× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23e7c545684009148d2c13d91b4a5df48288efb00be889c43a3a67499ed5afe7
File name: bot.exe
Detection ratio: 47 / 54
Analysis date: 2014-08-09 08:31:52 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Spy.Zbot.FJB 20140809
Yandex TrojanSpy.Zbot!dSu5tdxEdmw 20140808
AhnLab-V3 Trojan/Win32.Zbot 20140808
AntiVir TR/Spy.ZBot.511005 20140809
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140809
Avast Win32:Zbot-OAM [Trj] 20140807
AVG PSW.Generic8.BFLK 20140809
AVware Trojan.Win32.Generic!BT 20140809
BitDefender Trojan.Spy.Zbot.FJB 20140809
Bkav W32.CleanspyC.Trojan 20140808
CAT-QuickHeal TrojanPWS.Zbot.CP3 20140808
ClamAV Trojan.Spy.Zbot-142 20140809
CMC Trojan-Spy.Win32.Zbot!O 20140809
Commtouch W32/Zbot.BR.gen!Eldorado 20140809
Comodo TrojWare.Win32.Kazy.MKD 20140809
DrWeb Trojan.PWS.Panda.4795 20140809
Emsisoft Trojan.Spy.Zbot.FJB (B) 20140809
ESET-NOD32 Win32/Spy.Zbot.YW 20140809
F-Prot W32/Zbot.BR.gen!Eldorado 20140809
F-Secure Trojan-Spy:W32/Zbot.AVTH 20140809
Fortinet W32/Zbot.AT!tr 20140809
GData Trojan.Spy.Zbot.FJB 20140809
Ikarus Trojan.Spyeye 20140809
Jiangmin TrojanSpy.Zbot.abiz 20140809
K7AntiVirus Riskware ( 0015e4f11 ) 20140808
K7GW Riskware ( 0015e4f11 ) 20140808
Kaspersky Trojan-Spy.Win32.Zbot.biwp 20140809
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20140809
Malwarebytes Spyware.Zbot 20140809
McAfee PWS-Zbot.gen.ds 20140809
Microsoft PWS:Win32/Zbot.gen!CI 20140809
eScan Trojan.Spy.Zbot.FJB 20140809
NANO-Antivirus Trojan.Win32.Zbot.rhehs 20140809
nProtect Trojan-Spy/W32.ZBot.141824.EI 20140808
Panda Trj/Agent.IVN 20140808
Qihoo-360 Malware.QVM20.Gen 20140809
Rising PE:Stealer.Zbot!1.648A 20140808
Sophos AV Troj/PWS-BSF 20140809
SUPERAntiSpyware Trojan.Agent/Gen-Frauder 20140804
Symantec Trojan.Zbot 20140809
TheHacker Trojan/Spy.Zbot.biwp 20140808
TotalDefense Win32/Zbot.FPT 20140808
TrendMicro TSPY_ZBOT.SMIG 20140809
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20140809
VBA32 SScope.Trojan.FakeAV.01110 20140808
VIPRE Trojan.Win32.Generic!BT 20140809
ViRobot Trojan.Win32.A.Zbot.141312.B 20140809
AegisLab 20140809
Baidu-International 20140809
ByteHero 20140809
McAfee-GW-Edition 20140808
Norman 20140809
Tencent 20140809
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-24 11:36:23
Entry Point 0x00016D95
Number of sections 3
PE sections
Overlays
MD5 6523a3b090742188994938c3d93b95a7
File type data
Offset 141312
Size 512
Entropy 7.56
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
WriteFile
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
OpenEventW
GlobalUnlock
Process32NextW
VirtualFree
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
GetTempPathW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
StrStrIA
PathIsDirectoryW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
SHDeleteKeyW
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathIsURLW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
DispatchMessageW
GetCursorPos
ReleaseDC
GetMenu
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
CharToOemW
GetMenuItemID
DrawEdge
GetUserObjectInformationW
GetParent
EqualRect
DefMDIChildProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
GetSystemMetrics
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
GetMessageA
SwitchDesktop
BeginPaint
DefMDIChildProcW
ReleaseCapture
MapVirtualKeyW
DefWindowProcA
GetClipboardData
CharLowerA
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
PostMessageW
GetClassLongW
CreateWindowStationW
SetKeyboardState
CloseWindowStation
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
GetMenuState
GetDC
GetProcessWindowStation
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
SendMessageW
RegisterClassExW
CallWindowProcA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
DefDlgProcW
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpAddRequestHeadersW
HttpSendRequestExA
InternetQueryOptionW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
getpeername
WSAGetLastError
closesocket
send
WSASend
select
listen
WSAEventSelect
WSASetLastError
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
ExifTool file metadata
FileAccessDate
2015:02:15 00:32:17+01:00

FileCreateDate
2015:02:15 00:32:17+01:00

Execution parents
File identification
MD5 392b86e7d4c9f28e98862e39cff6e49b
SHA1 0d9fa9a1c175dcbdae226e38681e1b12cf2c4dfa
SHA256 23e7c545684009148d2c13d91b4a5df48288efb00be889c43a3a67499ed5afe7
ssdeep
3072:qzc1LZQEduEgsW2UPqxUEfqkC0i50/YXiQXT+t/8XIgfUTaXD3kz1QNpe:qzc1L+QHhUPqxUE9QiQwkXhfUThQG

authentihash 3f5f9eda83d0a8eefd805c80f81629ce70e1005dc63d05610dd40dc485746081
imphash f093683b353b2a00aa3c07bc9edf850d
File size 138.5 KB ( 141824 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2014-08-09 08:31:46 UTC ( 3 years, 1 month ago )
Last submission 2016-12-21 12:24:27 UTC ( 9 months ago )
File names file-7413557_exe
ZeuS_binary_392b86e7d4c9f28e98862e39cff6e49b(1).exe
a25d930fae7da43d642bf6a20e7205233e4241a5
bot.exe
ZeuS_binary_392b86e7d4c9f28e98862e39cff6e49b - Copy.exe
ZeuS_binary_392b86e7d4c9f28e98862e39cff6e49b.exe
392b86e7d4c9f28e98862e39cff6e49b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!