.1370521 20150727
Panda Trj/WLT.A 20150727
Qihoo-360 Win32/Trojan.7a9 20150727
Rising PE:Trojan.Win32.Generic.16062D9F!369503647 20150722
Sophos Mal/Generic-L 20150727
SUPERAntiSpyware Trojan.Agent/Gen-Spy 20150727
Symantec Trojan.Zbot 20150727
Tencent Win32.Trojan-spy.Zbot.Dvzs 20150727
TotalDefense Win32/Zbot.HTS 20150727
TrendMicro TROJ_FORUCON.BMC 20150727
TrendMicro-HouseCall TSPY_ZBOT.SMN9 20150727
VBA32 TrojanSpy.Zbot 20150727
VIPRE Trojan.Win32.Generic!SB.0 20150727
Zillya Trojan.Zbot.Win32.180750 20150727
Zoner Trojan.Zbot.AAO 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
TheHacker 20150727
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009-2013 - DevSolSmart Software

Publisher DevSolSmart Software
Product MFB Environment Viewer
Original name mfbtextenvview
Internal name MFB TextExpress
File version 1.2.1.1
Description MFB Environment Viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-26 19:46:08
Entry Point 0x000034F5
Number of sections 4
PE sections
PE imports
ChooseColorA
CreateSolidBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
LoadResource
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetHandleCount
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
LeaveCriticalSection
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetStdHandle
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
ExitProcess
WriteConsoleW
InterlockedIncrement
glVertex2f
glClear
glColor3f
glClearColor
glDisable
glViewport
glMatrixMode
glEnd
glOrtho
glBegin
glLoadIdentity
CreatePopupMenu
GetParent
GetMenu
UpdateWindow
GetMenuItemCount
GetScrollPos
SetDlgItemInt
GetDlgItem
EnableWindow
SetDlgItemTextW
SendDlgItemMessageW
EnumWindowStationsW
InsertMenuItemA
GetAncestor
LoadMenuW
SetScrollInfo
InvalidateRect
CoInitialize
PE exports
Number of PE resources by type
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
GREEK DEFAULT 5
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
9.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.1.1

UninitializedDataSize
0

LanguageCode
Greek

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
258048

EntryPoint
0x34f5

OriginalFileName
mfbtextenvview

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2013 - DevSolSmart Software

FileVersion
1.2.1.1

TimeStamp
2013:10:26 20:46:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MFB TextExpress

ProductVersion
1.2.1.1

FileDescription
MFB Environment Viewer

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DevSolSmart Software

CodeSize
88064

ProductName
MFB Environment Viewer

ProductVersionNumber
1.2.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1448e9494f3eb50370db4b562f307c3e
SHA1 ecf5fd81b844b79e9ca1e0cb7889fffc288453a9
SHA256 0d263b92fe3cd547dfe4389110a2e8f2ebd0f51d89b621aac05cb05fb7fe9a0d
ssdeep
6144:ip0GMVZhrQFpChptu9B1vbAn9UbbGYyw4gu7JP8wtNxoqbdefRuhaZCNzn:ip0LVDrQFgtu97v09rJw4176wtNPbva2

authentihash 15ccfce88935148de9a9da1af7c4d1a77f103aa767b126d5e71353e0c1e12682
imphash 890e5f056174c06bd80a8f2eff8e3038
File size 339.0 KB ( 347136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-30 23:20:01 UTC ( 3 years, 7 months ago )
Last submission 2015-06-12 11:51:28 UTC ( 2 years ago )
File names 007669255
mfbtextenvview
MFB TextExpress
vt-upload-5s7O7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections