× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1bd5f61cffd61a7c2692ee4945ee4b18c598007a25aef1978253d3b02976b7f1
File name: 1bd5f61cffd61a7c2692ee4945ee4b18c598007a25aef1978253d3b02976b7f1.bin
Detection ratio: 64 / 72
Analysis date: 2019-01-21 09:49:14 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Gen:Variant.Kazy.80167 20190121
AhnLab-V3 Spyware/Win32.Zbot.R30584 20190121
ALYac Gen:Variant.Kazy.80167 20190121
Antiy-AVL Trojan[Spy]/Win32.Zbot 20190121
Arcabit Trojan.Kazy.D13927 20190121
Avast Win32:Karagany 20190121
AVG Win32:Karagany 20190121
Avira (no cloud) TR/Crypt.XPACK.Gen 20190121
AVware Trojan.Win32.Reveton.a (v) 20180925
Baidu Win32.Trojan.Kryptik.gg 20190121
BitDefender Gen:Variant.Kazy.80167 20190121
Bkav W32.Runios.Trojan 20190121
CAT-QuickHeal Trojan.Boaxxe.E 20190121
ClamAV Win.Trojan.Zbot-64730 20190121
CMC Trojan-Spy.Win32.Zbot!O 20190120
Comodo TrojWare.Win32.Kryptik.AHUG@4piebd 20190121
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181023
Cybereason malicious.f68f7a 20190109
Cylance Unsafe 20190121
Cyren W32/Zbot.FL.gen!Eldorado 20190121
DrWeb Trojan.PWS.Panda.2363 20190121
eGambit Unsafe.AI_Score_96% 20190121
Emsisoft Gen:Variant.Kazy.80167 (B) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Spy.Zbot.AAN 20190121
F-Prot W32/Zbot.FL.gen!Eldorado 20190121
F-Secure Trojan-Spy:W32/Zbot.BBGJ 20190121
Fortinet W32/Kryptik.WDV!tr 20190121
GData Gen:Variant.Kazy.80167 20190121
Ikarus Trojan-Spy.Win32.Zbot 20190120
Sophos ML heuristic 20181128
Jiangmin TrojanSpy.Zbot.buba 20190121
K7AntiVirus Spyware ( 0040ae601 ) 20190121
K7GW Spyware ( 0040ae601 ) 20190121
Kaspersky Trojan-Spy.Win32.Zbot.ecvg 20190121
Kingsoft Win32.Troj.Zbot.(kcloud) 20190121
Malwarebytes Spyware.Zbot.DG 20190121
MAX malware (ai score=100) 20190121
McAfee PWS-Zbot.gen.uh 20190121
McAfee-GW-Edition PWS-Zbot.gen.uh 20190121
Microsoft PWS:Win32/Zbot 20190121
eScan Gen:Variant.Kazy.80167 20190121
NANO-Antivirus Trojan.Win32.Crypted.txyoo 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Panda Bck/Qbot.AO 20190120
Qihoo-360 Malware.Radar01.Gen 20190121
Rising Trojan.Zbot!1.6487 (CLOUD) 20190121
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Troj/Zbot-DHN 20190121
SUPERAntiSpyware Trojan.Agent/Gen-Spy 20190116
Symantec Packed.Generic.459 20190121
TACHYON Trojan-Spy/W32.ZBot.387232 20190121
Tencent Win32.Trojan-Spy.Zbot.swl 20190121
TheHacker Trojan/Spy.Zbot.aan 20190118
TotalDefense Win32/Zbot.AK!generic 20190121
Trapmine malicious.high.ml.score 20190103
TrendMicro TSPY_ZBOT.SMIO 20190121
TrendMicro-HouseCall TSPY_ZBOT.SMIO 20190121
VBA32 Trojan.Kript.6705 20190121
Webroot W32.Trojan.Gen 20190121
Yandex TrojanSpy.Zbot!9UjyKExZ96M 20190120
Zillya Trojan.Zbot.Win32.64614 20190118
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.ecvg 20190121
AegisLab 20190121
Alibaba 20180921
Avast-Mobile 20190121
Babable 20180918
Trustlook 20190121
VIPRE 20190119
ViRobot 20190121
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 10:49 AM 1/21/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-05 16:23:05
Entry Point 0x00001260
Number of sections 8
PE sections
Overlays
MD5 1ae642ff466825db73e48fadfc550c81
File type data
Offset 385024
Size 2208
Entropy 6.63
PE imports
RegCloseKey
GetWindowsDirectoryW
VirtualAllocEx
LoadLibraryA
CreateFileW
CloseHandle
lstrcatW
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:05 18:23:05+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1260

InitializedDataSize
331776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 31cf2ccf68f7a1619557b4419df695a7
SHA1 f88a9ddf11fa6a897c555ce9116dba931fde22c5
SHA256 1bd5f61cffd61a7c2692ee4945ee4b18c598007a25aef1978253d3b02976b7f1
ssdeep
6144:whoqGOLIKm+y+g6/RBn3ttNRTsj+MGEciws6Xk:whzGOLrm+g6/RPtnTs4JXk

authentihash 1697f93cfe19ec5a1aee2fdecc2f61230cbd4889d8dd7cf53117a5d44841c8a2
imphash 9ddd94444ea7156217169d9ad049369b
File size 378.2 KB ( 387232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-07-05 16:47:02 UTC ( 6 years, 7 months ago )
Last submission 2019-01-21 09:49:14 UTC ( 1 month ago )
File names 51o0c6lIb.exe
aa
1bd5f61cffd61a7c2692ee4945ee4b18c598007a25aef1978253d3b02976b7f1.bin
31CF2CCF68F7A1619557B4419DF695A7
31cf2ccf68f7a1619557b4419df695a7
1bd5f61cffd61a7c2692ee4945ee4b18c598007a25aef1978253d3b02976b7f1.vir
VerO.dotx
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs