× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e80aa63d9069f8325ed4d66327270a8c063fe94485e5266c0bb2eb117fe2e05
File name: diJPN.exe
Detection ratio: 9 / 43
Analysis date: 2012-09-19 05:49:55 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
BitDefender Trojan.Generic.KD.731993 20120919
Emsisoft Trojan.Win32.Zbot!A2 20120919
F-Secure Trojan.Generic.KD.731993 20120919
GData Trojan.Generic.KD.731993 20120919
Kaspersky Trojan-Spy.Win32.Zbot.exnj 20120919
McAfee PWS-Zbot.gen.amk 20120919
McAfee-GW-Edition PWS-Zbot.gen.amk 20120919
Sophos AV Troj/DwnLdr-KFF 20120919
Symantec Suspicious.Cloud.5 20120919
Yandex 20120918
AhnLab-V3 20120918
AntiVir 20120919
Antiy-AVL 20120911
Avast 20120919
AVG 20120919
ByteHero 20120918
CAT-QuickHeal 20120918
ClamAV 20120918
Commtouch 20120918
Comodo 20120919
DrWeb 20120919
eSafe 20120914
ESET-NOD32 20120918
F-Prot 20120918
Fortinet 20120919
Ikarus 20120919
Jiangmin 20120919
K7AntiVirus 20120918
Kingsoft 20120918
Microsoft 20120919
Norman 20120918
nProtect 20120918
Panda 20120918
PCTools 20120919
Rising 20120919
SUPERAntiSpyware 20120911
TheHacker 20120918
TotalDefense 20120918
TrendMicro 20120919
TrendMicro-HouseCall 20120919
VBA32 20120918
VIPRE 20120919
ViRobot 20120919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-18 16:04:59
Entry Point 0x00001240
Number of sections 10
PE sections
Overlays
MD5 905ed0025da96e1c09ae6a897fbd0368
File type data
Offset 332288
Size 512
Entropy 7.61
PE imports
GetRegionData
CreatePipe
GetAtomNameA
CreateSemaphoreA
AddAtomA
Beep
SetUnhandledExceptionFilter
FindAtomA
GetStartupInfoA
ExitProcess
CreateFileA
GetCommandLineA
Sleep
GetModuleHandleA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
ShowWindow
TranslateMessage
PostQuitMessage
DefWindowProcA
MessageBoxW
GetPropA
RegisterClassExA
_cexit
__p__fmode
malloc
fopen
__p__environ
signal
strcmp
free
_onexit
atexit
abort
_setmode
__getmainargs
fprintf
fflush
_iob
sin
__set_app_type
CoCreateGuid
BindMoniker
gethostbyname
getpeername
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
2.56

ImageVersion
1.0

FileVersionNumber
1.1.1.42

LanguageCode
French (Swiss)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
325632

EntryPoint
0x1240

MIMEType
application/octet-stream

TimeStamp
2012:09:18 17:04:59+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10752

FileSubtype
0

ProductVersionNumber
1.1.1.42

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 eca85beb81a61c7955da16182c4e1e45
SHA1 46d19d8f4f1061da3b75c430105febb86c20c09d
SHA256 0e80aa63d9069f8325ed4d66327270a8c063fe94485e5266c0bb2eb117fe2e05
ssdeep
6144:59LMYYoC3oI3XKASU/jIddf1LgRfqLbjm8JlXkK6dCEwUCitW1RUWFM:5SiRAZ/jcdu9qL/m8JlXiHw8

authentihash 5ca06d90765a2e68afa604526fb51d1ca5363967bef2aecd0f6801f735f67163
imphash 594600454ff168604be53f07263dff3e
File size 325.0 KB ( 332800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-09-19 05:49:55 UTC ( 5 years, 10 months ago )
Last submission 2017-05-10 03:43:08 UTC ( 1 year, 2 months ago )
File names 46d19d8f4f1061da3b75c430105febb86c20c09d_diJPN.ex
p1ywt.exe.x-msdownload
diJPN.exe
p1ywt.exe.x-msdownload
hRm83qfq.exe.x-msdownload
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files