× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17da677726162a794bfca22f4f305babd72e37e4ec1290747888bb42896314c2
File name: Current feed year
Detection ratio: 49 / 55
Analysis date: 2016-01-25 04:27:23 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.187605 20160125
AegisLab Troj.W32.Jorik.Zbot.ptd!c 20160122
Yandex Trojan.Zbot!jhTcvFpfw5M 20160124
AhnLab-V3 Trojan/Win32.Zbot 20160124
ALYac Gen:Variant.Kazy.187605 20160125
Antiy-AVL Trojan/Win32.Zbot 20160125
Arcabit Trojan.Kazy.D2DCD5 20160125
Avast Win32:Dropper-gen [Drp] 20160125
AVG Generic33.AXND 20160125
Avira (no cloud) TR/Crypt.ZPACK.Gen8 20160124
AVware Trojan.Win32.Generic!BT 20160111
Baidu-International Trojan.Win32.Zbot.AAO 20160124
BitDefender Gen:Variant.Kazy.187605 20160125
CAT-QuickHeal TrojanPWS.Zbot.r6 20160125
CMC Trojan.Win32.Jorik.Zbot!O 20160111
Comodo UnclassifiedMalware 20160125
Cyren W32/Zbot.NL.gen!Eldorado 20160125
DrWeb Trojan.PWS.Panda.2401 20160125
Emsisoft Gen:Variant.Kazy.187605 (B) 20160125
ESET-NOD32 Win32/Spy.Zbot.AAO 20160125
F-Prot W32/Zbot.NL.gen!Eldorado 20160125
F-Secure Gen:Variant.Kazy.187605 20160123
Fortinet W32/Generic.AC.2367089 20160125
GData Gen:Variant.Kazy.187605 20160125
Ikarus Trojan-PWS.Win32.Zbot 20160125
Jiangmin Trojan/Jorik.hdlj 20160125
K7AntiVirus Backdoor ( 04c53f391 ) 20160124
K7GW Backdoor ( 04c53f391 ) 20160124
Kaspersky HEUR:Trojan.Win32.Generic 20160125
McAfee PWS-Zbot-FBBA!4D32D95613C9 20160125
McAfee-GW-Edition PWS-Zbot-FBBA!4D32D95613C9 20160125
Microsoft PWS:Win32/Zbot.AIT 20160125
eScan Gen:Variant.Kazy.187605 20160125
NANO-Antivirus Trojan.Win32.Jorik.crsvpr 20160125
nProtect Trojan/W32.Jorik.331776.U 20160122
Panda Trj/Genetic.gen 20160124
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20160125
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160124
Sophos Mal/Generic-S 20160124
Symantec Trojan.Gen.X 20160124
Tencent Win32.Trojan-spy.Zbot.Pdwc 20160125
TheHacker Trojan/Spy.Zbot.aao 20160124
TotalDefense Win32/Zbot.ZANO!suspicious 20160125
TrendMicro TROJ_SPNR.0BFR13 20160125
TrendMicro-HouseCall TROJ_SPNR.0BFR13 20160125
VBA32 Trojan.Zbot 20160123
VIPRE Trojan.Win32.Generic!BT 20160125
ViRobot Trojan.Win32.S.Agent.331776.FU[h] 20160125
Zillya Trojan.Jorik.Win32.226374 20160124
Alibaba 20160125
ByteHero 20160125
ClamAV 20160124
Malwarebytes 20160124
SUPERAntiSpyware 20160125
Zoner 20160125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (?) 2005 by Bed side market Weatherstory.

Product Current feed year
Original name followthis.exe
Internal name Current feed year
File version 1.3.775.53
Description Current feed year
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-13 12:02:45
Entry Point 0x0000546A
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetEnvironmentStrings
GetModuleFileNameA
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
IsDebuggerPresent
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
ExitProcess
GetCPInfo
GetStringTypeA
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
CreateProcessA
LCMapStringA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
LocalAlloc
SetLastError
LeaveCriticalSection
ScriptPlace
ScriptStringGetOrder
ScriptShape
ScriptStringOut
ScriptStringCPtoX
ScriptCacheGetHeight
ScriptJustify
ScriptLayout
ScriptGetProperties
ScriptGetCMap
ScriptFreeCache
ScriptItemize
ScriptGetGlyphABCWidth
ScriptGetFontProperties
ScriptCPtoX
ScriptGetLogicalWidths
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree
ScriptStringValidate
ScriptStringXtoCP
ScriptBreak
ScriptIsComplex
ScriptRecordDigitSubstitution
ScriptStringGetLogicalWidths
WSAStartup
WSAAddressToStringA
WSACloseEvent
WSAConnect
WSACleanup
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
Number of PE resources by type
RT_DIALOG 3
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.775.53

LanguageCode
Hebrew

FileFlagsMask
0x0000

FileDescription
Current feed year

CharacterSet
Unicode

InitializedDataSize
921600

EntryPoint
0x546a

OriginalFileName
followthis.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ( ) 2005 by Bed side market Weatherstory.

FileVersion
1.3.775.53

shall
well Gray

TimeStamp
2013:06:13 13:02:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Current feed year

ProductVersion
1.3.775.53

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bed side market

CodeSize
45056

ProductName
Current feed year

ProductVersionNumber
1.3.775.53

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4d32d95613c936a3239176bde3df2f4a
SHA1 b42dbbd11b31203ecca53cc87b8d5af5e271a836
SHA256 17da677726162a794bfca22f4f305babd72e37e4ec1290747888bb42896314c2
ssdeep
6144:XPsibXLDW+/1xC+Jm7jSpNlskKWugvfNlPfA63m1Dfa:fsc3W+DC+ZvfKWTXjf33mV

authentihash 1f70559a8dfdec04128b875a6d8ceb25a425ddc593a85162c06ad8229fd62583
imphash c15777a127783441c4f2a710a0815000
File size 324.0 KB ( 331776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-14 17:16:22 UTC ( 3 years, 9 months ago )
Last submission 2013-06-14 17:16:22 UTC ( 3 years, 9 months ago )
File names Current feed year
followthis.exe
4d32d95613c936a3239176bde3df2f4a.b42dbbd11b31203ecca53cc87b8d5af5e271a836
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests