× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1784c7cf718ea15331e9a1d8904720a457cf0ed700dd2ad3ac60207c474517a3
File name: bddbcb99d2cfd4192043edd59eb6ce67ea932abe.exe
Detection ratio: 50 / 57
Analysis date: 2016-05-22 06:05:17 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.8434581 20160522
AegisLab Troj.Dropper.W32.Dapato.bymz!c 20160521
AhnLab-V3 Trojan/Win32.Zbot 20160521
ALYac Trojan.Generic.8434581 20160522
Antiy-AVL Trojan[Ransom]/Win32.Gimemo 20160522
Arcabit Trojan.Generic.D80B395 20160522
Avast Win32:Cutwail-BM [Trj] 20160522
AVG Downloader.Generic13.ULG 20160522
Avira (no cloud) TR/Spy.ZBot.ajoumea 20160521
AVware Trojan.Win32.Encpk.afnb (v) 20160521
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160520
Baidu-International Trojan.Win32.Injector.AAAO 20160521
BitDefender Trojan.Generic.8434581 20160522
CAT-QuickHeal VirTool.CeeInject.A 20160521
Comodo TrojWare.Win32.Injector.AAJW 20160522
Cyren W32/Buzus.KORQ-0812 20160522
DrWeb Trojan.Packed.23723 20160522
Emsisoft Trojan.Generic.8434581 (B) 20160522
ESET-NOD32 a variant of Win32/Injector.AAAO 20160521
F-Prot W32/Buzus.VQ 20160522
F-Secure Trojan.Generic.8434581 20160522
Fortinet W32/Zbot.AAO!tr 20160522
GData Trojan.Generic.8434581 20160522
Ikarus Trojan.Win32.Inject 20160522
Jiangmin TrojanDownloader.Andromeda.bkl 20160522
K7AntiVirus Trojan ( 0040f2521 ) 20160522
K7GW Trojan ( 0040f2521 ) 20160522
Kaspersky HEUR:Trojan.Win32.Generic 20160522
Kingsoft Win32.Malware.Generic.a.(kcloud) 20160522
Malwarebytes Spyware.Zbot 20160522
McAfee PWS-Zbot.gen.anm 20160522
McAfee-GW-Edition BehavesLike.Win32.ZBot.cc 20160521
Microsoft VirTool:Win32/Injector.gen!DJ 20160522
eScan Trojan.Generic.8434581 20160522
NANO-Antivirus Trojan.Win32.Dapato.bcsrvi 20160522
nProtect Trojan/W32.Agent.121344.BND 20160520
Panda Trj/Ransom.AB 20160521
Qihoo-360 HEUR/Malware.QVM05.Gen 20160522
Sophos AV Mal/EncPk-AFN 20160522
Symantec Packed.Generic.415 20160522
Tencent Win32.Trojan-Dropper.Dapato.cqug 20160522
TheHacker Trojan/Injector.aaao 20160522
TotalDefense Win32/Inject.C!generic 20160522
TrendMicro WORM_CRIDEX.BSS 20160522
TrendMicro-HouseCall WORM_CRIDEX.BSS 20160522
VBA32 TrojanDownloader.Andromeda 20160520
VIPRE Trojan.Win32.Encpk.afnb (v) 20160522
ViRobot Trojan.Win32.Z.Injector.121344.W[h] 20160521
Yandex Trojan.Injector!uel/8Czyw4Y 20160521
Zillya Dropper.Dapato.Win32.14956 20160521
Alibaba 20160520
Bkav 20160521
ClamAV 20160522
CMC 20160520
Rising 20160522
SUPERAntiSpyware 20160521
Zoner 20160522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-10 09:58:36
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetOpenFileNameA
GetSaveFileNameA
GetObjectA
EndPage
DeleteDC
DeleteObject
BitBlt
GetStockObject
CreateBitmap
SetPixel
EndDoc
GetDIBits
SelectObject
CreateDIBSection
CreateCompatibleDC
GetObjectType
HeapReAlloc
HeapFree
GetCurrentProcessId
GetModuleHandleA
HeapCreate
FreeLibrary
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
HeapAlloc
GetCurrentThreadId
GetProcAddress
LoadLibraryA
malloc
fabs
floor
memset
fclose
strcat
free
ceil
_CIexp
strcpy
strlen
memcpy
strncpy
CoInitialize
GetWindowThreadProcessId
GetWindowLongA
GetForegroundWindow
DestroyIcon
EnableWindow
IsWindowVisible
EnumWindows
CallWindowProcA
FillRect
IsWindowEnabled
SetWindowPos
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:12:10 10:58:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17920

LinkerVersion
2.5

FileTypeExtension
exe

InitializedDataSize
103424

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b59e13c6a3c6c1ccd322ba39a7085f08
SHA1 bddbcb99d2cfd4192043edd59eb6ce67ea932abe
SHA256 1784c7cf718ea15331e9a1d8904720a457cf0ed700dd2ad3ac60207c474517a3
ssdeep
3072:mcM7CA7L2+tXLgPHTLx7ApWexJ9b3Bjf5mRe9uiA5A1naC:mbCuZt0vdUWeroReEl6aC

authentihash 5554886949d51d4e9886d83e18f64e918009056dff4cb25cab061b607ef7bc42
imphash 22829e3b3b6e2ec1ad641c4f74a43e1c
File size 118.5 KB ( 121344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-10 15:44:42 UTC ( 5 years, 10 months ago )
Last submission 2016-05-22 06:05:17 UTC ( 2 years, 4 months ago )
File names about.exe
test26150825289327.bin
test55287170211934.bin
aa
smona_1784c7cf718ea15331e9a1d8904720a457cf0ed700dd2ad3ac60207c474517a3.bin
bddbcb99d2cfd4192043edd59eb6ce67ea932abe.exe
1bGiLDU.scr
f02129be6ea1918c769880321de3f1367aa266e9
test1199681643422.bin
wgsdgsdgdsgsd107.exe
readme.exe
wgsdgsdgdsgsd.exe
info.exe
test73040027490851.bin
test.txt
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!