× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1dc848df1d294af28459e4c224e78361114bec79ae48564b27724b0613407e65
File name: gcd55d.exe
Detection ratio: 6 / 43
Analysis date: 2010-09-27 20:10:36 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Spy.ZBot.FX 20100927
DrWeb Trojan.PWS.Panda.387 20100927
Emsisoft Trojan-Spy.Win32.Zbot!IK 20100927
Ikarus Trojan-Spy.Win32.Zbot 20100927
PCTools Trojan.Zbot 20100927
TrendMicro PAK_Generic.001 20100927
AVG 20100927
AhnLab-V3 20100927
Antiy-AVL 20100927
Authentium 20100927
Avast 20100927
Avast5 20100927
BitDefender 20100927
CAT-QuickHeal 20100927
ClamAV 20100927
Comodo 20100927
F-Prot 20100927
F-Secure 20100927
Fortinet 20100926
GData 20100927
Jiangmin 20100927
K7AntiVirus 20100927
Kaspersky 20100927
McAfee 20100927
McAfee-GW-Edition 20100927
Microsoft 20100927
NOD32 20100927
Norman 20100927
Panda 20100927
Prevx 20100927
Rising 20100927
SUPERAntiSpyware 20100927
Sophos 20100927
Sunbelt 20100927
Symantec 20100927
TheHacker 20100927
TrendMicro-HouseCall 20100927
VBA32 20100927
ViRobot 20100927
VirusBuster 20100927
eSafe 20100926
eTrust-Vet 20100927
nProtect 20100927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-01 22:36:01
Entry Point 0x00065360
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ImageList_Draw
PrintDlgA
CoInitialize
VerQueryValueA
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
RUSSIAN 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:06:01 23:36:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
9.4

EntryPoint
0x65360

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
7.2

UninitializedDataSize
274432

File identification
MD5 4f56196d437be7e1bfecefb92b83872d
SHA1 f1c57aedc98c8cb791b4fbe3a78d658929e94e25
SHA256 1dc848df1d294af28459e4c224e78361114bec79ae48564b27724b0613407e65
ssdeep
3072:46Ykake6BwlQVfe3xsX6kkC/qw/CV5wuFw++qBm/dGD9banBztVmA:Ok+exW2xyTVGu2J+an9mA

File size 135.5 KB ( 138752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-09-27 13:32:54 UTC ( 3 years, 7 months ago )
Last submission 2014-01-19 15:35:52 UTC ( 3 months ago )
File names smona130674322356912498786
zeusbin_4f56196d437be7e1bfecefb92b83872d.ex0
flash_player_07.78.exe-P3NNNe
4f56196d437be7e1bfecefb92b83872d.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!