× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1022955bd6bac65f678377bc07f201dd3edc1bc9f0f8d4121e0307b4683f57b7
File name: installer.exe
Detection ratio: 29 / 55
Analysis date: 2014-11-23 15:16:08 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.Zbot.fmW@cuvZ57n 20141123
AhnLab-V3 Win-Trojan/Zbot.88576 20141123
Avast Win32:Zbot-MYU [Trj] 20141123
AVG Win32/DH.FF8402A2{NHkefRMPA2cJgRM} 20141123
Avira (no cloud) TR/Crypt.ZPACK.Gen 20141123
AVware Trojan-Spy.Win32.Zbot.gen (v) 20141121
BitDefender Gen:Trojan.Heur.Zbot.fmW@cuvZ57n 20141123
Bkav HW32.Packed.E94B 20141120
ClamAV Trojan.Spy.Zbot-435 20141123
CMC Packed.Win32.Katusha.3!O 20141121
Comodo TrojWare.Win32.Spy.Zbot.AAJ 20141123
Cyren W32/Zbot.V.gen!Eldorado 20141123
Emsisoft Gen:Trojan.Heur.Zbot.fmW@cuvZ57n (B) 20141123
F-Prot W32/Zbot.V.gen!Eldorado 20141123
Fortinet W32/Zbot.gen!tr 20141123
GData Gen:Trojan.Heur.Zbot.fmW@cuvZ57n 20141123
Ikarus Trojan-Spy.Win32.Zbot 20141123
Kaspersky Trojan-Spy.Win32.Zbot.gen 20141123
Malwarebytes Spyware.Zbot 20141123
McAfee PWS-Zbot.gen.dl 20141123
McAfee-GW-Edition BehavesLike.Win32.Autorun.mh 20141122
eScan Gen:Trojan.Heur.Zbot.fmW@cuvZ57n 20141123
Norman ZBot.QSZ 20141123
Qihoo-360 Malware.QVM20.Gen 20141123
Symantec Packed.Generic.232 20141123
TotalDefense Win32/Zbot.B!generic 20141123
TrendMicro TSPY_ZBOT.SMO 20141123
VBA32 BScope.Malware-Cryptor.Win32.Vals.21 20141121
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20141123
AegisLab 20141123
Yandex 20141122
Antiy-AVL 20141123
Baidu-International 20141123
ByteHero 20141123
CAT-QuickHeal 20141122
DrWeb 20141123
ESET-NOD32 20141123
F-Secure 20141123
Jiangmin 20141122
K7AntiVirus 20141121
K7GW 20141121
Kingsoft 20141123
Microsoft 20141123
NANO-Antivirus 20141123
nProtect 20141121
Panda 20141123
Rising 20141122
Sophos AV 20141123
SUPERAntiSpyware 20141123
Tencent 20141123
TheHacker 20141121
TrendMicro-HouseCall 20141123
ViRobot 20141123
Zillya 20141122
Zoner 20141120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-10 11:35:45
Entry Point 0x0000DC6E
Number of sections 3
PE sections
PE imports
CreatePrivateObjectSecurity
LookupSecurityDescriptorPartsA
CryptSetProviderW
LookupSecurityDescriptorPartsW
CryptEncrypt
RegSetKeySecurity
CryptSetProviderA
LookupAccountNameA
RegFlushKey
CryptHashSessionKey
GetSecurityDescriptorGroup
QueryServiceStatus
SetSecurityDescriptorSacl
GetTokenInformation
SetServiceBits
GetUserNameW
GetSecurityDescriptorDacl
BuildSecurityDescriptorW
EnumServicesStatusA
IsValidAcl
InitializeAcl
RegQueryValueW
GetCurrentHwProfileA
RegSetValueExW
SetSecurityDescriptorOwner
LookupPrivilegeValueA
SetNamedSecurityInfoA
OpenServiceA
AddAccessDeniedAce
RegSetValueA
OpenServiceW
LookupPrivilegeValueW
RegNotifyChangeKeyValue
RegSetValueW
CryptImportKey
SetSecurityDescriptorDacl
GetFileSecurityW
RegQueryMultipleValuesW
RegisterEventSourceA
ClearEventLogA
ConvertSecurityDescriptorToAccessNamedW
CryptEnumProviderTypesA
CryptSetProvParam
CryptVerifySignatureW
BuildImpersonateExplicitAccessWithNameW
GetSidSubAuthorityCount
GetNamedSecurityInfoExA
CreateProcessAsUserA
IsTextUnicode
ObjectPrivilegeAuditAlarmA
GetNamedSecurityInfoExW
ConvertSecurityDescriptorToAccessA
RegDeleteValueW
SetSecurityInfoExW
SetAclInformation
SetSecurityInfoExA
IsValidSecurityDescriptor
SetThreadToken
LookupAccountSidW
GetServiceKeyNameA
GetTrusteeTypeW
OpenProcessToken
DuplicateToken
SetFileSecurityW
CancelOverlappedAccess
CryptReleaseContext
CryptSetProviderExA
GetPrivateObjectSecurity
InitiateSystemShutdownW
RegEnumKeyExA
CryptGetProvParam
CryptDestroyHash
NotifyChangeEventLog
SetEntriesInAclW
RegSaveKeyA
CryptEnumProvidersW
CryptSignHashW
CryptGetHashParam
GetSidLengthRequired
RegSaveKeyW
StartServiceA
SetEntriesInAclA
CreateServiceW
ConvertAccessToSecurityDescriptorA
CryptSignHashA
RegDeleteKeyA
DestroyPrivateObjectSecurity
ChangeServiceConfigA
CryptSetHashParam
FindFirstFreeAce
ControlService
RegDeleteKeyW
RegReplaceKeyA
LookupPrivilegeDisplayNameW
TrusteeAccessToObjectW
RegOpenKeyW
RegConnectRegistryA
AllocateLocallyUniqueId
AreAllAccessesGranted
GetAuditedPermissionsFromAclW
ObjectCloseAuditAlarmW
CryptGetDefaultProviderA
GetLengthSid
ImpersonateNamedPipeClient
InitializeSid
OpenSCManagerA
RegUnLoadKeyA
StartServiceCtrlDispatcherA
CryptSetKeyParam
OpenSCManagerW
BackupEventLogA
QueryServiceLockStatusW
StartServiceCtrlDispatcherW
RegUnLoadKeyW
BackupEventLogW
GetCurrentHwProfileW
ReportEventA
SetThreadLocale
GetPrivateProfileSectionNamesA
GetTempFileNameA
CreateTapePartition
GetStdHandle
FreeEnvironmentStringsA
GetLocaleInfoA
lstrcatA
SetErrorMode
GetFileInformationByHandle
EscapeCommFunction
HeapWalk
ReadFileScatter
FindResourceExA
WideCharToMultiByte
WriteConsoleOutputA
EnumCalendarInfoExA
GetThreadPriority
LocalHandle
SetConsoleCP
FormatMessageW
ConnectNamedPipe
FreeLibraryAndExitThread
GetEnvironmentVariableA
GetLogicalDriveStringsW
FindClose
MoveFileW
GetEnvironmentVariableW
VerLanguageNameA
WriteProcessMemory
IsDebuggerPresent
SetConsoleOutputCP
FoldStringA
SetProcessWorkingSetSize
EnumSystemLocalesA
FindNextFileW
EraseTape
GetSystemDefaultLCID
EnumCalendarInfoW
WritePrivateProfileSectionA
GetCalendarInfoA
GetSystemPowerStatus
FlushInstructionCache
CreateDirectoryExW
SetEnvironmentVariableW
MoveFileExW
GetExitCodeThread
CreateSemaphoreW
GetMailslotInfo
SetThreadIdealProcessor
ReadConsoleA
GlobalUnWire
TerminateProcess
SetDefaultCommConfigA
ReadConsoleW
GetCurrentThreadId
SetCurrentDirectoryA
OpenMutexW
MapViewOfFileEx
WriteConsoleInputA
RequestDeviceWakeup
GetNumberOfConsoleInputEvents
IsBadWritePtr
VirtualProtect
EndUpdateResourceA
SetLocalTime
LCMapStringW
GetModuleHandleW
GetDateFormatW
WriteFileGather
GetUserDefaultLCID
GetConsoleScreenBufferInfo
VirtualProtectEx
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
ExpandEnvironmentStringsW
Toolhelp32ReadProcessMemory
FindFirstFileA
GlobalFix
FreeConsole
GetComputerNameA
EnumDateFormatsExW
GetPrivateProfileIntW
GetProcessAffinityMask
GetCurrencyFormatA
GetAtomNameA
GetThreadContext
CopyFileA
TlsSetValue
CreateFileA
GetThreadLocale
GetLastError
LocalReAlloc
DosDateTimeToFileTime
GlobalDeleteAtom
lstrlenA
GetConsoleCP
GetProcessTimes
SetProcessShutdownParameters
GlobalUnlock
lstrlenW
SetupComm
CancelWaitableTimer
GetCurrentDirectoryA
GetLongPathNameA
EnumTimeFormatsA
SetThreadAffinityMask
EnumSystemCodePagesW
SetConsoleTitleW
lstrcmpA
TlsFree
GetQueuedCompletionStatus
ReadConsoleOutputCharacterW
GlobalFlags
PulseEvent
CloseHandle
EnumSystemCodePagesA
GetPriorityClass
GetACP
GetCommConfig
SetWaitableTimer
SetThreadExecutionState
GetFileAttributesExW
IsBadHugeWritePtr
GetLongPathNameW
SetCommConfig
SetConsoleMode
OpenSemaphoreA
PostQueuedCompletionStatus
CreateProcessW
GetVolumeInformationA
Sleep
IsBadStringPtrA
GetFileAttributesExA
LocalShrink
SetMailslotInfo
VirtualAlloc
PathRemoveBackslashA
SHGetInverseCMAP
PathFindSuffixArrayA
PathIsRelativeA
SHRegGetUSValueA
PathRemoveBackslashW
PathCompactPathExW
UrlUnescapeW
PathMakePrettyW
StrRChrIW
SHRegGetBoolUSValueW
StrRChrIA
StrCSpnW
SHEnumKeyExA
PathIsDirectoryA
StrIsIntlEqualW
PathSetDlgItemPathW
UrlHashA
SHEnumKeyExW
PathIsDirectoryEmptyA
AssocQueryKeyW
PathFindFileNameW
PathQuoteSpacesA
PathRemoveBlanksA
SHRegOpenUSKeyA
StrTrimA
PathRemoveBlanksW
PathIsPrefixW
PathRemoveArgsA
PathIsContentTypeW
PathFindExtensionA
StrRChrW
PathParseIconLocationA
PathIsSystemFolderA
UrlApplySchemeW
StrRetToBufW
PathIsUNCW
PathRemoveArgsW
SHRegEnumUSKeyA
SHCreateStreamOnFileW
PathIsRelativeW
PathAddBackslashA
ColorRGBToHLS
PathRelativePathToA
UrlIsNoHistoryA
StrCatW
StrCSpnIA
PathRemoveFileSpecW
PathAppendA
AssocQueryStringByKeyA
SHSkipJunction
PathIsUNCServerW
StrCpyW
PathIsFileSpecA
PathIsUNCServerShareW
PathRemoveFileSpecA
StrCmpNW
PathAddExtensionA
UrlIsA
UrlIsW
StrCmpNA
StrFormatKBSizeA
wvnsprintfA
ColorHLSToRGB
wvnsprintfW
PathGetDriveNumberA
PathMakeSystemFolderA
PathCombineA
PathStripToRootA
PathGetDriveNumberW
SHCreateShellPalette
PathStripPathW
StrStrIA
SHRegQueryUSValueA
SHRegSetUSValueA
UrlIsOpaqueW
SHRegSetUSValueW
StrStrIW
AssocQueryStringW
UrlCompareW
UrlIsOpaqueA
PathBuildRootA
SHSetThreadRef
PathBuildRootW
PathIsNetworkPathA
IntlStrEqWorkerW
UrlCreateFromPathA
PathUndecorateW
UrlCombineW
StrCmpNIA
PathCommonPrefixW
StrNCatA
StrChrW
PathFileExistsW
SHOpenRegStreamW
PathFindOnPathW
PathIsLFNFileSpecW
wnsprintfA
SHQueryInfoKeyA
StrRStrIA
PathSkipRootW
PathRemoveExtensionA
StrRStrIW
ChangeDisplaySettingsW
GetMessagePos
SetWindowRgn
SetMenuDefaultItem
BroadcastSystemMessageA
EnumWindowStationsW
DrawStateW
GetClipboardViewer
GetNextDlgTabItem
EndPaint
OpenIcon
VkKeyScanA
OpenWindowStationW
CharUpperBuffA
WindowFromPoint
DlgDirSelectComboBoxExW
SwitchDesktop
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetDlgCtrlID
GetClipCursor
DlgDirSelectExA
AnyPopup
GetClientRect
ToAscii
CharLowerBuffA
SetUserObjectSecurity
InSendMessage
CharPrevExA
CallNextHookEx
LoadAcceleratorsA
IsClipboardFormatAvailable
BlockInput
DrawFrame
UnhookWindowsHook
GetWindowTextW
RegisterClipboardFormatW
CopyAcceleratorTableW
ScrollWindow
DdeSetQualityOfService
RegisterHotKey
GetUserObjectInformationW
GetComboBoxInfo
GetCursorInfo
DlgDirListComboBoxW
EnumWindows
CheckRadioButton
SetClassWord
CallMsgFilterW
GetNextDlgGroupItem
SetWindowWord
IsCharAlphaW
EnableWindow
GetClipboardFormatNameW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
SetClipboardData
LoadMenuIndirectW
RegisterClassA
GetPriorityClipboardFormat
OemToCharA
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetGUIThreadInfo
CreateAcceleratorTableA
DragDetect
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
PostMessageA
OffsetRect
GetAltTabInfo
CopyIcon
GetKeyboardLayoutNameW
GetClipboardOwner
SendNotifyMessageW
DefWindowProcA
SetDebugErrorLevel
RegisterDeviceNotificationA
SetWindowLongW
SetScrollRange
SetCapture
WINNLSGetEnableStatus
CharLowerW
RegisterDeviceNotificationW
SetKeyboardState
SwapMouseButton
WaitMessage
GetLastActivePopup
GetDlgItem
CreateWindowStationW
CloseWindowStation
GetKeyboardState
SetWindowsHookExA
PostThreadMessageW
GetMenuItemInfoA
GetDesktopWindow
GetSystemMenu
GetMenuItemInfoW
EmptyClipboard
GetCaretBlinkTime
GetCaretPos
DrawTextExW
SetWindowContextHelpId
CreateDialogIndirectParamA
SetWinEventHook
FindWindowA
SetMenuInfo
GetWindowThreadProcessId
DeferWindowPos
HiliteMenuItem
DdeUninitialize
SetDlgItemTextA
DdeSetUserHandle
RegisterWindowMessageA
GetWindowDC
GetSysColor
SendMessageCallbackW
CopyImage
MenuItemFromPoint
GetDoubleClickTime
DestroyIcon
TileWindows
MonitorFromWindow
FrameRect
SendMessageTimeoutA
ChangeMenuA
DefDlgProcA
IsChild
IsRectEmpty
IsCharUpperW
DdeGetLastError
TranslateAcceleratorW
CoRegisterPSClsid
CoUnmarshalHresult
CoSuspendClassObjects
CreateStreamOnHGlobal
StgGetIFillLockBytesOnFile
OleSave
CoRegisterMessageFilter
WriteOleStg
OleLoad
OleRegEnumFormatEtc
CoRevokeClassObject
OleCreateMenuDescriptor
CreateObjrefMoniker
OleSaveToStream
OleGetIconOfClass
ReadStringStream
CreateFileMoniker
StringFromGUID2
CoSetProxyBlanket
ReadClassStg
StgSetTimes
UtGetDvtd32Info
StringFromCLSID
CreateBindCtx
CoRevokeMallocSpy
OleNoteObjectVisible
StringFromIID
OleLoadFromStream
OleConvertIStorageToOLESTREAMEx
CoCreateInstanceEx
WriteStringStream
CoInitializeEx
CreateDataAdviseHolder
UtConvertDvtd32toDvtd16
CoGetObject
CoQueryReleaseObject
CoRegisterMallocSpy
CoMarshalInterface
CoUninitialize
OleCreateFromData
CoGetInstanceFromFile
OleTranslateAccelerator
CoQueryAuthenticationServices
StgOpenStorageOnILockBytes
MonikerRelativePathTo
DllDebugObjectRPCHook
CoTreatAsClass
CreateClassMoniker
CoAddRefServerProcess
IsAccelerator
OleRegGetMiscStatus
RegisterDragDrop
OleCreateStaticFromData
OleCreateFromFile
StgGetIFillLockBytesOnILockBytes
CoResumeClassObjects
CLSIDFromString
OleCreateFromDataEx
ProgIDFromCLSID
IsEqualGUID
GetClassFile
CoCreateInstance
OleMetafilePictFromIconAndLabel
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
UtGetDvtd16Info
OleConvertIStorageToOLESTREAM
CoFreeUnusedLibraries
GetHGlobalFromStream
CoDosDateTimeToFileTime
OleSetMenuDescriptor
CoGetMalloc
CoReleaseServerProcess
WriteFmtUserTypeStg
CoImpersonateClient
CoGetMarshalSizeMax
OleGetAutoConvert
UtConvertDvtd16toDvtd32
CoIsHandlerConnected
OleCreateLinkToFileEx
CoGetTreatAsClass
OleFlushClipboard
GetHGlobalFromILockBytes
CoGetPSClsid
ReadFmtUserTypeStg
OleGetClipboard
GetDocumentBitStg
CoRegisterChannelHook
CreateOleAdviseHolder
CoGetCallContext
StgIsStorageILockBytes
OleRegGetUserType
OleIsCurrentClipboard
OleCreateEmbeddingHelper
StgIsStorageFile
WriteClassStm
OleCreateDefaultHandler
CoFileTimeToDosDateTime
CoReleaseMarshalData
CreateGenericComposite
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:06:10 12:35:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
22016

SubsystemVersion
4.0

EntryPoint
0xdc6e

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Execution parents
File identification
MD5 d725561817d04a1dd0c889781613b577
SHA1 63b0dd85a6284066ceccc670473e807f1b8c4abd
SHA256 1022955bd6bac65f678377bc07f201dd3edc1bc9f0f8d4121e0307b4683f57b7
ssdeep
1536:4kQb86KswtfLUGCBp/mlbzmgK2ZJ3xFCqUjmzbSJkO/TVe92pgpOd9+Xt:NQozxoTmlbzmghfBchqSJk+22pgpRXt

authentihash 4c4ee513f9518cf91a47a016c6c61720d97a8bea4d39efa3e9a1cd43c3e706fd
imphash e4b45638f0fa15be09a39c7235ca8bb1
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-23 15:16:08 UTC ( 2 years, 8 months ago )
Last submission 2014-12-20 17:40:29 UTC ( 2 years, 8 months ago )
File names installer.exe
1022955bd6bac65f678377bc07f201dd3edc1bc9f0f8d4121e0307b4683f57b7.log
installer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Copied files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections