× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2aee7c76ca70ffa38a5760561fbb6fd3a3cc59723056459c88749566ed00efe7
File name: b2881fc989209eab1d8e064aa99d07f1
Detection ratio: 11 / 53
Analysis date: 2014-05-31 04:37:36 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir TR/Spy.ZBot.abs.8 20140531
Avast Win32:Malware-gen 20140531
AVG Zbot.JIX 20140530
Bkav HW32.CDB.31b1 20140530
DrWeb Trojan.Siggen6.18183 20140531
ESET-NOD32 Win32/Spy.Zbot.ABS 20140531
Fortinet W32/Yakes.EZIC!tr 20140531
Kaspersky Trojan.Win32.Yakes.ezic 20140531
Qihoo-360 HEUR/Malware.QVM20.Gen 20140531
Sophos AV Mal/Generic-S 20140531
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140531
Ad-Aware 20140531
AegisLab 20140531
Yandex 20140530
AhnLab-V3 20140530
Antiy-AVL 20140530
Baidu-International 20140530
BitDefender 20140531
ByteHero 20140531
CAT-QuickHeal 20140530
ClamAV 20140530
CMC 20140530
Commtouch 20140531
Comodo 20140530
Emsisoft 20140531
F-Prot 20140531
F-Secure 20140531
GData 20140531
Ikarus 20140531
Jiangmin 20140530
K7AntiVirus 20140530
K7GW 20140530
Kingsoft 20140531
Malwarebytes 20140531
McAfee 20140531
McAfee-GW-Edition 20140530
Microsoft 20140531
eScan 20140531
NANO-Antivirus 20140531
Norman 20140530
nProtect 20140530
Panda 20140530
Rising 20140530
SUPERAntiSpyware 20140531
Symantec 20140531
TheHacker 20140531
TotalDefense 20140530
TrendMicro 20140531
TrendMicro-HouseCall 20140531
VBA32 20140530
VIPRE 20140531
ViRobot 20140531
Zillya 20140530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1985 - 2006

Publisher SoftTree Technologies, Inc.
Product sN9c364LVi5
Original name G748Ztc3E.exe
Internal name G748Ztc3E.exe
File version 7.0.7.7
Description fD3SF79s930
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-26 11:11:13
Entry Point 0x000054D0
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegCloseKey
RegCreateKeyW
TextOutW
SetViewportExtEx
CreateDCW
EnumFontsW
SetWindowExtEx
GetObjectW
SelectObject
DeleteObject
GetLastError
QueryPerformanceCounter
IsDebuggerPresent
FlushFileBuffers
GetLocalTime
GetCurrentProcess
UnhandledExceptionFilter
GetDateFormatW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
CompareStringW
SetUnhandledExceptionFilter
GetStartupInfoA
MulDiv
IsProcessorFeaturePresent
FindFirstFileW
GetACP
GlobalLock
GetUserDefaultLCID
FormatMessageW
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LocalUnlock
ShellAboutW
GetSubMenu
MessageBoxW
PeekMessageW
SendMessageW
TranslateAcceleratorW
EndDialog
wsprintfW
TranslateMessage
DialogBoxParamW
GetWindowPlacement
GetFocus
RegisterClassExW
SetDlgItemTextW
PostQuitMessage
ShowWindow
IsIconic
SetActiveWindow
InvalidateRect
OpenPrinterW
MapAndLoad
Number of PE resources by type
RT_STRING 7
RT_ACCELERATOR 2
RT_DIALOG 2
MV9K24Z 1
IXX98YL 1
KIEV303SG 1
RY545Q27 1
A98A05K81 1
BPJTO3H 1
H5NT4 1
AYXIV866 1
SHT8X9 1
UQ794BHLN 1
P5M3MT5MP2 1
RT_VERSION 1
OEBUE 1
R0E026J1 1
C2C75158 1
SD5KF53 1
WJMYDG6XT 1
BZE5Y2A0VP 1
C1E1WI98 1
M25U7D9Y30 1
RB660X46BP 1
I3ZJ5CZKF 1
PSGO5736 1
W9214 1
D297DJ4RX 1
ZO29I246 1
WZ530H 1
Z709OZJ 1
DCS9T85 1
K935M9FL 1
P81E94ULXG 1
Number of PE resources by language
ENGLISH US 41
SPANISH NICARAGUA 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.7.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
1452032

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1985 - 2006

FileVersion
7.0.7.7

TimeStamp
2014:05:26 12:11:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
G748Ztc3E.exe

FileAccessDate
2014:11:10 09:34:32+01:00

ProductVersion
7.0.7.7

FileDescription
fD3SF79s930

OSVersion
5.1

FileCreateDate
2014:11:10 09:34:32+01:00

OriginalFilename
G748Ztc3E.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SoftTree Technologies, Inc.

CodeSize
91648

ProductName
sN9c364LVi5

ProductVersionNumber
7.0.7.7

EntryPoint
0x54d0

ObjectFileType
Executable application

File identification
MD5 b2881fc989209eab1d8e064aa99d07f1
SHA1 ffe2208977aa59865c0621a3f2fc89a659493401
SHA256 2aee7c76ca70ffa38a5760561fbb6fd3a3cc59723056459c88749566ed00efe7
ssdeep
6144:ob+lmyQp5M2t6BXOHHG0xGw79XHi8Ycng/zLQ:sCmbp56BAm0xGw79XianW

authentihash 0546c53a9872a7382c888015d3c91a2810718b015e11de2092dfc1f81b022e6f
imphash 0be6643021136468837163de21c0bf90
File size 219.0 KB ( 224256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-31 04:37:36 UTC ( 4 years, 9 months ago )
Last submission 2014-11-10 08:34:30 UTC ( 4 years, 4 months ago )
File names vti-rescan
G748Ztc3E.exe
b2881fc989209eab1d8e064aa99d07f1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections