× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c6fd4f12f6ac629c462e9a8463372df0cd4d6e95d14488c02b0e3da8cfdb96a
File name: bot.ex
Detection ratio: 48 / 53
Analysis date: 2014-05-25 01:42:07 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3248253 20140525
Yandex TrojanSpy.Zbot!ndZWTz9TgQI 20140524
AhnLab-V3 Win-Trojan/Zbot.88576 20140524
AntiVir TR/Crypt.ZPACK.Gen 20140524
Avast Win32:Zbot-MYU [Trj] 20140525
AVG Win32/DH.FF8402A2{NHkefRMPA2cJgRM} 20140525
Baidu-International Trojan.Win32.Zbot.aJk 20140524
BitDefender Trojan.Generic.3248253 20140525
Bkav W32.Clod93a.Trojan.f54d 20140523
ClamAV Trojan.Spy.Zbot-435 20140524
CMC Packed.Win32.Katusha.3!O 20140523
Commtouch W32/Zbot.V.gen!Eldorado 20140525
Comodo TrojWare.Win32.Spy.Zbot.AAJ 20140524
DrWeb Trojan.PWS.Panda.171 20140525
Emsisoft Trojan.Generic.3248253 (B) 20140525
ESET-NOD32 Win32/Spy.Zbot.UN 20140524
F-Prot W32/Zbot.V.gen!Eldorado 20140524
F-Secure Trojan.Generic.3248253 20140524
Fortinet W32/Zbot.gen!tr 20140525
GData Trojan.Generic.3248253 20140525
Ikarus Trojan-Spy.Win32.Zbot 20140524
Jiangmin TrojanSpy.Zbot.bbc 20140524
K7AntiVirus Trojan ( 0001140e1 ) 20140523
K7GW Trojan ( 0001140e1 ) 20140523
Kaspersky Trojan-Spy.Win32.Zbot.gen 20140524
Kingsoft Win32.Troj.Generic.(kcloud) 20140525
Malwarebytes Spyware.Zbot 20140524
McAfee PWS-Zbot.gen.dl 20140525
McAfee-GW-Edition PWS-Zbot.gen.dl 20140525
Microsoft PWS:Win32/Zbot.gen!R 20140525
eScan Trojan.Generic.3248253 20140525
NANO-Antivirus Trojan.Win32.Zbot.obwq 20140525
Norman ZBot.QSZ 20140524
nProtect Trojan-Spy/W32.ZBot.88576.BO 20140523
Panda Trj/Sinowal.XGV 20140524
Qihoo-360 Win32/Trojan.Spy.056 20140525
Rising PE:Trojan.Win32.Generic.11E770E6!300380390 20140524
Sophos AV Mal/Behav-353 20140525
Symantec Packed.Generic.232 20140525
Tencent Win32.Trojan-spy.Zbot.Wnck 20140525
TheHacker Trojan/Spy.Zbot.gen 20140523
TotalDefense Win32/Zbot.AJK 20140524
TrendMicro TSPY_ZBOT.SMO 20140525
TrendMicro-HouseCall TSPY_ZBOT.SMO 20140525
VBA32 BScope.Malware-Cryptor.Win32.Vals.21 20140523
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20140525
ViRobot Spyware.Zbot.88576.U 20140524
Zillya Trojan.Zbot.Win32.17298 20140524
AegisLab 20140525
Antiy-AVL 20140525
ByteHero 20140525
CAT-QuickHeal 20140524
SUPERAntiSpyware 20140524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-18 01:34:14
Entry Point 0x00010B39
Number of sections 3
PE sections
PE imports
LookupSecurityDescriptorPartsA
ObjectOpenAuditAlarmA
CryptHashSessionKey
RegisterEventSourceA
CryptDuplicateKey
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
SetServiceBits
DeregisterEventSource
GetUserNameA
BuildSecurityDescriptorW
GetMultipleTrusteeW
GetServiceDisplayNameA
RegCreateKeyExW
GetSidLengthRequired
AdjustTokenGroups
AddAccessDeniedAce
RegSetValueA
OpenServiceW
LookupPrivilegeValueW
RegCreateKeyExA
CryptImportKey
SetSecurityDescriptorDacl
CloseServiceHandle
GetFileSecurityW
AddAccessAllowedAce
AreAnyAccessesGranted
GetOldestEventLogRecord
GetFileSecurityA
ClearEventLogA
SetEntriesInAclA
PrivilegedServiceAuditAlarmW
ChangeServiceConfigA
RegQueryMultipleValuesA
NotifyBootConfigStatus
CryptVerifySignatureW
GetNamedSecurityInfoExA
GetMultipleTrusteeOperationA
GetOverlappedAccessResults
CryptVerifySignatureA
ObjectDeleteAuditAlarmA
CreateProcessAsUserW
GetNamedSecurityInfoExW
ReadEventLogA
LogonUserW
RegSetValueExW
CryptExportKey
RegSetValueExA
EqualSid
ConvertSecurityDescriptorToAccessW
SetThreadToken
GetServiceKeyNameW
CryptDestroyKey
SetNamedSecurityInfoExW
RegCloseKey
OpenBackupEventLogW
GetSecurityInfoExA
DeleteService
GetTrusteeTypeW
CreateServiceA
GetTrusteeTypeA
SetFileSecurityA
CancelOverlappedAccess
BuildTrusteeWithNameW
CryptReleaseContext
IsValidSid
GetSidIdentifierAuthority
GetPrivateObjectSecurity
CryptAcquireContextW
InitiateSystemShutdownW
CryptGetProvParam
NotifyChangeEventLog
ConvertSecurityDescriptorToAccessNamedA
RegSaveKeyA
FreeSid
MakeSelfRelativeSD
StartServiceA
RegEnumValueA
ObjectOpenAuditAlarmW
CryptSignHashA
DestroyPrivateObjectSecurity
GetExplicitEntriesFromAclW
GetSecurityDescriptorControl
GetEffectiveRightsFromAclA
QueryServiceConfigW
GetNamedSecurityInfoW
RegOpenKeyA
MakeAbsoluteSD
RegConnectRegistryW
LookupPrivilegeDisplayNameA
GetSecurityDescriptorOwner
RegEnumKeyA
RegDeleteValueA
RegConnectRegistryA
LookupPrivilegeNameW
SetServiceStatus
GetAuditedPermissionsFromAclW
RegQueryInfoKeyW
LookupPrivilegeNameA
ImpersonateNamedPipeClient
CryptGetDefaultProviderW
GetTrusteeNameA
StartServiceCtrlDispatcherA
CryptSetKeyParam
BuildTrusteeWithSidA
GetCurrentHwProfileA
QueryServiceLockStatusW
RegUnLoadKeyW
GetTrusteeNameW
GetCurrentHwProfileW
GetPrivateProfileStructA
DeleteFiber
Thread32Next
HeapDestroy
QueueUserAPC
GetCompressedFileSizeW
GetLocaleInfoA
MapViewOfFileEx
OpenFileMappingA
SetErrorMode
GetFileInformationByHandle
HeapWalk
EnumResourceLanguagesW
HeapLock
GetEnvironmentStringsA
WideCharToMultiByte
EnumCalendarInfoExW
WritePrivateProfileStructA
WriteFile
GetProfileIntW
SetComputerNameA
MoveFileA
InitAtomTable
SetLocaleInfoA
FatalExit
FindClose
MoveFileW
GetStringTypeExA
OutputDebugStringA
GetEnvironmentVariableW
GetNamedPipeInfo
GetStringTypeExW
lstrcmpiW
UpdateResourceA
EnumCalendarInfoA
OpenWaitableTimerW
GetCalendarInfoA
GetSystemPowerStatus
GlobalAddAtomW
LocalFlags
GlobalUnfix
SetMessageWaitingIndicator
GetSystemDirectoryW
GetExitCodeThread
Module32Next
CreateMutexW
GlobalAddAtomA
GlobalMemoryStatus
ConvertThreadToFiber
ReadConsoleOutputW
SetCurrentDirectoryW
GlobalAlloc
SearchPathA
GetDiskFreeSpaceExW
GetNumberFormatW
WriteConsoleW
ReadConsoleOutputA
SetHandleCount
TerminateThread
FillConsoleOutputCharacterA
CallNamedPipeA
VirtualProtect
FillConsoleOutputCharacterW
Process32Next
GetDateFormatA
SystemTimeToFileTime
Process32First
GetDateFormatW
GetCommProperties
GetStartupInfoW
OpenProcess
WaitForMultipleObjects
GetPrivateProfileIntW
AddAtomW
WriteFileGather
lstrcpyW
GlobalReAlloc
EnumDateFormatsExA
FindFirstFileA
WaitNamedPipeA
EnumResourceNamesA
CompareStringA
FreeConsole
GetProcessWorkingSetSize
FindFirstFileW
GlobalLock
EnumDateFormatsExW
WriteProfileSectionA
GetConsoleScreenBufferInfo
GetProfileSectionA
LocalSize
ReadDirectoryChangesW
SetVolumeLabelA
TlsSetValue
BuildCommDCBA
GlobalGetAtomNameW
DosDateTimeToFileTime
GetShortPathNameW
GetConsoleCP
IsDBCSLeadByteEx
GetThreadLocale
GlobalUnlock
IsDBCSLeadByte
WaitForSingleObjectEx
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
CopyFileExA
CreateIoCompletionPort
GetProcessHeaps
GetCurrentDirectoryA
ClearCommBreak
EnumTimeFormatsA
GetConsoleTitleA
GetCommandLineA
CancelIo
EnumSystemCodePagesW
Heap32ListNext
SetFilePointer
HeapUnlock
PeekConsoleInputW
CloseHandle
OpenMutexW
PeekConsoleInputA
ReadConsoleOutputCharacterA
GetACP
GetModuleHandleW
SetThreadExecutionState
GetFileAttributesExW
OpenSemaphoreW
IsBadHugeWritePtr
HeapCreate
OpenEventW
Sleep
GetFileAttributesExA
OpenEventA
VirtualAlloc
ResetEvent
PathGetCharTypeA
PathFindSuffixArrayA
SHCopyKeyW
SHRegGetUSValueW
PathGetCharTypeW
PathIsRelativeW
UrlUnescapeW
SHRegGetBoolUSValueW
UrlEscapeW
UrlUnescapeA
SHEnumKeyExA
PathBuildRootA
PathIsRootA
StrIsIntlEqualW
PathCreateFromUrlW
PathSetDlgItemPathW
PathCommonPrefixA
AssocQueryKeyW
UrlCanonicalizeA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyW
StrPBrkA
PathFindFileNameA
SHRegOpenUSKeyA
StrStrW
SHDeleteEmptyKeyA
PathRemoveBlanksW
PathFindExtensionA
StrRChrW
PathIsUNCA
PathIsSystemFolderA
UrlGetLocationW
SHRegDeleteUSValueW
PathCanonicalizeA
PathFindExtensionW
PathCanonicalizeW
UrlGetLocationA
PathAddBackslashA
PathQuoteSpacesW
StrCpyW
UrlIsNoHistoryA
StrCatW
StrCSpnIA
PathRemoveFileSpecW
PathIsFileSpecW
SHSkipJunction
StrCatBuffW
SHRegEnumUSValueA
SHGetThreadRef
SHRegEnumUSValueW
StrCatBuffA
PathIsUNCServerA
StrCmpW
PathAddExtensionA
UrlIsW
StrCmpNA
PathGetArgsW
SHRegDuplicateHKey
PathCompactPathW
PathUnmakeSystemFolderA
PathMakeSystemFolderA
SHCreateShellPalette
PathStripPathW
StrStrIA
SHRegQueryUSValueA
UrlIsOpaqueW
SHRegDeleteEmptyUSKeyA
StrStrIW
SHRegQueryUSValueW
SHRegDeleteEmptyUSKeyW
AssocQueryStringW
StrRetToBufW
PathIsNetworkPathW
UrlGetPartW
StrDupW
PathIsURLA
SHRegWriteUSValueA
IntlStrEqWorkerA
PathUnquoteSpacesA
SHIsLowMemoryMachine
PathMatchSpecA
SHRegWriteUSValueW
PathUndecorateW
StrFormatByteSizeA
SHStrDupA
StrCmpNIA
UrlCreateFromPathW
StrNCatA
StrChrW
PathIsLFNFileSpecA
PathIsSameRootW
PathFindOnPathW
PathFindOnPathA
StrTrimA
SHRegCreateUSKeyW
PathRenameExtensionW
ChrCmpIW
StrFromTimeIntervalW
SHQueryInfoKeyA
PathFindNextComponentW
StrRStrIW
PathSearchAndQualifyW
StrRetToStrW
PathIsSameRootA
EnumDesktopsA
UnregisterHotKey
CharLowerBuffA
BroadcastSystemMessageA
ChangeDisplaySettingsA
PostQuitMessage
WINNLSGetIMEHotkey
LoadBitmapA
DdeImpersonateClient
DdeCreateStringHandleA
SetMenuItemInfoA
CharUpperBuffA
AppendMenuW
SetCaretBlinkTime
GetMessageTime
SetMenuItemInfoW
CreateDesktopW
GetMenuItemID
CharLowerBuffW
EndMenu
AnyPopup
DefFrameProcA
DlgDirSelectExW
CreateAcceleratorTableW
SetCaretPos
PackDDElParam
SetMenuDefaultItem
GetThreadDesktop
CharPrevExA
CallNextHookEx
DdeFreeDataHandle
LoadMenuIndirectA
GetWindowTextLengthA
BlockInput
UnhookWindowsHook
GetUpdateRgn
GetWindowTextW
GetTabbedTextExtentW
GetMenuItemInfoA
DestroyMenu
GetMenuContextHelpId
DrawEdge
GetClassInfoExW
SetClassLongW
MapVirtualKeyExW
SetProcessDefaultLayout
SetShellWindow
GetPropA
GetListBoxInfo
ValidateRgn
GetTabbedTextExtentA
CharUpperW
DdeKeepStringHandle
ScrollDC
GetDlgItemTextW
SetClipboardData
CreateCursor
GetMenuItemRect
EnumDisplayDevicesA
InvertRect
TabbedTextOutA
GetPriorityClipboardFormat
ToAscii
SetTimer
DlgDirListA
MonitorFromPoint
SetWindowContextHelpId
OemToCharW
ToUnicode
GetUpdateRect
GetSubMenu
SwitchDesktop
DefWindowProcW
GetScrollPos
CopyIcon
GetMonitorInfoA
MapVirtualKeyW
GetComboBoxInfo
ArrangeIconicWindows
CharLowerA
SetWindowLongW
InSendMessageEx
IsDialogMessage
PostMessageA
ChangeMenuW
GetMessageExtraInfo
RegisterDeviceNotificationW
InvalidateRect
EndDialog
WaitMessage
GetWindowLongA
GetLastActivePopup
CreateMenu
CreateDialogParamA
CreateWindowStationW
ClientToScreen
LoadCursorA
GetMenuStringA
SwapMouseButton
CreateIconFromResource
FindWindowExW
SetForegroundWindow
NotifyWinEvent
DialogBoxIndirectParamA
CreateDialogIndirectParamW
DrawTextExW
GetScrollInfo
FindWindowW
GetCapture
ShowWindow
DrawTextExA
MessageBoxW
GetKBCodePage
LookupIconIdFromDirectory
DialogBoxParamW
DdePostAdvise
GetClassNameA
MessageBoxIndirectW
GetTitleBarInfo
CopyImage
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
CreateMDIWindowW
SetCursorPos
IsCharAlphaNumericW
WinHelpA
GetKeyNameTextW
ChangeMenuA
IsMenu
CloseClipboard
DefDlgProcW
CoFileTimeNow
CoRegisterPSClsid
OleCreateLinkFromData
IIDFromString
OleCreateLinkEx
CoSuspendClassObjects
StgOpenStorageEx
CoGetCallerTID
CreateStreamOnHGlobal
StgGetIFillLockBytesOnFile
CoCreateGuid
CoLoadLibrary
OleDuplicateData
CoMarshalInterThreadInterfaceInStream
StgOpenStorage
WriteOleStg
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoDisconnectObject
GetRunningObjectTable
CoGetInstanceFromIStorage
CoRevertToSelf
OleBuildVersion
MonikerCommonPrefixWith
StgCreateDocfile
ReadClassStg
StgSetTimes
UtGetDvtd32Info
CoGetInterfaceAndReleaseStream
CoIsOle1Class
CoGetMalloc
StringFromIID
OleLoadFromStream
OleRegEnumVerbs
OleConvertIStorageToOLESTREAMEx
OleRun
OleQueryLinkFromData
OleGetIconOfClass
CoGetObject
CoQueryReleaseObject
GetHookInterface
CreateBindCtx
CoUninitialize
CoGetInstanceFromFile
WriteStringStream
OpenOrCreateStream
GetConvertStg
MonikerRelativePathTo
DllDebugObjectRPCHook
CoTreatAsClass
CreateClassMoniker
OleRegGetMiscStatus
SetConvertStg
OleCreateStaticFromData
OleCreateFromFile
StgGetIFillLockBytesOnILockBytes
OleDoAutoConvert
CoResumeClassObjects
OleCreateFromDataEx
ProgIDFromCLSID
OleGetIconOfFile
GetClassFile
OleMetafilePictFromIconAndLabel
CoUnmarshalInterface
StgCreateDocfileOnILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
UtGetDvtd16Info
OleConvertIStorageToOLESTREAM
GetHGlobalFromStream
CoDosDateTimeToFileTime
CreateILockBytesOnHGlobal
OleCreateFromFileEx
CreateFileMoniker
CoTaskMemFree
OleGetAutoConvert
UtConvertDvtd16toDvtd32
CoMarshalHresult
CoIsHandlerConnected
CreatePointerMoniker
OleSetContainedObject
GetHGlobalFromILockBytes
CoGetPSClsid
CreateAntiMoniker
OleGetClipboard
GetDocumentBitStg
CoGetClassObject
StgIsStorageILockBytes
CoInitialize
OleInitialize
OleIsCurrentClipboard
OleCreateLinkFromDataEx
CoGetStandardMarshal
CoReleaseMarshalData
WriteClassStm
OleCreateDefaultHandler
CoFileTimeToDosDateTime
PropVariantClear
CoMarshalInterface
CreateGenericComposite
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:01:18 02:34:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70144

LinkerVersion
9.0

FileAccessDate
2014:05:25 02:37:57+01:00

EntryPoint
0x10b39

InitializedDataSize
17408

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:05:25 02:37:57+01:00

UninitializedDataSize
0

File identification
MD5 60929047bd5d8532ffa25e065e2a8913
SHA1 eb85a32e405751cc5d35615ae54c29918f621845
SHA256 2c6fd4f12f6ac629c462e9a8463372df0cd4d6e95d14488c02b0e3da8cfdb96a
ssdeep
1536:jwgj2rqA3JAJDU1jWbFlxEJ/AxCwgSVq5xAQ4WFcVNhfGsefeDXKlv6qVUez4W:jwgjsfqRU4FlxIJwfyxAQJaVPfGsefe

imphash 6d78201c620a09735132c5a2ebe0983d
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-23 20:59:21 UTC ( 8 years, 7 months ago )
Last submission 2014-05-25 01:42:07 UTC ( 4 years, 4 months ago )
File names 60929047BD5D8532FFA25E065E2A8913
bot.ex
1Y1Z.zip
AF6h0DSfq.7z
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!