× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a17d73bb17e856a0dccda18816f45b826129d1116413ac324b12d8c28e20447
File name: GASRET
Detection ratio: 41 / 52
Analysis date: 2014-05-13 06:50:47 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1591153 20140513
Yandex TrojanSpy.Zbot!J4V5PcBREK4 20140511
AhnLab-V3 Trojan/Win32.Tenagour 20140512
AntiVir TR/Dropper.VB.12344 20140513
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140513
Avast Win32:Zbot-STV [Drp] 20140513
AVG PSW.Generic12.AEOH 20140512
Baidu-International Trojan.Win32.Zbot.aHob 20140512
BitDefender Trojan.GenericKD.1591153 20140513
Bkav HW32.CDB.7289 20140512
ByteHero Virus.Win32.Heur.p 20140513
CAT-QuickHeal TrojanPWS.Zbot.r3 20140513
Comodo UnclassifiedMalware 20140513
DrWeb Trojan.Tenagour.9 20140513
Emsisoft Trojan.GenericKD.1591153 (B) 20140513
ESET-NOD32 a variant of Win32/Injector.AZJG 20140513
F-Secure Trojan.GenericKD.1591153 20140513
Fortinet W32/Zbot.RQZV!tr 20140513
GData Trojan.GenericKD.1591153 20140513
Ikarus Trojan-Spy.Win32.Zbot 20140513
Jiangmin TrojanSpy.Zbot.hbtz 20140513
K7AntiVirus Trojan ( 004961331 ) 20140513
K7GW Trojan ( 004961331 ) 20140509
Kaspersky Trojan-Spy.Win32.Zbot.rqzv 20140513
Kingsoft Win32.Troj.Zbot.rq.(kcloud) 20140513
Malwarebytes Backdoor.Bot 20140513
McAfee RDN/Spybot.bfr!l 20140513
McAfee-GW-Edition RDN/Spybot.bfr!l 20140513
Microsoft PWS:Win32/Zbot 20140513
eScan Trojan.GenericKD.1591153 20140513
Norman ZBot.RVOX 20140513
nProtect Trojan.GenericKD.1591153 20140512
Panda Trj/dtcontx.K 20140512
Qihoo-360 Win32/Trojan.Multi.daf 20140513
Sophos Mal/Generic-S 20140513
Symantec WS.Reputation.1 20140513
TrendMicro TROJ_GEN.F0C2C00C514 20140513
TrendMicro-HouseCall TROJ_GEN.F0C2C00C514 20140513
VBA32 TrojanSpy.Zbot.rqzv 20140512
VIPRE Trojan.Win32.Generic!BT 20140513
Zillya Trojan.Zbot.Win32.149531 20140512
AegisLab 20140513
ClamAV 20140513
CMC 20140512
Commtouch 20140513
F-Prot 20140513
NANO-Antivirus 20140513
Rising 20140507
SUPERAntiSpyware 20140513
TheHacker 20140512
TotalDefense 20140512
ViRobot 20140513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Flash
Product Flash game
Original name GASRET.exe
Internal name GASRET
File version 1.00.0058
Comments Flash game
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-02 06:14:13
Entry Point 0x00001C1C
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
Ord(596)
__vbaAryMove
__vbaObjVar
__vbaCyAdd
__vbaVarAnd
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(617)
__vbaI4Str
__vbaLenBstr
__vbaResume
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaDerefAry1
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
_CIsin
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
__vbaI4Cy
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaVarCmpGt
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(660)
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaCyI2
__vbaCyI4
__vbaEnd
EVENT_SINK_AddRef
__vbaOnError
_adj_fpatan
Ord(712)
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaUI1I4
Ord(526)
_CIsqrt
__vbaVarCopy
Ord(612)
_CIatan
__vbaLateMemCall
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
GetUserNameA
TextOutA
CallWindowProcW
InternetGetLastResponseInfoA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Flash game

InitializedDataSize
12288

ImageVersion
1.0

ProductName
Flash game

FileVersionNumber
1.0.0.58

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
GASRET.exe

MIMEType
application/octet-stream

FileVersion
1.00.0058

TimeStamp
2014:03:02 07:14:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GASRET

FileAccessDate
2014:05:13 07:55:04+01:00

ProductVersion
1.00.0058

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:05:13 07:55:04+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash

CodeSize
77824

FileSubtype
0

ProductVersionNumber
1.0.0.58

EntryPoint
0x1c1c

ObjectFileType
Executable application

File identification
MD5 0565c450c0d43b98b27a6f713b2d28de
SHA1 7916565e9fe677c94e9d8cfb1de243050316ba6f
SHA256 1a17d73bb17e856a0dccda18816f45b826129d1116413ac324b12d8c28e20447
ssdeep
6144:7orfWDOPz8okeO5SFMImaJqUxsfoMVoXW:Eq4z8oq9IvJDmfpz

imphash 1c33b2f5928e1ccb1827424da673f807
File size 231.5 KB ( 237038 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-02 15:19:29 UTC ( 3 years ago )
Last submission 2014-03-04 04:36:14 UTC ( 3 years ago )
File names output.21892502.txt
b0accea6fdfc1454a35781d20bc38327414d5a67
GASRET.exe
7916565e9fe677c94e9d8cfb1de243050316ba6f
auf.exe
GASRET
21892502
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications