× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3202d37fec1b7a8aa25c27aedba9a2af78f4416c8f741a705963e88d702d65a7
File name: 50c696b5a524083e76591c264a3b91aa
Detection ratio: 41 / 50
Analysis date: 2014-03-11 18:54:04 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.10059770 20140311
Yandex Trojan.Injector!4jErFN2CbPU 20140311
AhnLab-V3 Trojan/Win32.Zbot 20140311
AntiVir TR/Spy.ZBot.plm.19 20140311
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20140311
Avast Win32:Zbot-RZV [Trj] 20140311
AVG Inject2.FCD 20140311
Baidu-International Trojan.Win32.Generic.AN 20140311
BitDefender Trojan.Generic.10059770 20140311
Comodo TrojWare.Win32.Injector.ALEG 20140311
DrWeb Trojan.Packed.24612 20140311
Emsisoft Trojan.Generic.10059770 (B) 20140311
ESET-NOD32 a variant of Win32/Injector.AQRD 20140311
F-Secure Trojan.Generic.10059770 20140311
Fortinet W32/Injector.AJAR!tr 20140311
GData Trojan.Generic.10059770 20140311
Ikarus Trojan.Inject2 20140311
Jiangmin Trojan/Inject.bbek 20140311
K7AntiVirus Trojan ( 0048f1161 ) 20140311
K7GW Trojan ( 0048f1161 ) 20140311
Kaspersky HEUR:Trojan.Win32.Generic 20140311
Kingsoft Win32.Troj.Undef.(kcloud) 20140311
Malwarebytes Spyware.Zbot 20140311
McAfee PWSZbot-FEK!50C696B5A524 20140311
McAfee-GW-Edition PWSZbot-FEK!50C696B5A524 20140311
eScan Trojan.Generic.10059770 20140311
NANO-Antivirus Trojan.Win32.ZBot.cpfsch 20140311
Norman Troj_Generic.RLGTV 20140311
nProtect Trojan.Generic.10059770 20140311
Panda Trj/Genetic.gen 20140311
Qihoo-360 Win32/Trojan.687 20140311
Rising PE:Trojan.Injector!6.8A2 20140311
Sophos AV Mal/Generic-S 20140311
SUPERAntiSpyware Trojan.Agent/Gen-Hamweq 20140311
Symantec WS.Reputation.1 20140311
TheHacker Trojan/Injector.aqrd 20140311
TotalDefense Win32/Tnega.ATLD 20140311
TrendMicro TROJ_GEN.R0C1C0PKQ13 20140311
TrendMicro-HouseCall TROJ_GEN.R0C1C0PKQ13 20140311
VBA32 Worm.Palevo 20140311
VIPRE Trojan.Win32.Generic!BT 20140311
Bkav 20140311
ByteHero 20140311
CAT-QuickHeal 20140311
ClamAV 20140310
CMC 20140307
Commtouch 20140311
F-Prot 20140311
Microsoft 20140311
ViRobot 20140311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-07 16:14:13
Entry Point 0x000020DE
Number of sections 5
PE sections
Overlays
MD5 c39304f6f5d0e78a75d60f5c7b521c03
File type data
Offset 70144
Size 276243
Entropy 7.99
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
SizeofResource
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
LockResource
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
LeaveCriticalSection
SetFilePointer
RaiseException
WriteConsoleW
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetProcessHeap
TerminateProcess
IsValidCodePage
LoadResource
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
FindResourceA
HeapCreate
SetLastError
InterlockedIncrement
MessageBoxW
Number of PE resources by type
XTPNKF 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 2
NEUTRAL *unknown* 1
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:07 17:14:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
24064

SubsystemVersion
5.1

EntryPoint
0x20de

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 50c696b5a524083e76591c264a3b91aa
SHA1 8f5d24f9cb1fc8d3b6714f7f6697c1dfe745c6cb
SHA256 3202d37fec1b7a8aa25c27aedba9a2af78f4416c8f741a705963e88d702d65a7
ssdeep
6144:DC55mh1dIfoSGnwL1m+DJUJty61xImljKO07fXdwLndn4geshnGBkwafl6:GzmbdIjJFDajkmljRutwGZ81w86

authentihash c1d227fdf5650f1c6b5840e3878197fc199d60cc40db52d82e846c6e0ea52475
imphash 8027c0a3ffae313aaaa57d0b0dfdb786
File size 338.3 KB ( 346387 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-11-28 06:35:55 UTC ( 5 years, 5 months ago )
Last submission 2018-05-20 19:58:57 UTC ( 1 year ago )
File names 2624.exe
50c696b5a524083e76591c264a3b91aa.vir
uCQ1XW8uvT.scr
50c696b5a524083e76591c264a3b91aa
vt-upload-UoDU6
file-6708019_
1.EXE
1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications