× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11f341da69b1a28e6e3eea86deffb5f2e7f7705d44fffd808632f49c2366f577
File name: 9886a0c4f2ed767f04dbca9ff44e2514
Detection ratio: 41 / 57
Analysis date: 2017-02-11 04:30:01 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.103238 20170211
AegisLab Troj.W32.Zbot!c 20170211
AhnLab-V3 Trojan/Win32.Tuhkit.R191026 20170210
ALYac Gen:Variant.Razy.103238 20170211
Antiy-AVL Trojan/Win32.Zbot 20170211
Arcabit Trojan.Razy.D19346 20170211
Avast Win32:Malware-gen 20170211
AVG Win32/Cryptor 20170211
AVware Trojan.Win32.Generic!BT 20170211
Baidu Win32.Trojan.Elenoocka.a 20170210
BitDefender Gen:Variant.Razy.103238 20170211
CAT-QuickHeal Trojan.Zbot 20170210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.IJVB-3549 20170211
DrWeb Trojan.MulDrop6.63378 20170211
Emsisoft Gen:Variant.Razy.103238 (B) 20170211
Endgame malicious (high confidence) 20170208
ESET-NOD32 a variant of Win32/Kryptik.FIMP 20170211
F-Secure Gen:Variant.Razy.103238 20170211
Fortinet W32/Kryptik.FLTU!tr 20170211
GData Gen:Variant.Razy.103238 20170211
Sophos ML virus.win32.sality.at 20170203
Jiangmin Trojan.Zbot.gm 20170211
Kaspersky Trojan.Win32.Zbot.fqg 20170211
Malwarebytes Backdoor.Bot 20170211
McAfee Trojan-FJSV!9886A0C4F2ED 20170211
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170211
Microsoft Trojan:Win32/CeeInject.MJ!bit 20170210
eScan Gen:Variant.Razy.103238 20170211
NANO-Antivirus Trojan.Win32.ZPACK.ehxjij 20170210
Panda Trj/GdSda.A 20170210
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170211
Rising Malware.XPACK-HIE/Heur!1.9C48-AwVxoq6P9zU (cloud) 20170211
Sophos AV Mal/Generic-S 20170211
Symantec Packed.Generic.493 20170210
Tencent Win32.Trojan.Zbot.Hupi 20170211
TrendMicro TROJ_GEN.R02KC0GK416 20170211
TrendMicro-HouseCall TROJ_GEN.R02KC0GK416 20170211
VBA32 Trojan.Zbot 20170210
VIPRE Trojan.Win32.Generic!BT 20170211
Yandex Trojan.Zbot!oy0XySHLQyY 20170210
Alibaba 20170122
Avira (no cloud) 20170210
ClamAV 20170211
CMC 20170210
Comodo 20170210
F-Prot 20170211
Ikarus 20170210
K7AntiVirus 20170210
K7GW 20170211
Kingsoft 20170211
nProtect 20170211
SUPERAntiSpyware 20170211
TheHacker 20170209
TotalDefense 20170210
Trustlook 20170211
ViRobot 20170211
WhiteArmor 20170202
Zillya 20170210
Zoner 20170211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-29 20:36:29
Entry Point 0x00003731
Number of sections 3
PE sections
PE imports
RegRestoreKeyA
RegDeleteKeyA
ReadEventLogA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueA
RegFlushKey
RegEnumValueA
RegUnLoadKeyA
RegEnumKeyA
RegCreateKeyA
RegSaveKeyA
RegReplaceKeyA
ReadConsoleA
GetSystemTime
GetCurrentProcess
GetThreadPriority
GetLogicalDriveStringsA
GetModuleFileNameW
CreateNamedPipeW
GetStringTypeExW
GetSystemDirectoryW
WaitForSingleObject
FindResourceA
InterlockedExchange
GetCurrentDirectoryA
GetTapePosition
GetProcAddress
LoadLibraryA
GetCurrentThread
ResUtilGetBinaryValue
ClusWorkerTerminate
ResUtilDupString
ClusWorkerCreate
Number of PE resources by type
SATR 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:29 21:36:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
222208

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
7680

SubsystemVersion
4.0

EntryPoint
0x3731

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 9886a0c4f2ed767f04dbca9ff44e2514
SHA1 35b6198d562e178138db9ba1113de4d9b6187328
SHA256 11f341da69b1a28e6e3eea86deffb5f2e7f7705d44fffd808632f49c2366f577
ssdeep
3072:4z+/v4iXiSSSGjlKYjmXbkUbI+juVrf7xCufkn61uxbIrHuROviqzeN0dgWW:uiXUSYjmrw+iVrf7xCufkn6KMuAviV

authentihash 0655824c272563396688ca683181e12b54ba6442c78feb25e950d8f362d5ef1b
imphash a0f06f39da51fe3bb665ee89a232b7d7
File size 225.5 KB ( 230912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-11 04:30:01 UTC ( 2 years ago )
Last submission 2017-02-11 04:30:01 UTC ( 2 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications