× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c406eb10d913df3baa207ac0be19e8ffc381d08b84071fd72737f44451b008a
File name: pdf2.exe
Detection ratio: 21 / 55
Analysis date: 2015-07-31 07:40:16 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2605652 20150731
Arcabit Trojan.Generic.D27C254 20150731
Avast Win32:Dropper-gen [Drp] 20150731
Avira (no cloud) TR/Crypt.ZPACK.15684 20150730
BitDefender Trojan.GenericKD.2605652 20150731
DrWeb Trojan.PWS.Panda.8839 20150731
Emsisoft Trojan.GenericKD.2605652 (B) 20150731
ESET-NOD32 a variant of Generik.FERHMMS 20150731
F-Secure Trojan.GenericKD.2605652 20150731
GData Trojan.GenericKD.2605652 20150731
K7AntiVirus Spyware ( 004c3acc1 ) 20150731
Kaspersky Trojan-Spy.Win32.Zbot.vtpa 20150731
Malwarebytes Trojan.Spy.Zbot 20150731
McAfee Trojan-FGWM!50220851AC85 20150731
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20150730
Microsoft PWS:Win32/Zbot 20150731
eScan Trojan.GenericKD.2605652 20150731
Panda Trj/downloader.WNY 20150730
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150731
Rising PE:Malware.Obscure/Heur!1.9E03 20150728
Sophos Mal/Inject-FW 20150731
AegisLab 20150731
Yandex 20150730
AhnLab-V3 20150731
Alibaba 20150731
ALYac 20150731
Antiy-AVL 20150731
AVG 20150731
AVware 20150731
Baidu-International 20150731
Bkav 20150731
ByteHero 20150731
CAT-QuickHeal 20150731
ClamAV 20150731
Comodo 20150731
Cyren 20150731
F-Prot 20150731
Fortinet 20150731
Ikarus 20150731
Jiangmin 20150730
K7GW 20150730
Kingsoft 20150731
NANO-Antivirus 20150731
nProtect 20150730
SUPERAntiSpyware 20150730
Symantec 20150731
Tencent 20150731
TheHacker 20150731
TrendMicro 20150731
TrendMicro-HouseCall 20150731
VBA32 20150730
VIPRE 20150731
ViRobot 20150731
Zillya 20150731
Zoner 20150731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-29 17:56:19
Entry Point 0x00001270
Number of sections 4
PE sections
Overlays
MD5 1688c817972fa522f0f08a41c97e8f67
File type data
Offset 68096
Size 236752
Entropy 8.00
PE imports
GetFileTitleA
CreateProcessA
FindVolumeClose
GetExitCodeProcess
HeapAlloc
GetMailslotInfo
GetProcessHeap
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:29 18:56:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
62464

LinkerVersion
10.0

EntryPoint
0x1270

InitializedDataSize
4608

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 50220851ac85a9422c35966b433c203b
SHA1 d54238b19bb1dad0502a78af95bd76d1d12ee77e
SHA256 2c406eb10d913df3baa207ac0be19e8ffc381d08b84071fd72737f44451b008a
ssdeep
6144:Z1AqF7xgpgfAUPFMXBYnq5cX3pTXZjeuPn4Ev6up80D1kkPEE6rqVgLf5L:ZKqFmkAmFMXB+YcHLJPnlFpFJZQPxL

authentihash 90039c0baed768a8dcf6b7f6c9d97456487050c2faa59cbfdd7b09f2de4ac1f2
imphash f3adb95e83ca1d0eecb2836cc93ff2e0
File size 297.7 KB ( 304848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-30 10:31:24 UTC ( 1 year, 7 months ago )
Last submission 2017-01-09 04:47:56 UTC ( 2 months, 1 week ago )
File names 50220851AC85A9422C35966B433C203B
ZeuS.vir.HSvir
pdf2.exe
pdf.exe
04.exe
01.exe
ZeuS_binary_50220851ac85a9422c35966b433c203b.exe
ZeuS_binary_50220851ac85a9422c35966b433c203b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs