× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 242607643c8ec08aae786f066bd3b7febc68e6e12796bdd9276c48cf8b32ed3a
File name: Xant
Detection ratio: 33 / 50
Analysis date: 2014-06-06 08:46:12 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1698247 20140606
Yandex TrojanSpy.Zbot!YhRzsJfBDVM 20140605
AhnLab-V3 Trojan/Win32.Zbot 20140605
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140606
Avast Win32:Zbot-TXB [Trj] 20140606
AVG Luhe.Fiha.A 20140606
BitDefender Trojan.GenericKD.1698247 20140606
ByteHero Virus.Win32.Heur.p 20140606
CMC Heur.Win32.Veebee.1!O 20140606
DrWeb Trojan.PWS.Panda.7278 20140606
Emsisoft Trojan.GenericKD.1698247 (B) 20140606
ESET-NOD32 a variant of Win32/Injector.BETH 20140606
F-Secure Trojan.GenericKD.1698247 20140606
Fortinet W32/Zbot.SXIR!tr 20140606
GData Trojan.GenericKD.1698247 20140606
Ikarus Trojan-Spy.Zbot 20140606
K7AntiVirus Trojan ( 0049ab871 ) 20140605
K7GW Trojan ( 0049ab871 ) 20140605
Kaspersky HEUR:Trojan.Win32.Generic 20140606
Kingsoft Win32.Troj.Zbot.sx.(kcloud) 20140606
Malwarebytes Spyware.ZeuS 20140606
McAfee RDN/Generic PWS.y!zs 20140606
McAfee-GW-Edition RDN/Generic PWS.y!zs 20140606
Microsoft PWS:Win32/Zbot 20140606
eScan Trojan.GenericKD.1698247 20140606
Norman Troj_Generic.UCZOB 20140606
Panda Generic Malware 20140606
Qihoo-360 HEUR/Malware.QVM18.Gen 20140606
Symantec WS.Reputation.1 20140606
Tencent Win32.Trojan-spy.Zbot.Pgcn 20140606
TrendMicro TROJ_GEN.R0CBC0DES14 20140606
TrendMicro-HouseCall TROJ_GEN.R0CBC0DES14 20140606
VIPRE Trojan.Win32.Generic!BT 20140606
AegisLab 20140606
AntiVir 20140606
Baidu-International 20140606
Bkav 20140604
CAT-QuickHeal 20140606
ClamAV 20140606
Commtouch 20140606
Comodo 20140606
F-Prot 20140606
NANO-Antivirus 20140606
nProtect 20140605
Rising 20140605
Sophos 20140606
SUPERAntiSpyware 20140606
TheHacker 20140606
TotalDefense 20140605
VBA32 20140606
ViRobot 20140606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher The UPX Team http://upx.sf.net
Product Pertinac supersma
Original name Xant.exe
Internal name Xant
File version 7.04.0005
Description Mulm bittie
Signature verification The digital signature of the object did not verify.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-25 20:29:06
Entry Point 0x000F91C0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(651)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
FINNISH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
7.4

FileSubtype
0

FileVersionNumber
7.4.0.5

UninitializedDataSize
761856

LanguageCode
Finnish

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
69632

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
7.04.0005

TimeStamp
2014:05:25 21:29:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Xant

FileAccessDate
2014:06:06 09:50:59+01:00

ProductVersion
7.04.0005

FileDescription
Mulm bittie

OSVersion
4.0

FileCreateDate
2014:06:06 09:50:59+01:00

OriginalFilename
Xant.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The UPX Team http://upx.sf.net

CodeSize
258048

ProductName
Pertinac supersma

ProductVersionNumber
7.4.0.5

EntryPoint
0xf91c0

ObjectFileType
Executable application

File identification
MD5 bf0198e2b5de722c03f7b66aa0d47d12
SHA1 f88ba590199fe2d0f6ccbc7ad37f4365d2d19df9
SHA256 242607643c8ec08aae786f066bd3b7febc68e6e12796bdd9276c48cf8b32ed3a
ssdeep
6144:QJfRjdYWIUNU/mdVa/7yk9nBiNWb056xdPfc1oSXXwMzhSvk8:8Jjdkk6mdVmD9nByW456vPfc1oSP8

imphash 47092391c2cd3e100e05d3a1b20cac3f
File size 326.4 KB ( 334209 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-05-26 04:56:45 UTC ( 2 years, 11 months ago )
Last submission 2014-05-26 04:56:45 UTC ( 2 years, 11 months ago )
File names bf0198e2b5de722c03f7b66aa0d47d12.bin
Xant.exe
Xant
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.