× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0dcf6740e5769b50317179e4d9b8f8aef0317c50c4f662a90c62cce27ae29e25
File name: 2222ceac2019f19c7d6d7ca7fd8f3aaf
Detection ratio: 34 / 57
Analysis date: 2015-01-16 18:11:14 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.122260 20150116
ALYac Gen:Variant.Zusy.122260 20150116
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150116
Avast Win32:Crypt-RQS [Trj] 20150116
AVG Crypt3.BQVR 20150116
Avira (no cloud) TR/Crypt.ZPACK.119738 20150116
AVware Trojan.Win32.Generic!BT 20150116
BitDefender Gen:Variant.Zusy.122260 20150116
Bkav HW32.Packed.2D59 20150116
Cyren W32/Trojan.NRQO-4234 20150116
Emsisoft Gen:Variant.Zusy.122260 (B) 20150116
ESET-NOD32 a variant of Win32/Kryptik.CUXK 20150116
F-Secure Gen:Variant.Zusy.122260 20150116
Fortinet W32/Zbot.CUXK!tr 20150116
GData Gen:Variant.Zusy.122260 20150116
Ikarus Trojan-Spy.Zbot 20150116
K7AntiVirus Riskware ( 0040eff71 ) 20150116
K7GW DoS-Trojan ( 2007718d1 ) 20150116
Kaspersky Trojan-Spy.Win32.Zbot.uuur 20150116
Malwarebytes Trojan.Agent.ED 20150116
McAfee Gamarue-FAS!2222CEAC2019 20150116
McAfee-GW-Edition BehavesLike.Win32.Fednu.dc 20150116
Microsoft PWS:Win32/Zbot.gen!VM 20150116
eScan Gen:Variant.Zusy.122260 20150116
NANO-Antivirus Trojan.Win32.Zbot.dmgnmj 20150116
Panda Trj/CI.A 20150116
Qihoo-360 Win32/Trojan.c9d 20150116
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150114
Sophos AV Mal/Generic-S 20150116
Symantec WS.Reputation.1 20150116
TotalDefense Win32/Zbot.ZSJHafB 20150116
TrendMicro TROJ_GEN.R028C0DAA15 20150116
TrendMicro-HouseCall TROJ_GEN.R028C0DAA15 20150116
VIPRE Trojan.Win32.Generic!BT 20150116
AegisLab 20150116
Yandex 20150115
AhnLab-V3 20150116
Alibaba 20150116
Baidu-International 20150116
ByteHero 20150116
CAT-QuickHeal 20150116
ClamAV 20150116
CMC 20150116
Comodo 20150116
DrWeb 20150116
F-Prot 20150116
Jiangmin 20150115
Kingsoft 20150116
Norman 20150116
nProtect 20150116
SUPERAntiSpyware 20150116
Tencent 20150116
TheHacker 20150115
VBA32 20150116
ViRobot 20150116
Zillya 20150116
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-08 09:40:51
Entry Point 0x0001F60E
Number of sections 4
PE sections
PE imports
OpenProcessToken
capCreateCaptureWindowW
LineTo
SetBkMode
MoveToEx
GetStockObject
TextOutA
SelectObject
SetBkColor
SetTextColor
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
FreeEnvironmentStringsA
HeapSetInformation
GetCurrentProcess
GetEnvironmentStrings
DecodePointer
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
WNetConnectionDialog
acmMetrics
acmFormatEnumA
acmDriverOpen
acmDriverClose
StrDupA
ReleaseDC
GetSystemMetrics
SetTimer
EnumDesktopsA
DlgDirListA
DrawTextA
EndPaint
BeginPaint
MessageBoxA
KillTimer
DestroyMenu
PostQuitMessage
GetDC
InvalidateRect
OpenThemeData
CloseThemeData
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 3
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:08 10:40:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
236544

LinkerVersion
10.0

FileAccessDate
2015:01:16 19:15:00+01:00

EntryPoint
0x1f60e

InitializedDataSize
33280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2015:01:16 19:15:00+01:00

UninitializedDataSize
0

File identification
MD5 2222ceac2019f19c7d6d7ca7fd8f3aaf
SHA1 a6bbb1575369864b44444ce964e7a6f108907f79
SHA256 0dcf6740e5769b50317179e4d9b8f8aef0317c50c4f662a90c62cce27ae29e25
ssdeep
3072:X5LTd+cWHE4p6kepOhvUx4DzYWqcoLFaZVrwDaQHZgjYL/6u3xI9PyEiMvH5t:pLTgcWxFQKvUatVoLFaZdCKk6gNEBD

authentihash 8485fd7b769c720c72d00410021e01ae970ee88148491362c21980f130c2616e
imphash 14f8077019bda44015aaf887231a83d6
File size 264.5 KB ( 270852 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-16 18:11:14 UTC ( 4 years, 2 months ago )
Last submission 2015-01-16 18:11:14 UTC ( 4 years, 2 months ago )
File names 2222ceac2019f19c7d6d7ca7fd8f3aaf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.