× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d922819a996e8304e8930673dc419f33593098775d016cd1c5ce886376a03e3
File name: 48fdb92b6a017770949a8c8e71939c32149e87c1
Detection ratio: 7 / 57
Analysis date: 2015-06-20 12:30:57 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150620
Avira (no cloud) TR/Crypt.EPACK.1254 20150620
ESET-NOD32 a variant of Generik.BECSXMN 20150620
Kaspersky Trojan-Spy.Win32.Zbot.voom 20150620
Panda Generic Suspicious 20150620
Tencent Trojan.Win32.YY.Gen.5 20150620
TrendMicro-HouseCall Suspicious_GEN.F47V0619 20150620
Ad-Aware 20150620
AegisLab 20150620
Yandex 20150619
AhnLab-V3 20150620
Alibaba 20150619
ALYac 20150620
Arcabit 20150620
Avast 20150620
AVG 20150620
AVware 20150620
Baidu-International 20150620
BitDefender 20150620
Bkav 20150620
ByteHero 20150620
CAT-QuickHeal 20150620
ClamAV 20150620
CMC 20150618
Comodo 20150620
Cyren 20150620
DrWeb 20150620
Emsisoft 20150620
F-Prot 20150620
F-Secure 20150620
Fortinet 20150620
GData 20150620
Ikarus 20150620
Jiangmin 20150618
K7AntiVirus 20150620
K7GW 20150620
Kingsoft 20150620
Malwarebytes 20150620
McAfee 20150620
McAfee-GW-Edition 20150619
Microsoft 20150620
eScan 20150620
NANO-Antivirus 20150620
nProtect 20150619
Qihoo-360 20150620
Rising 20150618
Sophos AV 20150620
SUPERAntiSpyware 20150620
Symantec 20150620
TheHacker 20150620
TotalDefense 20150620
TrendMicro 20150620
VBA32 20150619
VIPRE 20150620
ViRobot 20150620
Zillya 20150619
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-16 12:06:17
Entry Point 0x00001000
Number of sections 12
PE sections
Overlays
MD5 0f343b0931126a20f133d67c2b018a3b
File type ASCII text
Offset 283136
Size 1024
Entropy 0.00
PE imports
SetSecurityDescriptorDacl
CloseServiceHandle
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
OpenThreadToken
AdjustTokenPrivileges
InitializeAcl
RegOpenKeyW
RegCreateKeyExA
RegQueryValueExW
CopyEnhMetaFileW
PathToRegion
GdiGetPageCount
PatBlt
StartDocA
GdiStartPageEMF
UpdateICMRegKeyA
GetCharWidthW
SelectBrushLocal
AbortPath
GetDCPenColor
FixBrushOrgEx
GetObjectW
GetClipBox
GetEnhMetaFilePaletteEntries
GdiResetDCEMF
PolyTextOutW
GetEnhMetaFileDescriptionW
SetSystemPaletteUse
DdeAbandonTransaction
DestroyIcon
SetWindowsHookExA
DrawFrame
ScrollWindowEx
LoadMenuA
DdeReconnect
WinHelpW
CreateDialogIndirectParamA
GetTabbedTextExtentA
GetShellWindow
GetWindowContextHelpId
GetCaretPos
IMPSetIMEA
GetTitleBarInfo
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:07:16 13:06:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
31232

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 391649409571f7e29fe00e482f605ea7
SHA1 43a23b0f8163f6d8e7bd1eba79ba9b26758d6780
SHA256 2d922819a996e8304e8930673dc419f33593098775d016cd1c5ce886376a03e3
ssdeep
1536:jLuf2D15wksXpduIAht+AImsOCot67Dgi+j3YqdAZnsuMQnMIitzPV:3ufCJWOP3Imszot+Z+j3YTZTAIitz9

authentihash 10fbfbccff1646af577063882dc25e606a8c31057aadb50108dcb565d39db101
imphash fb30a2feb2b996696b9261b3cb1e7e09
File size 277.5 KB ( 284160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-19 19:43:19 UTC ( 3 years, 9 months ago )
Last submission 2015-06-20 12:30:57 UTC ( 3 years, 9 months ago )
File names 48fdb92b6a017770949a8c8e71939c32149e87c1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.