× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13f28abb94a05597083fa8b9fc06b9198a10f97c82cb852aec561e7d46ab789c
File name: vt-upload-HeuCo
Detection ratio: 33 / 49
Analysis date: 2014-02-22 19:57:06 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39120 20140222
Yandex TrojanSpy.Zbot!9phOb78zUY8 20140221
AhnLab-V3 Spyware/Win32.Zbot 20140222
AntiVir TR/Crypt.XPACK.Gen7 20140222
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140219
Avast Win32:Kryptik-NJR [Trj] 20140222
AVG Zbot.FJP 20140222
BitDefender Gen:Variant.Symmi.39120 20140222
Bkav HW32.Nonim.qkke 20140222
DrWeb Trojan.Winlock.8004 20140222
Emsisoft Gen:Variant.Symmi.39120 (B) 20140222
ESET-NOD32 a variant of Win32/Injector.AXCA 20140222
F-Secure Gen:Variant.Symmi.39120 20140222
Fortinet W32/Injector.AXCA!tr 20140222
GData Gen:Variant.Symmi.39120 20140222
Ikarus Virus.Win32.Zbot 20140222
Jiangmin TrojanSpy.Zbot.gypp 20140222
K7GW Trojan ( 00494e7c1 ) 20140220
Kaspersky Trojan-Spy.Win32.Zbot.rlac 20140222
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140222
Malwarebytes Trojan.Inject.ED 20140222
McAfee PWSZbot-FMU!56E112DA55EF 20140222
McAfee-GW-Edition PWSZbot-FMU!56E112DA55EF 20140222
Microsoft VirTool:Win32/CeeInject.gen!KK 20140222
eScan Gen:Variant.Symmi.39120 20140222
NANO-Antivirus Trojan.Win32.Zbot.ctdffm 20140222
Panda Trj/dtcontx.K 20140222
Sophos Mal/Zbot-OA 20140222
SUPERAntiSpyware Trojan.Agent/Gen-Graftor 20140222
TrendMicro TROJ_GEN.R021C0FBL14 20140222
TrendMicro-HouseCall TROJ_GEN.R021C0FBL14 20140222
VBA32 TrojanSpy.Zbot 20140221
VIPRE Trojan.Win32.Injector.awxd (v) 20140222
Baidu-International 20140222
ByteHero 20140222
CAT-QuickHeal 20140222
ClamAV 20140222
CMC 20140220
Commtouch 20140222
Comodo 20140222
F-Prot 20140222
K7AntiVirus 20140221
Norman 20140222
nProtect 20140221
Qihoo-360 20140220
Rising 20140222
Symantec 20140222
TheHacker 20140220
TotalDefense 20140222
ViRobot 20140222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-02 16:25:26
Entry Point 0x00001A0E
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(1949)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(2135)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(1776)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(823)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(818)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
malloc
__CxxFrameHandler
_wfopen
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
_acmdln
_adjust_fdiv
__getmainargs
_controlfp
_setmbcp
_initterm
_exit
__set_app_type
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_STRING 1
Struct(240) 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:02 17:25:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

FileAccessDate
2014:02:22 21:28:20+01:00

EntryPoint
0x1a0e

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:22 21:28:20+01:00

UninitializedDataSize
0

File identification
MD5 56e112da55ef3a024be420406f290822
SHA1 fd7f9c63965e0e414d24768d9cdd4f42e3743d8d
SHA256 13f28abb94a05597083fa8b9fc06b9198a10f97c82cb852aec561e7d46ab789c
ssdeep
3072:q+hycBBGvB4tsdWJInJQm+IcMZ1gI+vU3ul8gImdAm4idfJ3Knceq:lycDjJW6yZ1AU4QmqcD

imphash eb3e24e8885c9dae14b83d01ba1fc16f
File size 182.8 KB ( 187193 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-22 19:57:06 UTC ( 3 years, 2 months ago )
Last submission 2014-02-22 19:57:06 UTC ( 3 years, 2 months ago )
File names vt-upload-HeuCo
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests