× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f68de9ae95f4b0b7efaa03dbe2835acd6dcc8f578e17046882981c747d40aef
File name: d3303914a5dfd3eb5b55113d05f8e93e
Detection ratio: 36 / 57
Analysis date: 2015-05-27 21:54:10 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.142904 20150527
AhnLab-V3 Trojan/Win32.Ransomlock 20150527
ALYac Gen:Variant.Zusy.142904 20150527
Antiy-AVL Trojan/Win32.Inject 20150527
Avast Win32:Rootkit-gen [Rtk] 20150527
AVG Pakes.PHI 20150527
Avira (no cloud) TR/Crypt.Xpack.231589 20150527
AVware Trojan.Win32.Zbot.tr (v) 20150527
BitDefender Gen:Variant.Zusy.142904 20150527
Comodo TrojWare.Win32.Ransom.Teerac.QSR 20150526
Cyren W32/Trojan.LGHA-6187 20150527
DrWeb Trojan.DownLoader13.18364 20150527
Emsisoft Gen:Variant.Zusy.142904 (B) 20150527
ESET-NOD32 a variant of Win32/Injector.CAZN 20150527
F-Prot W32/Trojan3.PTZ 20150527
F-Secure Gen:Variant.Zusy.142904 20150527
Fortinet W32/Injector.CBAT!tr 20150527
GData Gen:Variant.Zusy.142904 20150527
Ikarus Evilware.Outbreak 20150527
Jiangmin Backdoor/Zegost.cyp 20150527
K7AntiVirus Trojan-Downloader ( 004a98c31 ) 20150527
K7GW Trojan-Downloader ( 004a98c31 ) 20150527
Kaspersky Trojan-Spy.Win32.Zbot.kwt 20150527
Malwarebytes Trojan.Agent 20150527
McAfee PWSZbot-FAJM!D3303914A5DF 20150527
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20150527
eScan Gen:Variant.Zusy.142904 20150527
NANO-Antivirus Trojan.Win32.Injector.drxcgd 20150527
Panda Trj/Genetic.gen 20150527
Qihoo-360 Win32/RootKit.Rootkit.7e5 20150527
Sophos AV Mal/Zbot-TV 20150527
Symantec Suspicious.Cloud.5 20150527
Tencent Win32.Trojan.Graftor.Wopc 20150527
TrendMicro TROJ_GEN.R08NC0REM15 20150527
TrendMicro-HouseCall TROJ_GEN.R08NC0REM15 20150527
VIPRE Trojan.Win32.Zbot.tr (v) 20150527
AegisLab 20150527
Yandex 20150525
Alibaba 20150527
Baidu-International 20150527
Bkav 20150527
ByteHero 20150527
CAT-QuickHeal 20150523
ClamAV 20150527
CMC 20150527
Kingsoft 20150527
Microsoft 20150527
Norman 20150527
nProtect 20150527
Rising 20150526
SUPERAntiSpyware 20150527
TheHacker 20150526
TotalDefense 20150527
VBA32 20150526
ViRobot 20150527
Zillya 20150527
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-11 13:11:56
Entry Point 0x00003BC2
Number of sections 4
PE sections
Overlays
MD5 87e964f5cb9f31f74ca0042b99e7c8ee
File type data
Offset 253952
Size 512
Entropy 7.61
PE imports
RegQueryValueExW
SetMapMode
GetBkMode
GetCharWidth32W
SetPixel
Rectangle
StretchDIBits
GetStartupInfoA
GetWindowsDirectoryW
SetCurrentDirectoryW
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetCurrentDirectoryA
GetModuleHandleA
Ord(2023)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(616)
Ord(5677)
Ord(3597)
Ord(354)
Ord(755)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(3317)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4152)
Ord(5214)
Ord(5105)
Ord(5442)
Ord(5301)
Ord(4297)
Ord(4163)
Ord(1979)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(1725)
Ord(517)
Ord(283)
Ord(3869)
Ord(2383)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(2494)
Ord(3403)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(2578)
Ord(5300)
Ord(5284)
Ord(4398)
Ord(6175)
Ord(6216)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(3172)
Ord(2859)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1859)
Ord(6376)
Ord(4246)
Ord(4303)
Ord(2117)
Ord(401)
Ord(1727)
Ord(3402)
Ord(5104)
Ord(5186)
Ord(2725)
Ord(4133)
Ord(4998)
Ord(5472)
Ord(823)
Ord(4436)
Ord(4457)
Ord(800)
Ord(4262)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(6131)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(6052)
Ord(4892)
Ord(4077)
Ord(2086)
Ord(5101)
Ord(6336)
Ord(2391)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(5773)
Ord(3346)
Ord(2446)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(4370)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3663)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(4376)
Ord(2626)
Ord(1776)
Ord(1920)
Ord(3582)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(2411)
Ord(3830)
Ord(2385)
Ord(2884)
Ord(4349)
Ord(2878)
Ord(5012)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(4153)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(4428)
Ord(807)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(4960)
Ord(5102)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(613)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(402)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
_XcptFilter
fabs
__CxxFrameHandler
_acmdln
_ftol
_adjust_fdiv
__p__commode
sqrt
_setmbcp
_exit
exit
__dllonexit
__getmainargs
_initterm
_controlfp
_onexit
rand
__setusermatherr
__set_app_type
RegisterWindowMessageW
EnableWindow
UpdateWindow
FillRect
HideCaret
SendMessageA
GetClientRect
DispatchMessageW
GetClipboardOwner
PostQuitMessage
GetMessageTime
GetDC
InvalidateRect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:05:11 14:11:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
233472

SubsystemVersion
4.0

EntryPoint
0x3bc2

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d3303914a5dfd3eb5b55113d05f8e93e
SHA1 59d6c628a76c05f2f41127000642cffbc9988e07
SHA256 1f68de9ae95f4b0b7efaa03dbe2835acd6dcc8f578e17046882981c747d40aef
ssdeep
3072:NgYc3o7k1T6dlsOxiJLicaciVFS2WhPvpdqvUkP6QsI911Djoa/kKNP+GdnnrM:Nbk12dlSicriVMHbdqv/P1D38XKp+yrM

authentihash 9756d76aca0a3bd01688f4551828c1b8b9a79c98d9882e04626f827b1bcbf60d
imphash 62a85a3164f0ee93d30fe99512f3529d
File size 248.5 KB ( 254464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-27 21:54:10 UTC ( 3 years, 10 months ago )
Last submission 2015-05-27 21:54:10 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.