× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2fcc9209ddeb18b2dbd4db5f42dd477feaf4a1c3028eb6393dbaa21bd26b800c
File name: ZeuS_binary_7024d20048178843f629e8c5a422d072.exe
Detection ratio: 47 / 56
Analysis date: 2016-08-16 07:55:05 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.25748 20160816
AegisLab Troj.W32.Generic!c 20160816
AhnLab-V3 Trojan/Win32.Zbot.N1507832769 20160815
ALYac Gen:Variant.Kazy.25748 20160816
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160816
Arcabit Trojan.Kazy.D6494 20160816
Avast Sf:Crypt-BT [Trj] 20160816
AVG Generic_s.BE 20160816
Avira (no cloud) TR/Spy.Gen 20160816
AVware Trojan-PWS.Win32.Zbot.aac (v) 20160816
Baidu Win32.Trojan.Zbot.a 20160813
BitDefender Gen:Variant.Kazy.25748 20160816
CAT-QuickHeal Trojanpws.Zbot.28504 20160816
ClamAV Win.Spyware.Zbot-1275 20160815
Comodo TrojWare.Win32.Agent.~wkcf 20160816
Cyren W32/Zbot.BR.gen!Eldorado 20160816
DrWeb Trojan.PWS.Panda.655 20160816
Emsisoft Gen:Variant.Kazy.25748 (B) 20160816
ESET-NOD32 a variant of Win32/Spy.Zbot.YW 20160816
F-Prot W32/Zbot.BR.gen!Eldorado 20160816
F-Secure Trojan-Spy:W32/Zbot.AVTH 20160816
Fortinet W32/Zbot.YW!tr 20160816
GData Gen:Variant.Kazy.25748 20160816
Ikarus Trojan-Spy.Win32.Zbot 20160815
Jiangmin Trojan/Generic.bcnps 20160816
K7AntiVirus Spyware ( 002891031 ) 20160816
K7GW Spyware ( 002891031 ) 20160816
Kaspersky HEUR:Trojan.Win32.Generic 20160816
Malwarebytes Trojan.Zbot 20160816
McAfee PWS-Zbot.gen.ds 20160816
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160816
Microsoft PWS:Win32/Zbot!ZA 20160816
eScan Gen:Variant.Kazy.25748 20160816
NANO-Antivirus Trojan.Win32.Panda.dpvzuz 20160816
Panda Trj/CI.A 20160815
Qihoo-360 Win32/Trojan.4cc 20160816
Rising Stealer.Zbot!1.648A 20160816
Sophos Mal/Zbot-HX 20160816
Symantec Infostealer 20160816
Tencent Trojan.Win32.Zbot.aaw 20160816
TrendMicro Cryp_Xin1 20160816
TrendMicro-HouseCall Cryp_Xin1 20160816
VBA32 SScope.Trojan.FakeAV.01110 20160815
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20160816
ViRobot Trojan.Win32.S.Agent.141312.DL[h] 20160816
Yandex Trojan.ZBoter.Gen.VA 20160815
Zillya Trojan.Zbot.Win32.178092 20160815
Alibaba 20160816
Bkav 20160815
CMC 20160816
Kingsoft 20160816
nProtect 20160812
SUPERAntiSpyware 20160816
TheHacker 20160814
TotalDefense 20160816
Zoner 20160816
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-03 20:11:08
Entry Point 0x0001D70B
Number of sections 3
PE sections
Overlays
MD5 88178b8fd340539f6af8c782bd554300
File type data
Offset 140800
Size 512
Entropy 7.54
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
CreateCompatibleDC
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleBitmap
DeleteObject
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
Thread32Next
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
lstrcmpiA
GetTempPathW
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
RemoveDirectoryW
ExitProcess
LoadLibraryA
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
HeapCreate
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
WriteFile
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
GlobalUnlock
Process32NextW
VirtualFree
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
UnmapViewOfFile
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathIsURLW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
GetMenuItemID
GetCursorPos
ReleaseDC
SendMessageW
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
GetMessageA
GetUserObjectInformationW
GetParent
EqualRect
DefWindowProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
DrawEdge
SwitchDesktop
BeginPaint
DefMDIChildProcW
DrawIcon
MapVirtualKeyW
DefMDIChildProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SetProcessWindowStation
SetKeyboardState
GetClassLongW
CreateWindowStationW
PostMessageW
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
DispatchMessageW
GetProcessWindowStation
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
IsRectEmpty
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
GetDC
CallWindowProcW
GetClassNameW
DefDlgProcW
DefDlgProcA
CloseDesktop
CallWindowProcA
SendMessageTimeoutW
GetAncestor
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpAddRequestHeadersW
HttpSendRequestExA
InternetQueryOptionW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
getpeername
WSAGetLastError
recv
send
WSASend
select
listen
WSAEventSelect
WSASetLastError
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
File identification
MD5 7024d20048178843f629e8c5a422d072
SHA1 cd97babe64112e97671030248407fb698589ca63
SHA256 2fcc9209ddeb18b2dbd4db5f42dd477feaf4a1c3028eb6393dbaa21bd26b800c
ssdeep
3072:BBSKctzD0UxfByqsR1gtZCqwUus4rdEhzfCQIblqyvJfkUgAqLHOFhYDCSQUamrk:BBSBzD3g4tcs4BWfCQ0BfM5LHOL2DrRG

authentihash cc6deae6e86b4544d9e2eb7aafdab2314a228b4a575762e13daf341ef03efbb9
imphash 459509f6d8b87adafb13d11030551ee8
File size 138.0 KB ( 141312 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2015-04-16 22:15:12 UTC ( 2 years ago )
Last submission 2015-10-27 17:10:11 UTC ( 1 year, 5 months ago )
File names 7024d20048178843f629e8c5a422d072.exe
ZeuS_binary_7024d20048178843f629e8c5a422d072 (2).exe
ZeuS_binary_7024d20048178843f629e8c5a422d072.exe
bot.exe
ZeuS_binary_7024d20048178843f629e8c5a422d072 (1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!