× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 197cf7430ba75f895f68a3a72cd90ee084ba04e3253d505b4b40aec9f7ec1add
File name: e599fb0e5ac3df238f344adc9cebbd899411dad2
Detection ratio: 33 / 57
Analysis date: 2015-02-17 18:47:25 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.50486 20150217
Yandex TrojanSpy.Zbot!t4Ajy4nOBlY 20150216
ALYac Gen:Variant.Symmi.50486 20150217
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150216
Avast Win32:Trojan-gen 20150217
AVG Zbot.XFX 20150217
Avira (no cloud) TR/Crypt.Xpack.138718 20150217
AVware Trojan.Win32.Generic!BT 20150217
Baidu-International Trojan.Win32.Zbot.aPqK 20150216
BitDefender Gen:Variant.Symmi.50486 20150217
Bkav HW32.Packed.1FA3 20150213
Cyren W32/PWS.IKSQ-5914 20150217
DrWeb Trojan.Siggen6.29424 20150217
Emsisoft Gen:Variant.Symmi.50486 (B) 20150217
ESET-NOD32 Win32/Spy.Zbot.ACB 20150217
F-Secure Gen:Variant.Symmi.50486 20150217
Fortinet W32/Zbot.ACB!tr 20150216
GData Gen:Variant.Symmi.50486 20150217
Jiangmin TrojanSpy.Zbot.hpea 20150216
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150217
K7GW DoS-Trojan ( 201269bc1 ) 20150217
Kaspersky Trojan-Spy.Win32.Zbot.uxdq 20150217
Malwarebytes Trojan.Agent.ED 20150217
McAfee RDN/Generic PWS.y!bc3 20150217
McAfee-GW-Edition BehavesLike.Win32.DownloaderFenomen.dc 20150216
Microsoft PWS:Win32/Zbot.gen!VM 20150217
eScan Gen:Variant.Symmi.50486 20150217
NANO-Antivirus Trojan.Win32.Zbot.dnbtol 20150216
Panda Trj/Genetic.gen 20150216
Sophos AV Mal/Generic-S 20150217
TrendMicro TROJ_GEN.R021C0DBB15 20150217
TrendMicro-HouseCall TROJ_GEN.R021C0DBB15 20150217
VIPRE Trojan.Win32.Generic!BT 20150217
AegisLab 20150217
AhnLab-V3 20150216
Alibaba 20150217
ByteHero 20150217
CAT-QuickHeal 20150217
ClamAV 20150217
CMC 20150214
Comodo 20150217
F-Prot 20150217
Ikarus 20150217
Kingsoft 20150217
Norman 20150216
nProtect 20150216
Qihoo-360 20150217
Rising 20150216
SUPERAntiSpyware 20150215
Symantec 20150217
Tencent 20150217
TheHacker 20150217
TotalDefense 20150216
VBA32 20150216
ViRobot 20150216
Zillya 20150216
Zoner 20150216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-26 12:31:15
Entry Point 0x00017926
Number of sections 4
PE sections
PE imports
FlatSB_GetScrollInfo
FlatSB_ShowScrollBar
PropertySheetA
ImageList_Destroy
FlatSB_SetScrollRange
ImageList_Draw
DestroyPropertySheetPage
Ord(6)
CreateStatusWindowW
ImageList_DragLeave
FlatSB_SetScrollProp
PropertySheetW
Ord(15)
Ord(14)
FlatSB_EnableScrollBar
ImageList_LoadImageA
GetICMProfileA
ScaleViewportExtEx
GetOutlineTextMetricsA
GetSystemPaletteEntries
CreateHalftonePalette
CreateFontA
SetColorSpace
ResizePalette
GetSystemPaletteUse
Arc
FlattenPath
StartDocW
CheckColorsInGamut
GetStartupInfoA
GetEnvironmentStrings
GetModuleHandleA
GetProcessHeaps
TransparentBlt
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
VarBstrFromI1
VarI4FromStr
VarMod
VarDateFromBool
VarRound
SetErrorInfo
SHInvokePrinterCommandW
SHAddToRecentDocs
SHFileOperationW
Ord(179)
SHFreeNameMappings
SHBrowseForFolderA
SHEmptyRecycleBinA
SHGetFileInfoW
DragQueryFileA
Shell_NotifyIconA
FindExecutableW
SHFileOperationA
VkKeyScanExW
DrawAnimatedRects
GetPropW
BeginPaint
CheckRadioButton
KillTimer
GetClipboardOwner
PostQuitMessage
DefWindowProcA
ShowWindow
SendDlgItemMessageA
AppendMenuA
DispatchMessageA
EndPaint
LookupIconIdFromDirectory
CreateDesktopA
TranslateMessage
RegisterClassExA
LoadStringA
SendMessageA
GetClientRect
LoadCursorA
CreateWindowExA
DdeClientTransaction
LoadIconA
GetMenuStringA
CharNextW
DestroyWindow
GetFileVersionInfoSizeA
VerFindFileW
VerInstallFileA
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
CoRegisterPSClsid
CoGetMarshalSizeMax
CoIsHandlerConnected
CreatePointerMoniker
SNB_UserSize
CreateStreamOnHGlobal
OleCreateLink
OleSetContainedObject
HMENU_UserFree
CoFreeLibrary
HGLOBAL_UserUnmarshal
CoRevokeMallocSpy
StgCreatePropSetStg
OleInitialize
PropVariantClear
HBITMAP_UserUnmarshal
STGMEDIUM_UserUnmarshal
CoUnmarshalInterface
OleCreateEmbeddingHelper
HGLOBAL_UserSize
OleSaveToStream
CoFileTimeToDosDateTime
HPALETTE_UserUnmarshal
HWND_UserSize
OleSetMenuDescriptor
CoGetMalloc
OleCreateFromFileEx
HPALETTE_UserMarshal
BindMoniker
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1912832

ImageVersion
0.0

ProductName
rasters searched

FileVersionNumber
222.0.26736.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
readmits

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Unknown (0xd40004)

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2015:01:26 13:31:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
remotest

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
scorer.exe

LegalCopyright
scraped 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Numara Software, Inc.

CodeSize
94208

FileSubtype
0

ProductVersionNumber
93.0.4085.1

Warning
Possibly corrupt Version resource

EntryPoint
0x17926

ObjectFileType
Executable application

File identification
MD5 803988f393def52495476c9510f417b0
SHA1 e599fb0e5ac3df238f344adc9cebbd899411dad2
SHA256 197cf7430ba75f895f68a3a72cd90ee084ba04e3253d505b4b40aec9f7ec1add
ssdeep
6144:7oAqi4oGkwLz9Zsk42G9kqBsvkgedqK/5:sAqiQD3u9hkkgbw5

authentihash 4fa0d4c0eb265cbe87c0dc53b44008d6da3c619b65aff7507ffbc64924df9b46
imphash 76d877761707173116b95fcbdb5b2a0d
File size 244.4 KB ( 250239 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-17 18:47:25 UTC ( 4 years, 1 month ago )
Last submission 2015-02-17 18:47:25 UTC ( 4 years, 1 month ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.