× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a0fefdcf99b38a846eb7375591a8b7fc46b601b947acb75d3df517ff8a36aba
File name: 1
Detection ratio: 33 / 52
Analysis date: 2014-06-04 05:01:58 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Backdoor.Bot.77236 20140604
Yandex TrojanSpy.Zbot!JTfLm4/NJTc 20140602
AhnLab-V3 Trojan/Win32.Zbot 20140603
AntiVir TR/Crypt.ZPACK.Gen9 20140604
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140603
Avast Win32:FakeMail-F [Trj] 20140604
AVG Zbot.IZT 20140604
Baidu-International Trojan.Win32.Zbot.BAAO 20140603
BitDefender Backdoor.Bot.77236 20140604
Bkav W32.HfsIemusi.De22 20140603
Comodo UnclassifiedMalware 20140604
Emsisoft Backdoor.Bot.77236 (B) 20140604
ESET-NOD32 Win32/Spy.Zbot.AAO 20140604
F-Secure Backdoor.Bot.77236 20140604
Fortinet W32/Zbot.AAO!tr 20140604
GData Backdoor.Bot.77236 20140604
Ikarus Backdoor.Win32.Bot 20140604
Jiangmin Backdoor/Clampi.lv 20140531
Kaspersky Trojan-Spy.Win32.Zbot.svpy 20140604
Malwarebytes Spyware.Zbot.ED 20140604
McAfee Artemis!D86B512DC81D 20140604
McAfee-GW-Edition Artemis!D86B512DC81D 20140603
Microsoft PWS:Win32/Zbot 20140604
eScan Backdoor.Bot.77236 20140604
NANO-Antivirus Trojan.Win32.Zbot.cyxney 20140604
nProtect Backdoor.Bot.77236 20140603
Panda Trj/CI.A 20140603
Qihoo-360 HEUR/Malware.QVM20.Gen 20140604
Symantec WS.Reputation.1 20140604
Tencent Win32.Trojan-spy.Zbot.Wrqh 20140604
TrendMicro TROJ_GEN.R0CBC0DEN14 20140604
TrendMicro-HouseCall TROJ_GEN.R0CBC0DEN14 20140604
VBA32 TrojanSpy.Zbot 20140603
AegisLab 20140604
ByteHero 20140604
CAT-QuickHeal 20140604
ClamAV 20140603
CMC 20140604
Commtouch 20140604
DrWeb 20140604
F-Prot 20140604
K7AntiVirus 20140603
K7GW 20140603
Kingsoft 20140604
Norman 20140603
Rising 20140603
Sophos 20140604
SUPERAntiSpyware 20140604
TheHacker 20140602
TotalDefense 20140603
VIPRE 20140604
ViRobot 20140604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Supersoft
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-16 17:06:22
Entry Point 0x08000000
Number of sections 6
PE sections
Number of PE resources by type
RT_RCDATA 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Process default

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
326656

MIMEType
application/octet-stream

TimeStamp
2014:05:16 18:06:22+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:06:04 05:57:13+01:00

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:06:04 05:57:13+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
2048

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x8000000

ObjectFileType
Executable application

File identification
MD5 d86b512dc81d55d3e7718296cb1d1478
SHA1 ce551a5f4133d551b30d704efda2a99448c8de0b
SHA256 2a0fefdcf99b38a846eb7375591a8b7fc46b601b947acb75d3df517ff8a36aba
ssdeep
6144:yme7aoyEr8OGpfwMZnU/wGegSgEI8X5lCWn2OyEZRo6gAQ+:ymeLkwn/wJgSgEbnCO2OyEbDQ+

File size 326.7 KB ( 334496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-18 10:13:16 UTC ( 2 years, 11 months ago )
Last submission 2014-05-18 10:13:16 UTC ( 2 years, 11 months ago )
File names 1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!