× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2714d2cf30baa0bc06562e29b8e2b65f8520815753cf776feaf10e9621f875ce
File name: cb3b69fbd779645f99ebdb70dd8ceeb1
Detection ratio: 29 / 57
Analysis date: 2015-02-03 06:03:29 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.76323 20150203
ALYac Gen:Variant.Strictor.76323 20150203
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150203
Avast Win32:Malware-gen 20150203
AVG Win32/Cryptor 20150202
Avira (no cloud) TR/Crypt.Xpack.129492 20150203
AVware Trojan.Win32.Generic!BT 20150203
BitDefender Gen:Variant.Strictor.76323 20150203
Bkav HW32.Packed.D012 20150202
Emsisoft Gen:Variant.Strictor.76323 (B) 20150203
ESET-NOD32 Win32/Spy.Zbot.ACB 20150203
F-Secure Gen:Variant.Strictor.76323 20150203
Fortinet W32/Zbot.ACB!tr.spy 20150203
GData Gen:Variant.Strictor.76323 20150203
K7AntiVirus DoS-Trojan ( 200d246c1 ) 20150202
K7GW DoS-Trojan ( 200d246c1 ) 20150203
Kaspersky Trojan-Spy.Win32.Zbot.uxaj 20150203
Malwarebytes Trojan.Agent.ED 20150203
McAfee Artemis!CB3B69FBD779 20150203
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20150203
Microsoft PWS:Win32/Zbot.gen!VM 20150203
eScan Gen:Variant.Strictor.76323 20150203
NANO-Antivirus Trojan.Win32.Zbot.dmyhzq 20150203
Panda Trj/Chgt.O 20150202
Sophos AV Mal/Generic-S 20150203
Symantec Trojan.Gen 20150203
TrendMicro TROJ_FORUCON.BMC 20150203
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150203
VIPRE Trojan.Win32.Generic!BT 20150203
AegisLab 20150203
Yandex 20150202
AhnLab-V3 20150202
Alibaba 20150202
Baidu-International 20150202
ByteHero 20150203
CAT-QuickHeal 20150203
ClamAV 20150203
CMC 20150202
Comodo 20150203
Cyren 20150203
DrWeb 20150203
F-Prot 20150203
Ikarus 20150203
Jiangmin 20150202
Kingsoft 20150203
Norman 20150202
nProtect 20150130
Qihoo-360 20150203
Rising 20150202
SUPERAntiSpyware 20150203
Tencent 20150203
TheHacker 20150203
TotalDefense 20150203
VBA32 20150202
ViRobot 20150203
Zillya 20150202
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-25 13:27:00
Entry Point 0x00015F76
Number of sections 4
PE sections
Overlays
MD5 cc3cb117fb556ef067dbe32d545e80f1
File type data
Offset 110592
Size 137676
Entropy 7.99
PE imports
GetClusterNodeKey
ClusterGroupControl
DeleteClusterResource
GetClusterResourceKey
ClusterResourceControl
GetClusterNetworkState
ClusterResourceOpenEnum
GetClusterNetInterfaceKey
GetClusterNodeState
ClusterCloseEnum
SetDIBits
UpdateICMRegKeyA
ImageRvaToVa
ImagehlpApiVersionEx
ImageDirectoryEntryToData
SymGetLineFromName
CallNamedPipeW
GlobalGetAtomNameW
GetStdHandle
FileTimeToDosDateTime
GetPrivateProfileStructA
FillConsoleOutputCharacterA
Beep
DefineDosDeviceA
DeleteFileA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetProcessHeaps
GetCPInfoExA
EnumCalendarInfoW
GetTapePosition
GetThreadContext
EraseTape
GetModuleHandleA
GetProfileIntW
Thread32Next
GetBinaryTypeA
EscapeCommFunction
GetFullPathNameA
HeapLock
FreeLibraryAndExitThread
GlobalHandle
GetDiskFreeSpaceExW
FormatMessageA
GetFullPathNameW
WNetOpenEnumA
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
__p__commode
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__set_app_type
Ord(603)
AccessibleObjectFromPoint
VarDecAbs
VarI2FromR8
VarUI2FromUI1
ResUtilEnumResources
ResUtilGetBinaryProperty
ResUtilSetMultiSzValue
SetupQueueDeleteA
SetupDiClassNameFromGuidExA
SetupQueueRenameW
SetupFindFirstLineW
SetupDiInstallDriverFiles
SetupDiGetDeviceRegistryPropertyA
SetupPromptForDiskW
SetupRemoveFromDiskSpaceListW
SetupCreateDiskSpaceListA
SetupInstallFileExW
SetupCommitFileQueueA
SetupGetTargetPathA
SetupQueueRenameSectionA
SetupDiOpenClassRegKey
SetupRemoveFromSourceListA
SetupDiClassNameFromGuidA
SetupDecompressOrCopyFileA
SetupFreeSourceListA
SetupAdjustDiskSpaceListW
SHGetFileInfoA
DragQueryFileW
PathBuildRootW
StrSpnW
PathCompactPathA
CreateWindowExA
LoadCursorA
LoadIconA
PostQuitMessage
LoadStringA
DispatchMessageA
GetMenuItemCount
UpdateWindow
EndPaint
SendMessageA
GetClientRect
BeginPaint
RegisterClassExA
TranslateMessage
DefWindowProcA
ShowWindow
NotifyWinEvent
DestroyWindow
InternetCheckConnectionW
InternetGetCookieA
InternetCloseHandle
InternetTimeFromSystemTime
EnumPrintProcessorDatatypesA
EnumPrintersA
AdvancedDocumentPropertiesA
AddPrinterDriverExW
ScheduleJob
ConnectToPrinterDlg
DeletePrintProcessorW
DeletePrinterKeyW
DeletePrinterDriverW
GetPrinterDataW
GetJobA
GetPrintProcessorDirectoryW
GetSaveFileNameW
StgCreateStorageEx
CoTaskMemAlloc
FreePropVariantArray
STGMEDIUM_UserMarshal
CoDosDateTimeToFileTime
CoCreateFreeThreadedMarshaler
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
249.0.32321.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
migrating

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
622592

EntryPoint
0x15f76

OriginalFileName
keypads.exe

MIMEType
application/octet-stream

LegalCopyright
pontifical 2015

FileVersion
1, 0, 0, 1

TimeStamp
2015:01:25 14:27:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jests

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0xfd0004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
90112

ProductName
leathers pranced

ProductVersionNumber
232.0.25523.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cb3b69fbd779645f99ebdb70dd8ceeb1
SHA1 22b8cbba3ff5f6a0d1776320fd5d34e9f10feadf
SHA256 2714d2cf30baa0bc06562e29b8e2b65f8520815753cf776feaf10e9621f875ce
ssdeep
6144:NWNd1N/t0T2DZcRIUT3z/5S7xOwcUCar4:NWN9l0TfRLX/5S7x2UP4

authentihash 1c9e6fbeab797c3c5087e2bbf12531a7a0f5823bab9614eba305babf7b8b4e61
imphash 3fff62071cdf706a3b8d48eff304078b
File size 242.4 KB ( 248268 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-03 06:03:29 UTC ( 4 years, 1 month ago )
Last submission 2018-09-24 19:15:10 UTC ( 5 months, 4 weeks ago )
File names SAMPLE
cb3b69fbd779645f99ebdb70dd8ceeb1
cb3b69fbd779645f99ebdb70dd8ceeb1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.