× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1074e1f879c75513f27313a7fcc53d68132f12b7282c5c3df2d797c0caee0dd7
File name: 185.exe
Detection ratio: 46 / 54
Analysis date: 2015-10-27 04:42:18 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Yandex Trojan.Buzus!3fzwTCGWqWM 20151026
AhnLab-V3 Spyware/Win32.Zbot 20151027
ALYac Gen:Variant.Kazy.377225 20151027
Antiy-AVL Trojan/Win32.Buzus 20151027
Arcabit Trojan.Kazy.D5C189 20151027
Avast Win32:Dropper-gen [Drp] 20151027
AVG SHeur4.BUYY 20151026
Avira (no cloud) TR/PSW.Zbot.16158 20151027
AVware Trojan.Win32.Generic!BT 20151027
Baidu-International Trojan.Win32.Buzus.onok 20151026
BitDefender Gen:Variant.Kazy.377225 20151027
Bkav HW32.Packed.1C9D 20151026
CAT-QuickHeal Trojan.Buzus.r3 20151027
ClamAV Win.Trojan.Agent-809670 20151027
CMC Heur.Win32.VBKrypt.3!O 20151026
Comodo UnclassifiedMalware 20151027
DrWeb Trojan.Virtumod.13900 20151027
Emsisoft Gen:Variant.Kazy.377225 (B) 20151027
ESET-NOD32 Win32/Spy.Zbot.AAO 20151027
F-Secure Gen:Variant.Kazy.377225 20151027
Fortinet W32/VB.AMC!tr 20151026
GData Gen:Variant.Kazy.377225 20151027
Ikarus Trojan-Spy.Zbot 20151027
Jiangmin Trojan/Buzus.azwl 20151026
K7AntiVirus Trojan ( 0040f8411 ) 20151026
K7GW Trojan ( 0040f8411 ) 20151027
Kaspersky Trojan.Win32.Buzus.onok 20151027
Malwarebytes Spyware.PasswordStealer 20151026
McAfee PWS-FBLF!6B5BF4A3F5C6 20151027
McAfee-GW-Edition PWS-FBLF!6B5BF4A3F5C6 20151027
Microsoft PWS:Win32/Zbot 20151027
eScan Gen:Variant.Kazy.377225 20151027
NANO-Antivirus Trojan.Win32.Buzus.czjyxz 20151027
nProtect Trojan/W32.Buzus.323528 20151026
Panda Trj/Genetic.gen 20151026
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Mal/VB-ANY 20151027
Symantec Trojan.Zbot 20151026
Tencent Win32.Trojan.Buzus.Wptr 20151027
TotalDefense Win32/Zbot.JWXISOD 20151026
TrendMicro TSPY_ZBOT.AABBAL 20151027
TrendMicro-HouseCall TSPY_ZBOT.AABBAL 20151027
VBA32 Trojan.Buzus 20151026
VIPRE Trojan.Win32.Generic!BT 20151027
ViRobot Trojan.Win32.S.Buzus.323528[h] 20151027
Zillya Trojan.Buzus.Win32.120657 20151026
AegisLab 20151026
Alibaba 20151027
ByteHero 20151027
Cyren 20151027
F-Prot 20151027
SUPERAntiSpyware 20151027
TheHacker 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-05 15:43:26
Entry Point 0x00001134
Number of sections 3
PE sections
Overlays
MD5 b5678bed323bb9774badf86c09ad5ecb
File type data
Offset 319488
Size 4040
Entropy 7.23
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(648)
Ord(685)
Ord(558)
Ord(617)
EVENT_SINK_AddRef
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(578)
__vbaCopyBytes
Ord(589)
Ord(608)
Ord(519)
Ord(561)
Ord(100)
Ord(526)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(667)
Ord(644)
Ord(588)
Ord(619)
Ord(698)
Number of PE resources by type
RT_ICON 2
Struct(28) 1
RT_HTML 1
Struct(26) 1
Struct(27) 1
RT_GROUP_ICON 1
Number of PE resources by language
VENDA DEFAULT 4
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:05 16:43:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
7.0

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
241664

SubsystemVersion
4.0

EntryPoint
0x1134

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6b5bf4a3f5c639af14ae12ef711eaebd
SHA1 d0f4ae66cca8be4b6ad61142dd967516d39e3f86
SHA256 1074e1f879c75513f27313a7fcc53d68132f12b7282c5c3df2d797c0caee0dd7
ssdeep
6144:hiN+av7FvNIUI4fyB6szSXz4lk1ZIR7KySE76cseRseN:hidv7FvNIifyRSXclk1ZgKEGcseR1

authentihash ee338c387b74a42b5c8a19dfe1623fd38bc67603c114af7fb0a4de62dd1d9507
imphash e700cb1bbab353152b465ba744df9c98
File size 315.9 KB ( 323528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-06 08:39:11 UTC ( 2 years, 11 months ago )
Last submission 2015-04-01 03:03:05 UTC ( 2 years ago )
File names output.26425735.txt
185.exe
185.exe_
6b5bf4a3f5c639af14ae12ef711eaebd.exe
185.ex
6b5bf4a3f5c639af14ae12ef711eaebd
2016-07-11_1074e1f879c75513f27313a7fcc53d68132f12b7282c5c3df2d797c0caee0dd7
2014-07-17-05-09-01-6b5bf4a3f5c639af14ae12ef711eaebd
26425735
file-7082912_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications