× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1392b0a051c089a6cc88dc8801149bf5a4f5508517c220dfad1aa5f07073e0f2
File name: zodimizer-reso.exe
Detection ratio: 0 / 47
Analysis date: 2013-11-02 18:23:45 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
Yandex 20131101
AhnLab-V3 20131102
AntiVir 20131102
Antiy-AVL 20131101
Avast 20131102
AVG 20131102
Baidu-International 20131102
BitDefender 20131102
Bkav 20131102
ByteHero 20131028
CAT-QuickHeal 20131102
ClamAV 20131102
Commtouch 20131102
Comodo 20131102
DrWeb 20131102
Emsisoft 20131102
ESET-NOD32 20131102
F-Prot 20131102
F-Secure 20131102
Fortinet 20131102
GData 20131102
Ikarus 20131102
Jiangmin 20131102
K7AntiVirus 20131101
K7GW 20131101
Kaspersky 20131101
Kingsoft 20130829
Malwarebytes 20131102
McAfee 20131102
McAfee-GW-Edition 20131102
Microsoft 20131102
eScan 20131028
NANO-Antivirus 20131102
Norman 20131102
nProtect 20131101
Panda 20131102
Rising 20131101
Sophos AV 20131102
SUPERAntiSpyware 20131102
Symantec 20131102
TheHacker 20131029
TotalDefense 20131101
TrendMicro 20131102
TrendMicro-HouseCall 20131102
VBA32 20131101
VIPRE 20131102
ViRobot 20131102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-02 14:58:30
Entry Point 0x00001FA2
Number of sections 5
PE sections
PE imports
IsProcessorFeaturePresent
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
_purecall
??1type_info@@UAE@XZ
__crtTerminateProcess
memset
__dllonexit
_cexit
_controlfp_s
_invoke_watson
_fmode
_amsg_exit
?terminate@@YAXXZ
??2@YAPAXI@Z
_lock
_onexit
exit
_XcptFilter
_commode
__setusermatherr
strcpy_s
_initterm_e
_acmdln
_CxxThrowException
_ismbblead
_unlock
_exit
_crt_debugger_hook
??3@YAXPAX@Z
__CxxFrameHandler3
_except_handler4_common
__getmainargs
memcpy
__crtUnhandledException
__crtGetShowWindowMode
memmove
_calloc_crt
__crtSetUnhandledExceptionFilter
_configthreadlocale
_initterm
memchr
__set_app_type
Shell_NotifyIconA
GetMessageA
UnregisterHotKey
LoadMenuA
ChangeDisplaySettingsA
PostQuitMessage
DefWindowProcA
FindWindowA
DispatchMessageA
PostMessageA
MessageBoxA
TranslateMessage
RegisterClassExA
GetCursorPos
ShowWindow
GetWindowPlacement
SendMessageA
GetSubMenu
FindWindowExA
CreateWindowExA
LoadIconA
TrackPopupMenu
RegisterHotKey
SetForegroundWindow
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NORWEGIAN BOKMAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:02 15:58:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
11.0

EntryPoint
0x1fa2

InitializedDataSize
279552

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 a06cc0781b2be9920d1f703805b424ab
SHA1 e68fcb94ed84a7ce1adf61a7471501cfab4f5e38
SHA256 1392b0a051c089a6cc88dc8801149bf5a4f5508517c220dfad1aa5f07073e0f2
ssdeep
192:QgYtYX6m1+zxa25pqC0wDxb726IB2NrK55k4T45rCPSojGrJsGcp/QfBp4GNL8rh:QZI27q3wJ26ceGHDcFC6opGcpfy

authentihash 5e39604fb9e326f95fa02ad11c90312c20d7f81638ea498f2ea89eaa2b0fc87e
imphash bdf7c96680026cbeb0816b35b002cb91
File size 279.5 KB ( 286208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-02 18:23:45 UTC ( 5 years, 6 months ago )
Last submission 2015-02-24 00:16:56 UTC ( 4 years, 2 months ago )
File names zodimizer-reso.exe
zodimizer-reso.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!