× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ca8bfecb19e533296de2d563d23abe4f2944b03ac3cb2037359a87c83dd743a
File name: 2ca8bfecb19e533296de2d563d23abe4f2944b03ac3cb2037359a87c83dd743a.bin
Detection ratio: 56 / 71
Analysis date: 2019-01-23 15:31:25 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.9380450 20190123
AhnLab-V3 Trojan/Win32.Zbot.R75133 20190123
ALYac Trojan.Generic.9380450 20190123
Antiy-AVL Trojan/Win32.Unknown 20190123
Arcabit Trojan.Generic.D8F2262 20190123
Avast Win32:Zeus-E [Trj] 20190123
AVG Win32:Zeus-E [Trj] 20190123
Avira (no cloud) TR/Dropper.A.4136 20190123
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Trojan.Generic.9380450 20190123
CAT-QuickHeal TrojanPWS.Zbot.Gen 20190123
Comodo TrojWare.Win32.Injector.AKOD@50jtvf 20190123
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.ca31f8 20190109
Cylance Unsafe 20190123
Cyren W32/Trojan.KJCZ-8245 20190123
DrWeb Trojan.MulDrop4.35808 20190123
eGambit Unsafe.AI_Score_57% 20190123
Emsisoft Trojan.Generic.9380450 (B) 20190123
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Spy.Zbot.YW 20190123
F-Prot W32/Trojan2.NXFK 20190123
F-Secure Trojan.Generic.9380450 20190123
Fortinet W32/Injector.AJJG!tr 20190123
GData Win32.Trojan.Agent.3718L9 20190123
Ikarus Trojan.Inject 20190123
Sophos ML heuristic 20181128
Jiangmin Trojan/Generic.biwca 20190123
K7AntiVirus Trojan ( 0040f5d71 ) 20190123
K7GW Trojan ( 0040f5d71 ) 20190123
Kaspersky Trojan.Win32.Agent.iatk 20190123
Kingsoft Win32.Troj.Generic.a.(kcloud) 20190123
MAX malware (ai score=100) 20190123
McAfee Generic.pw 20190123
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190122
Microsoft Trojan:Win32/Bumat!rts 20190123
eScan Trojan.Generic.9380450 20190123
NANO-Antivirus Trojan.Win32.Drop.dgivie 20190123
Panda Trj/Agent.IVN 20190123
Qihoo-360 Win32/Trojan.e6d 20190123
Rising Spyware.Zbot!8.16B (CLOUD) 20190123
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Troj/Zbot-FSY 20190123
SUPERAntiSpyware Trojan.Agent/Gen-Muldrop 20190116
Symantec Trojan.Zbot!gen43 20190123
Tencent Win32.Trojan.Agent.Lnod 20190123
TotalDefense Win32/Zbot.HIC 20190122
Trapmine malicious.moderate.ml.score 20190123
TrendMicro TSPY_ZBOT.NODD 20190123
TrendMicro-HouseCall TSPY_ZBOT.NODD 20190123
VBA32 Trojan.Agent 20190123
Webroot W32.Malware.Gen 20190123
Yandex Trojan.Injector!yk4oUNE/U0U 20190122
Zillya Trojan.Injector.Win32.203934 20190122
ZoneAlarm by Check Point Trojan.Win32.Agent.iatk 20190123
Zoner Trojan.Zbot.YW 20190122
Acronis 20190119
AegisLab 20190123
Alibaba 20180921
Avast-Mobile 20190123
Babable 20180917
Baidu 20190122
Bkav 20190123
ClamAV 20190123
CMC 20190123
Malwarebytes 20190123
Palo Alto Networks (Known Signatures) 20190123
TACHYON 20190122
TheHacker 20190118
Trustlook 20190123
ViRobot 20190123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-15 00:03:18
Entry Point 0x00007412
Number of sections 5
PE sections
Overlays
MD5 df8c406682e8c83810aa6fcceb948e91
File type data
Offset 147968
Size 152144
Entropy 7.99
PE imports
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
ReadConsoleInputA
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
Sleep
FindResourceA
MessageBoxA
Number of PE resources by type
CSERUM 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:07:14 17:03:18-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108032

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x7412

InitializedDataSize
38912

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 ae2be87ca31f830b1e9f294c7b824561
SHA1 a7e54f3eddc46db790407b7e04c976f9cded0e98
SHA256 2ca8bfecb19e533296de2d563d23abe4f2944b03ac3cb2037359a87c83dd743a
ssdeep
6144:OGbNT+wFHnbaCKfXe66QMB5/qQsMKzyr3kPtHb3U9Y:OGbNywHnbaXfXIDBJqqKzpPtH7U9Y

authentihash 7bb43749be22c09623127aa546728e31556e93b69ff3fce3429354b4f14c8f97
imphash 5ad2af171cf545b6348ade056031fd22
File size 293.1 KB ( 300112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-07-18 19:58:58 UTC ( 5 years, 9 months ago )
Last submission 2019-01-23 15:31:25 UTC ( 3 months ago )
File names vt-upload-SjKR0
file-5788756_mal
aa
vt-upload-HzcnH
ae2be87ca31f830b1e9f294c7b824561.exe
006881217
YMaZLl7.dll
ae2be87ca31f830b1e9f294c7b824561
2ca8bfecb19e533296de2d563d23abe4f2944b03ac3cb2037359a87c83dd743a.bin
bot.exe
ee9a15fe5bbebd88ee6e98fe24f8ea60370a269c
ae2be87ca31f830b1e9f294c7b824561
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!