× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1313dd0cb96b45cea83e3d3c641058205bec547eb50080cbed6eeaee7968ca62
File name: output.9587975.txt
Detection ratio: 49 / 54
Analysis date: 2016-01-01 12:26:39 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AVG Win32/Karagany 20160101
AVware Trojan.Win32.Zbot.dhnb (v) 20160101
Ad-Aware Trojan.FakeAlert.DFJ 20151224
Agnitum TrojanSpy.Zbot!DeX4zmIuYkM 20151231
AhnLab-V3 Spyware/Win32.Zbot 20160101
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160101
Arcabit Trojan.FakeAlert.DFJ 20160101
Avast Win32:Zbot-QWA [Trj] 20160101
Avira TR/Spy.ZBot.1633288 20160101
Baidu-International Trojan.Win32.Zbot.AAU 20160101
BitDefender Trojan.FakeAlert.DFJ 20160101
Bkav HW32.Packed.8D1B 20151231
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160101
ClamAV Win.Trojan.Zbot-34895 20160101
Comodo TrojWare.Win32.Kryptik.CABC 20160101
Cyren W32/Tepfer.C.gen!Eldorado 20160101
DrWeb Trojan.PWS.Panda.3629 20160101
ESET-NOD32 Win32/Spy.Zbot.AAU 20151231
Emsisoft Trojan.FakeAlert.DFJ (B) 20160101
F-Prot W32/Tepfer.C.gen!Eldorado 20160101
F-Secure Trojan.FakeAlert.DFJ 20160101
Fortinet W32/Kryptik.SP!tr 20160101
GData Trojan.FakeAlert.DFJ 20160101
Ikarus Trojan-PWS.Win32.Zbot 20151231
Jiangmin TrojanSpy.Zbot.cumw 20160101
K7AntiVirus Trojan ( 0040f0ce1 ) 20160101
K7GW Trojan ( 0040f0ce1 ) 20160101
Kaspersky HEUR:Trojan.Win32.Generic 20160101
Malwarebytes Trojan.Agent.ED 20160101
McAfee PWS-Zbot-FAKU!FAA3A6C7BBF5 20160101
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20160101
MicroWorld-eScan Trojan.FakeAlert.DFJ 20160101
Microsoft PWS:Win32/Zbot!GO 20160101
NANO-Antivirus Trojan.Win32.Zbot.crpyup 20160101
Panda Trj/Hexas.HEU 20160101
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160101
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20160101
Sophos Troj/Zbot-DUZ 20160101
Symantec Trojan.Zbot!gen39 20151231
Tencent Win32.Trojan-Spy.Zbot.dqxv 20160101
TheHacker Trojan/Kryptik.auzs 20151231
TotalDefense Win32/ZBot.AT!generic 20160101
TrendMicro TROJ_FORUCON.BMC 20160101
TrendMicro-HouseCall TSPY_ZBOT.SMODX 20160101
VBA32 BScope.Malware-Cryptor.SB.01798 20151231
VIPRE Trojan.Win32.Zbot.dhnb (v) 20160101
ViRobot Trojan.Win32.A.Zbot.336384.BW[h] 20160101
Zillya Trojan.Zbot.Win32.105362 20151231
nProtect Trojan-Clicker/W32.Fakealert.336384.J 20151231
AegisLab 20160101
Alibaba 20151208
ByteHero 20160101
CMC 20151231
Zoner 20160101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-21 15:42:47
Link date 4:42 PM 2/21/2013
Entry Point 0x0004E010
Number of sections 6
PE sections
PE imports
RegOpenKeyA
GetStockObject
SetThreadLocale
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
GetLocaleInfoW
IsDBCSLeadByteEx
GetTempPathA
WideCharToMultiByte
lstrcmpiA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
OpenEventW
GetModuleFileNameW
CopyFileA
HeapAlloc
lstrcpyW
lstrcmpiW
GetSystemDefaultLCID
MultiByteToWideChar
FlushInstructionCache
MoveFileW
CreateMutexA
SetFilePointer
GlobalMemoryStatus
CreateThread
MoveFileExW
GetSystemDefaultUILanguage
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
SearchPathA
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
WriteFile
ExpandEnvironmentStringsW
lstrcmpA
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
CreateEventW
CreateFileW
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetSystemInfo
lstrlenA
FindResourceW
CompareStringW
GetThreadLocale
GlobalUnlock
VirtualQuery
lstrlenW
VirtualFree
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
HeapSize
GetCurrentThread
lstrcpynW
RaiseException
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
IsBadStringPtrW
CompareFileTime
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
IsBadStringPtrA
FindResourceA
VirtualAlloc
CompareStringA
LoadCursorA
LoadIconA
Number of PE resources by type
RT_STRING 11
RT_DIALOG 9
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_BITMAP 3
RT_ICON 1
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 37
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:02:21 16:42:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
310784

LinkerVersion
9.0

EntryPoint
0x4e010

InitializedDataSize
24576

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 faa3a6c7bbf5b0449f60409c8bf63859
SHA1 521f801e9f0aa2760237802f961935726b37b3e3
SHA256 1313dd0cb96b45cea83e3d3c641058205bec547eb50080cbed6eeaee7968ca62
ssdeep
6144:2ZI5o+kLIv3ojkX+zxFhs4zQB+kKlxDVXm+Tv5p:2nLI/I/O4E+kexDo+lp

authentihash b207d3d2479cc141889517fcf1222678b09a979c60a185b5565963d0f7486247
imphash e8312e8176725d65c4ad198776687269
File size 328.5 KB ( 336384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-21 16:25:09 UTC ( 2 years, 11 months ago )
Last submission 2013-03-29 13:08:07 UTC ( 2 years, 10 months ago )
File names about.exe
faa3a6c7bbf5b0449f60409c8bf63859
1313DD0CB96B45CEA83E3D3C641058205BEC547EB50080CBED6EEAEE7968CA62
9587975
faa3a6c7bbf5b0449f60409c8bf63859
readme.exe
calc.exe
wgsdgsdgdsgsd.exe
contacts.exe
info.exe
output.9587975.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications