× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30e58a5e26e8e6f4a7bf7184c765df68d8169a49f7fa39f2d8d17f84f71558a5
File name: dea71d5df0224187a5e7cd00b1342a2c
Detection ratio: 34 / 46
Analysis date: 2013-04-22 23:06:09 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Yandex TrojanSpy.Zbot!MCWtUp1b+WE 20130422
AntiVir TR/Kazy.MK 20130422
Antiy-AVL Packed/Win32.Tdss 20130422
Avast Win32:Zbot-NRC [Trj] 20130423
AVG unknown virus Win32/DH{eVBUTxVRHFMg} 20130422
BitDefender Gen:Variant.Symmi.17952 20130423
ClamAV Trojan.Spy.Zbot-142 20130423
Commtouch W32/Zbot.BY.gen!Eldorado 20130422
DrWeb Trojan.MulDrop2.64582 20130423
Emsisoft Gen:Variant.Symmi.17952 (B) 20130423
ESET-NOD32 a variant of Win32/Injector.ADHM 20130422
F-Prot W32/Zbot.BY.gen!Eldorado 20130422
F-Secure Gen:Variant.Symmi.17952 20130423
Fortinet W32/Dorkbot.AS!tr 20130423
GData Gen:Variant.Symmi.17952 20130423
Ikarus Trojan-Spy.Win32.Zbot 20130422
K7AntiVirus Trojan 20130422
Kaspersky HEUR:Trojan.Win32.Generic 20130423
Kingsoft Win32.Troj.Undef.(kcloud) 20130422
McAfee Artemis!DEA71D5DF022 20130423
McAfee-GW-Edition Heuristic.BehavesLike.Win32.PasswordStealer.H 20130422
Microsoft PWS:Win32/Zbot.gen!Y 20130423
NANO-Antivirus Trojan.Win32.Panda.ctclk 20130422
Norman Malware 20130422
nProtect Trojan-Spy/W32.ZBot.172032.CO 20130422
Panda W32/Gaobot.OXI.worm 20130422
PCTools Trojan.IRCBot 20130422
Sophos Troj/PWS-BSF 20130422
Symantec W32.IRCBot.NG!gen7 20130423
TotalDefense Win32/Zbot.CXZ 20130422
TrendMicro TROJ_AGENT_048941.TOMB 20130423
TrendMicro-HouseCall TROJ_AGENT_048941.TOMB 20130422
VBA32 TrojanFakeAV.Windef 20130422
VIPRE Trojan.Win32.Generic!BT 20130422
AhnLab-V3 20130422
ByteHero 20130418
CAT-QuickHeal 20130422
Comodo 20130423
eSafe 20130418
Jiangmin 20130422
K7GW 20130422
Malwarebytes 20130422
eScan 20130422
SUPERAntiSpyware 20130423
TheHacker 20130422
ViRobot 20130422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-07 16:06:27
Entry Point 0x00001110
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetAtomNameA
SizeofResource
AddAtomA
LoadResource
LockResource
VirtualQuery
SetUnhandledExceptionFilter
FindAtomA
CopyFileA
ExitProcess
VirtualProtect
GetProcAddress
FindResourceA
GetModuleHandleA
ShellExecuteA
__p__fmode
malloc
__p__environ
fclose
strcat
atexit
abort
_setmode
_assert
fopen
_cexit
strtok
fwrite
_onexit
free
getenv
atoi
__getmainargs
memcpy
signal
__set_app_type
_iob
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:07 17:06:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6144

LinkerVersion
2.56

FileAccessDate
2013:04:23 00:06:51+01:00

EntryPoint
0x1110

InitializedDataSize
150528

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2013:04:23 00:06:51+01:00

UninitializedDataSize
2048

File identification
MD5 dea71d5df0224187a5e7cd00b1342a2c
SHA1 1161985ee7bc65ac0691f4470d5c88c77cad0cee
SHA256 30e58a5e26e8e6f4a7bf7184c765df68d8169a49f7fa39f2d8d17f84f71558a5
ssdeep
3072:BmPcaqyte6EV77snHLLxtPyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONmiEAEXn:sPcaBtK77snHRoY7PNNW4IxZ7zbC0rOs

File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (12.9%)
Win16/32 Executable Delphi generic (4.1%)
Generic Win/DOS Executable (3.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-22 23:06:09 UTC ( 4 years, 2 months ago )
Last submission 2013-04-22 23:06:09 UTC ( 4 years, 2 months ago )
File names dea71d5df0224187a5e7cd00b1342a2c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications