× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10840edaeebce3787ac2f6b470da1759e09c93d8ada3cd665690498d6c5ff9f0
File name: C22D41C077787F2010ABBC2B32A66E74_zbot.exe
Detection ratio: 3 / 40
Analysis date: 2012-09-17 04:50:30 UTC ( 6 years, 6 months ago ) View latest
Antivirus Result Update
Ikarus Trojan.Win32.Inject 20120917
Rising Hack.Anti.Win32.XPACK.f 20120917
Symantec Suspicious.Cloud.5 20120917
AhnLab-V3 20120916
AntiVir 20120916
Antiy-AVL 20120911
Avast 20120917
AVG 20120916
BitDefender 20120917
ByteHero 20120913
CAT-QuickHeal 20120917
ClamAV 20120917
Commtouch 20120917
Comodo 20120916
DrWeb 20120917
Emsisoft 20120917
eSafe 20120914
ESET-NOD32 20120916
F-Prot 20120916
Fortinet 20120830
GData 20120917
Jiangmin 20120917
K7AntiVirus 20120915
Kaspersky 20120917
McAfee 20120917
McAfee-GW-Edition 20120916
Microsoft 20120917
Norman 20120916
nProtect 20120916
Panda 20120916
PCTools 20120917
Sophos AV 20120917
SUPERAntiSpyware 20120911
TheHacker 20120917
TotalDefense 20120916
TrendMicro 20120917
VBA32 20120914
VIPRE 20120917
ViRobot 20120917
VirusBuster 20120916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-16 20:56:35
Entry Point 0x00001240
Number of sections 8
PE sections
Overlays
MD5 671872f69d6780f4867ea24343c9d52f
File type data
Offset 327680
Size 512
Entropy 7.60
PE imports
GetRegionData
CreatePipe
GetAtomNameA
CreateSemaphoreA
AddAtomA
SetUnhandledExceptionFilter
FindAtomA
GetStartupInfoA
ExitProcess
CreateFileA
GetCommandLineA
Sleep
GetModuleHandleA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
MessageBoxA
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
RegisterClassExA
_cexit
__p__fmode
malloc
fopen
__p__environ
signal
strcmp
free
_onexit
atexit
abort
_setmode
__getmainargs
fprintf
fflush
_iob
sin
__set_app_type
CoCreateGuid
BindMoniker
gethostbyname
getpeername
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:09:16 22:56:35+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10240

LinkerVersion
2.56

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x1240

InitializedDataSize
321536

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 c22d41c077787f2010abbc2b32a66e74
SHA1 0fcd206f18af66a14456ad5dc3fa2d5657e9e81c
SHA256 10840edaeebce3787ac2f6b470da1759e09c93d8ada3cd665690498d6c5ff9f0
ssdeep
6144:V8LNrFI+/uMSDTUwfrszDrYtHV6H+HmtGBKxXEOv:V6tFI4uLTmzgNGtGBFI

authentihash e75e5749951f3105cc4bd2dda07e5914ec4a77ae35a4dd7d55c772c3df9859ad
imphash 26fc3e211d6b4ba1ad2bb357b8779e50
File size 320.5 KB ( 328192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-09-17 04:26:29 UTC ( 6 years, 6 months ago )
Last submission 2019-01-20 05:47:16 UTC ( 2 months ago )
File names 96Uen.exe
C22D41C077787F2010ABBC2B32A66E74_zbot.exe
OtlPiM.fon
0fcd206f18af66a14456ad5dc3fa2d5657e9e81c
10840edaeebce3787ac2f6b470da1759e09c93d8ada3cd665690498d6c5ff9f0.bin
creeper.exe
10840edaeebce3787ac2f6b470da1759e09c93d8ada3cd665690498d6c5ff9f0.vir
c22d41c077787f2010abbc2b32a66e74.virus
c22d41c077787f2010abbc2b32a66e74.exe
c22d41c077787f2010abbc2b32a66e74
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files