× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1cdb3b87694e0fff776f67710be52e0bbd4c79815883792d6865cf2fb54f2689
File name: vt-upload-HDBnp
Detection ratio: 29 / 54
Analysis date: 2014-08-26 01:04:54 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.437252 20140825
Yandex TrojanSpy.Zbot!DgCpFbyeQNU 20140825
AhnLab-V3 Trojan/Win32.Ursnif 20140825
AntiVir TR/PSW.Zbot.VM.5 20140826
Antiy-AVL Trojan/Win32.SGeneric 20140825
Avast Win32:Zbot-UKM [Trj] 20140826
AVG Zbot.NBA 20140825
AVware Trojan.Win32.Generic!BT 20140826
BitDefender Gen:Variant.Kazy.437252 20140826
Commtouch W32/PWS.QTJG-7671 20140826
Emsisoft Gen:Variant.Kazy.437252 (B) 20140826
ESET-NOD32 Win32/Spy.Zbot.ACB 20140826
F-Secure Gen:Variant.Kazy.437252 20140825
Fortinet W32/Zbot.ACB!tr 20140826
GData Gen:Variant.Kazy.437252 20140826
Kaspersky Trojan-Spy.Win32.Zbot.twhl 20140826
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140826
Malwarebytes Spyware.Zbot.FWED 20140825
McAfee PWSZbot-FABY!FC8514ED1543 20140826
Microsoft PWS:Win32/Zbot.gen!VM 20140825
eScan Gen:Variant.Kazy.437252 20140826
NANO-Antivirus Trojan.Win32.Zbot.decoui 20140826
Panda Trj/CI.A 20140825
Qihoo-360 HEUR/Malware.QVM20.Gen 20140826
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp[Cont] 20140826
Symantec Suspicious.Cloud.5 20140826
TrendMicro TROJ_GEN.R0CBC0DHN14 20140826
TrendMicro-HouseCall TROJ_GEN.R0CBC0DHN14 20140826
VIPRE Trojan.Win32.Generic!BT 20140826
AegisLab 20140826
Baidu-International 20140825
Bkav 20140821
ByteHero 20140826
CAT-QuickHeal 20140825
ClamAV 20140826
CMC 20140825
Comodo 20140825
DrWeb 20140825
F-Prot 20140825
Ikarus 20140826
Jiangmin 20140825
K7AntiVirus 20140825
K7GW 20140825
McAfee-GW-Edition 20140825
Norman 20140825
nProtect 20140825
Rising 20140825
Sophos AV 20140825
Tencent 20140826
TheHacker 20140822
TotalDefense 20140825
VBA32 20140825
ViRobot 20140826
Zillya 20140825
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher M1crosoft Corporation
Product Windows® Internet Explorer
Original name extexport.exe
Internal name extexport
File version 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Description Internet Explorer ImpExp FF exporter
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-21 14:22:23
Entry Point 0x00003290
Number of sections 4
PE sections
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
File identification
MD5 fc8514ed154375c1a56afc77ad0ad9bc
SHA1 87b6d992e2fbdeb7d5c84f2f9b4de96c13c620eb
SHA256 1cdb3b87694e0fff776f67710be52e0bbd4c79815883792d6865cf2fb54f2689
ssdeep
6144:ryWCUn5Uh+GOOyvjYvAVf87HExUOpyuCMJIHod8i0Q:rrCWGIGOT7V0zExJyLTH+Q

imphash c2e5fd8e59de052c6b9e322e3acad8e1
File size 273.5 KB ( 280064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-26 01:04:54 UTC ( 4 years, 6 months ago )
Last submission 2014-08-26 01:04:54 UTC ( 4 years, 6 months ago )
File names extexport.exe
extexport
vt-upload-HDBnp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.