× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1313dd0cb96b45cea83e3d3c641058205bec547eb50080cbed6eeaee7968ca62
File name: output.9587975.txt
Detection ratio: 52 / 56
Analysis date: 2016-03-01 08:05:49 UTC ( 5 months ago )
Antivirus Result Update
ALYac Trojan.FakeAlert.DFJ 20160301
AVG Win32/Karagany 20160301
AVware Trojan.Win32.Zbot.dhnb (v) 20160301
Ad-Aware Trojan.FakeAlert.DFJ 20160301
AegisLab Troj.Spy.W32.Zbot.jfpy!c 20160301
Yandex TrojanSpy.Zbot!DeX4zmIuYkM 20160228
AhnLab-V3 Spyware/Win32.Zbot 20160229
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160301
Arcabit Trojan.FakeAlert.DFJ 20160301
Avast Win32:Zbot-QWA [Trj] 20160301
Avira (no cloud) TR/Spy.ZBot.1633288 20160301
Baidu-International Trojan.Win32.Zbot.AAU 20160229
BitDefender Trojan.FakeAlert.DFJ 20160301
Bkav HW32.Packed.8D1B 20160229
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160301
ClamAV Win.Trojan.Zbot-34895 20160301
Comodo TrojWare.Win32.Kryptik.CABC 20160301
Cyren W32/Tepfer.C.gen!Eldorado 20160301
DrWeb Trojan.PWS.Panda.3629 20160301
ESET-NOD32 Win32/Spy.Zbot.AAU 20160301
Emsisoft Trojan.FakeAlert.DFJ (B) 20160229
F-Prot W32/Tepfer.C.gen!Eldorado 20160301
F-Secure Trojan.FakeAlert.DFJ 20160301
Fortinet W32/Kryptik.SP!tr 20160301
GData Trojan.FakeAlert.DFJ 20160301
Ikarus Trojan-PWS.Win32.Zbot 20160229
Jiangmin TrojanSpy.Zbot.cumw 20160301
K7AntiVirus Trojan ( 0040f0ce1 ) 20160229
K7GW Trojan ( 0040f0ce1 ) 20160301
Kaspersky HEUR:Trojan.Win32.Generic 20160301
Malwarebytes Trojan.Agent.ED 20160301
McAfee PWS-Zbot-FAKU!FAA3A6C7BBF5 20160301
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20160301
eScan Trojan.FakeAlert.DFJ 20160301
Microsoft PWS:Win32/Zbot!GO 20160229
NANO-Antivirus Trojan.Win32.Zbot.crpyup 20160301
Panda Trj/Hexas.HEU 20160229
Qihoo-360 Win32/Trojan.0e6 20160301
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160225
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20160301
Sophos Troj/Zbot-DUZ 20160301
Symantec Trojan.Zbot!gen39 20160229
Tencent Win32.Trojan.Spy.Efuh 20160301
TheHacker Trojan/Kryptik.auzs 20160227
TotalDefense Win32/ZBot.AT!generic 20160229
TrendMicro TROJ_FORUCON.BMC 20160301
TrendMicro-HouseCall TSPY_ZBOT.SMODX 20160301
VBA32 BScope.Malware-Cryptor.SB.01798 20160229
VIPRE Trojan.Win32.Zbot.dhnb (v) 20160301
ViRobot Trojan.Win32.A.Zbot.336384.BW[h] 20160301
Zillya Trojan.Zbot.Win32.105362 20160301
nProtect Trojan-Clicker/W32.Fakealert.336384.J 20160229
Alibaba 20160301
ByteHero 20160301
CMC 20160225
Zoner 20160301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-21 15:42:47
Entry Point 0x0004E010
Number of sections 6
PE sections
PE imports
RegOpenKeyA
GetStockObject
SetThreadLocale
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
GetLocaleInfoW
IsDBCSLeadByteEx
GetTempPathA
WideCharToMultiByte
lstrcmpiA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
OpenEventW
GetModuleFileNameW
CopyFileA
HeapAlloc
lstrcpyW
lstrcmpiW
GetSystemDefaultLCID
MultiByteToWideChar
FlushInstructionCache
MoveFileW
CreateMutexA
SetFilePointer
GlobalMemoryStatus
CreateThread
MoveFileExW
GetSystemDefaultUILanguage
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
SearchPathA
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
WriteFile
ExpandEnvironmentStringsW
lstrcmpA
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
CreateEventW
CreateFileW
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetSystemInfo
lstrlenA
FindResourceW
CompareStringW
GetThreadLocale
GlobalUnlock
VirtualQuery
lstrlenW
VirtualFree
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
HeapSize
GetCurrentThread
lstrcpynW
RaiseException
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
IsBadStringPtrW
CompareFileTime
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
IsBadStringPtrA
FindResourceA
VirtualAlloc
CompareStringA
LoadCursorA
LoadIconA
Number of PE resources by type
RT_STRING 11
RT_DIALOG 9
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_BITMAP 3
RT_ICON 1
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 37
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:02:21 16:42:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
310784

LinkerVersion
9.0

EntryPoint
0x4e010

InitializedDataSize
24576

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 faa3a6c7bbf5b0449f60409c8bf63859
SHA1 521f801e9f0aa2760237802f961935726b37b3e3
SHA256 1313dd0cb96b45cea83e3d3c641058205bec547eb50080cbed6eeaee7968ca62
ssdeep
6144:2ZI5o+kLIv3ojkX+zxFhs4zQB+kKlxDVXm+Tv5p:2nLI/I/O4E+kexDo+lp

authentihash b207d3d2479cc141889517fcf1222678b09a979c60a185b5565963d0f7486247
imphash e8312e8176725d65c4ad198776687269
File size 328.5 KB ( 336384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-21 16:25:09 UTC ( 3 years, 5 months ago )
Last submission 2013-03-29 13:08:07 UTC ( 3 years, 4 months ago )
File names about.exe
faa3a6c7bbf5b0449f60409c8bf63859
1313DD0CB96B45CEA83E3D3C641058205BEC547EB50080CBED6EEAEE7968CA62
9587975
faa3a6c7bbf5b0449f60409c8bf63859
readme.exe
calc.exe
wgsdgsdgdsgsd.exe
contacts.exe
info.exe
output.9587975.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications