× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1c5320c0280f7773bac7852d47247d6c68c3bdad719fa3154b88f8dfdc49db94
File name: b81c82cbb87823ebfca6dd84476cc744.exe
Detection ratio: 39 / 42
Analysis date: 2011-05-05 10:02:52 UTC ( 7 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20110504
AntiVir TR/Kryptik.R.5 20110505
Antiy-AVL Backdoor/Win32.IRCNite.gen 20110505
Avast Win32:Spyware-gen 20110505
Avast5 Win32:Spyware-gen 20110505
AVG Agent2.BHBB 20110505
BitDefender Trojan.Generic.4667918 20110505
CAT-QuickHeal TrojanPWS.Zbot.y 20110504
ClamAV Trojan.Spy.Zbot-440 20110505
Commtouch W32/Zbot.BC.gen!Eldorado 20110505
Comodo UnclassifiedMalware 20110505
DrWeb Trojan.PWS.Panda.387 20110505
Emsisoft Worm.Win32.Ramnit!IK 20110505
eTrust-Vet Win32/Zbot.M!generic 20110505
F-Prot W32/Zbot.BC.gen!Eldorado 20110505
F-Secure Trojan.Generic.4667918 20110505
Fortinet W32/Kryptik.GM!tr 20110505
GData Trojan.Generic.4667918 20110505
Ikarus Worm.Win32.Ramnit 20110505
Jiangmin Backdoor/IRCNite.ms 20110503
K7AntiVirus Riskware 20110504
Kaspersky Trojan-Spy.Win32.Zbot.ayvo 20110505
McAfee Artemis!B81C82CBB878 20110505
McAfee-GW-Edition Artemis!B81C82CBB878 20110505
Microsoft PWS:Win32/Zbot.gen!Y 20110505
NOD32 Win32/Spy.Zbot.ZR 20110505
Norman W32/Suspicious_Gen2.BYBXD 20110505
Panda Generic Trojan 20110504
PCTools Trojan.Zbot 20110504
Prevx Medium Risk Malware 20110505
Rising Trojan.Win32.Generic.123F6A7A 20110505
Sophos AV Troj/ZBot-XZ 20110505
Symantec Trojan.Zbot 20110505
TheHacker Trojan/Spy.Zbot.zr 20110505
TrendMicro TROJ_ZBOT.CBE 20110505
TrendMicro-HouseCall TROJ_ZBOT.CBE 20110505
VBA32 TrojanSpy.Zbot.zr 20110505
VIPRE Packed.Win32.Zbot.gen.y.5 (v) 20110504
VirusBuster Trojan.Kryptik!2DQpeH8AwJA 20110504
eSafe 20110504
SUPERAntiSpyware 20110505
ViRobot 20110505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
1996-2007

Publisher xkpeixbrtdevnemndos
File version 16.102.77.124
Description qlbdrsrlgvitm
Comments dowdytndnjedk
PE header basic information
Number of sections 3
PE sections
PE imports
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ImageList_Draw
CoInitialize
DragQueryFileA
VerQueryValueA
ExifTool file metadata
Web
ugwgmsoqshqdjcemsfq

Author
mmnsfjkyqkhpbsjyaf

SubsystemVersion
4.0

Comments
dowdytndnjedk

InitializedDataSize
4096

ImageVersion
10.1

FileVersionNumber
16.102.77.124

UninitializedDataSize
270336

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.1

MIMEType
application/octet-stream

LegalCopyright
1996-2007

FileVersion
16.102.77.124

TimeStamp
2004:04:24 06:34:20+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
rcdfskmkipbvwlc

FileDescription
qlbdrsrlgvitm

OSVersion
8.4

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
xkpeixbrtdevnemndos

CodeSize
139264

FileSubtype
0

ProductVersionNumber
16.102.77.124

EntryPoint
0x64b50

ObjectFileType
Executable application

File identification
MD5 b81c82cbb87823ebfca6dd84476cc744
SHA1 082234cc5da581101aef2c1b6078bf9ebe3994c3
SHA256 1c5320c0280f7773bac7852d47247d6c68c3bdad719fa3154b88f8dfdc49db94
ssdeep
3072:934a/KTIWEoxlMCjVE/4ZoMvGPZ1fJMzBWUz3DvtvR7Bs:93FKTIUxmCjVjuMGB1fqtRz3D1p7Bs

File size 138.0 KB ( 141312 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
upx

VirusTotal metadata
First submission 2010-08-26 22:16:05 UTC ( 8 years, 1 month ago )
Last submission 2011-05-05 10:02:52 UTC ( 7 years, 5 months ago )
File names 5ItQLmpVeR.caj
aa
b81c82cbb87823ebfca6dd84476cc744.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!