× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29483af38ddec62393a93b51a3af06bfcd3f116074a654bf9ad84a1668f59270
File name: ZeuS_binary_e7c054ea8bc2f66e914ef82841d329fc.exe
Detection ratio: 1 / 56
Analysis date: 2016-03-09 12:16:11 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Sality.nh 20160309
Ad-Aware 20160309
AegisLab 20160309
Yandex 20160308
AhnLab-V3 20160308
Alibaba 20160309
ALYac 20160309
Antiy-AVL 20160309
Arcabit 20160309
Avast 20160309
AVG 20160309
Avira (no cloud) 20160309
AVware 20160309
Baidu 20160225
Baidu-International 20160309
BitDefender 20160309
Bkav 20160309
ByteHero 20160309
CAT-QuickHeal 20160309
ClamAV 20160308
CMC 20160307
Comodo 20160309
Cyren 20160309
DrWeb 20160309
Emsisoft 20160309
ESET-NOD32 20160309
F-Prot 20160309
F-Secure 20160309
Fortinet 20160309
GData 20160309
Ikarus 20160309
Jiangmin 20160309
K7AntiVirus 20160309
K7GW 20160309
Kaspersky 20160309
Malwarebytes 20160309
McAfee 20160309
Microsoft 20160309
eScan 20160309
NANO-Antivirus 20160309
nProtect 20160309
Panda 20160308
Qihoo-360 20160309
Rising 20160309
Sophos AV 20160309
SUPERAntiSpyware 20160309
Symantec 20160308
Tencent 20160309
TheHacker 20160309
TrendMicro 20160309
TrendMicro-HouseCall 20160309
VBA32 20160306
VIPRE 20160309
ViRobot 20160309
Zillya 20160308
Zoner 20160309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-17 11:57:28
Entry Point 0x00002050
Number of sections 3
PE sections
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:17 12:57:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126976

LinkerVersion
6.0

Warning
Error processing PE data dictionary

EntryPoint
0x2050

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
4.52

OSVersion
4.0

UninitializedDataSize
0

Overlay parents
Compressed bundles
File identification
MD5 e7c054ea8bc2f66e914ef82841d329fc
SHA1 2454aa5c9a7fc6e49f5e170939704948ad8128c4
SHA256 29483af38ddec62393a93b51a3af06bfcd3f116074a654bf9ad84a1668f59270
ssdeep
768:vv45kSQmk4VYz3hGNAnNsZnS/IBeUWV/S:4A1R3nin7Bec

authentihash 8de47514626188445db4b661adc31796d964931475dc8b9505cd8f2167b79d45
File size 31.7 KB ( 32511 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
corrupt peexe

VirusTotal metadata
First submission 2016-03-09 12:16:11 UTC ( 1 year, 8 months ago )
Last submission 2017-03-25 12:37:40 UTC ( 7 months, 4 weeks ago )
File names ZeuS.vir.HSvir
ZeuS_binary_e7c054ea8bc2f66e914ef82841d329fc.ex_
ZeuS_binary_e7c054ea8bc2f66e914ef82841d329fc_LOW.exe
ZeuS_binary_e7c054ea8bc2f66e914ef82841d329fc.exe
ax.exe
e94edd57af1f39f6fdacd59629c87ce518d7394667b0a00b1dc67cd7de1ef4fa.exe
Adsdsds.exe
Malware (3).exe
ZeuS_binary_e7c054ea8bc2f66e914ef82841d329fc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!