× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3253ad8451ec6582ddbec20a4801d8132ecfd8b382f5a2abc280898146f582e9
File name: ddfec4a56f5e5226bb7209f2366795fbf4462360
Detection ratio: 41 / 57
Analysis date: 2015-05-24 15:44:34 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.446164 20150524
Yandex TrojanSpy.Zbot!BrSW9QnM8MM 20150524
AhnLab-V3 Trojan/Win32.Necurs 20150524
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150524
Avast Win32:Dropper-gen [Drp] 20150524
Avira (no cloud) TR/PSW.Foreign.lcjn 20150524
AVware Trojan.Win32.Generic!SB.0 20150524
BitDefender Gen:Variant.Kazy.446164 20150524
CAT-QuickHeal TrojanPWS.Zbot.A5 20150523
ClamAV Win.Trojan.Zbot-36551 20150523
Comodo UnclassifiedMalware 20150524
Cyren W32/S-aafa7e00!Eldorado 20150524
DrWeb Trojan.PWS.Panda.7630 20150524
Emsisoft Gen:Variant.Kazy.446164 (B) 20150524
ESET-NOD32 Win32/Spy.Zbot.ACB 20150524
F-Prot W32/S-aafa7e00!Eldorado 20150524
F-Secure Gen:Variant.Kazy.446164 20150524
Fortinet W32/Kryptik.CJSZ!tr 20150524
GData Gen:Variant.Kazy.446164 20150524
Ikarus Trojan-Spy.Zbot 20150524
Jiangmin TrojanSpy.Zbot.hhgy 20150522
K7AntiVirus Spyware ( 004a08e61 ) 20150524
K7GW Spyware ( 004a08e61 ) 20150524
Kaspersky Trojan-Spy.Win32.Zbot.tzhv 20150524
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150524
Malwarebytes Trojan.Zbot 20150524
McAfee GenericR-DAX!47E3F2CD74A2 20150524
McAfee-GW-Edition GenericR-DAX!47E3F2CD74A2 20150523
Microsoft PWS:Win32/Zbot 20150524
eScan Gen:Variant.Kazy.446164 20150524
NANO-Antivirus Trojan.Win32.Zbot.denbjt 20150524
nProtect Trojan-Spy/W32.ZBot.381952.AQ 20150522
Panda Trj/CI.A 20150524
Qihoo-360 Win32/Trojan.Spy.6f1 20150524
Sophos AV Mal/Wonton-AG 20150524
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20150523
Tencent Trojan.Win32.YY.Gen.5 20150524
TheHacker Trojan/Spy.Zbot.acb 20150521
TotalDefense Win32/Zbot.fBECPeD 20150524
VIPRE Trojan.Win32.Generic!SB.0 20150524
Zillya Trojan.Zbot.Win32.166027 20150524
AegisLab 20150524
Alibaba 20150524
ALYac 20150529
AVG 20150529
Baidu-International 20150524
Bkav 20150523
ByteHero 20150524
CMC 20150520
Norman 20150524
Rising 20150524
Symantec 20150529
TrendMicro 20150524
TrendMicro-HouseCall 20150524
VBA32 20150523
ViRobot 20150524
Zoner 20150521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-02 13:39:02
Entry Point 0x000072C0
Number of sections 4
PE sections
PE imports
InitializeAcl
ImageList_Draw
GetFileTitleW
SetMapMode
CreateMetaFileA
GetRgnBox
TextOutA
CreateFontIndirectA
GetTextMetricsA
Rectangle
GetObjectA
CloseMetaFile
DeleteDC
GetMapMode
SetWindowOrgEx
CreateBitmapIndirect
RealizePalette
CreateHatchBrush
CreatePatternBrush
CreateBitmap
CreatePalette
GetStockObject
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteFileA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
WTSGetActiveConsoleSessionId
lstrcpyA
HeapValidate
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
WritePrivateProfileStringA
GetCurrentProcessId
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
IsBadReadPtr
CreateStdAccessibleObject
SysFreeString
RegisterActiveObject
VariantInit
VariantClear
SysAllocString
wglDeleteContext
wglMakeCurrent
wglCreateContext
Ord(680)
PathIsUNCW
GetMessageA
EnumDesktopsA
UpdateWindow
GetScrollInfo
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
SetWindowPos
SendDlgItemMessageA
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
GetWindowDC
SetWindowLongA
GetWindowLongA
TranslateMessage
GetWindow
GetSysColor
SetScrollInfo
RegisterClassExA
GetCursorPos
SystemParametersInfoA
SetWindowTextA
SendMessageW
LoadStringA
SetClipboardData
IsWindowVisible
EmptyClipboard
SendMessageA
GetClientRect
GetDlgItem
DrawTextW
MessageBoxW
InvalidateRect
CreateDialogParamW
wsprintfA
LoadCursorA
LoadIconA
LoadImageA
GetDC
ReleaseDC
CloseClipboard
UnregisterClassA
OpenClipboard
DestroyWindow
EnumPrintersA
WTSQueryUserToken
CoUnmarshalInterface
CreateStreamOnHGlobal
OleUninitialize
CoGetInterfaceAndReleaseStream
OleInitialize
OleCreateStaticFromData
CoCreateInstance
OleDuplicateData
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:02 14:39:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
313344

LinkerVersion
10.0

EntryPoint
0x72c0

InitializedDataSize
67584

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 47e3f2cd74a2d6957249a198ac5c3fbb
SHA1 ddfec4a56f5e5226bb7209f2366795fbf4462360
SHA256 3253ad8451ec6582ddbec20a4801d8132ecfd8b382f5a2abc280898146f582e9
ssdeep
6144:CA57qDCd1OMsORusa/fvA+VH4EEJmUBIpBzXIz9UtkYMlYKQWIzn8wAVcwu5:vqOd1OYEsa/w+VH4EPPXsMv5

authentihash be413f6aa9954d256b698454a2f6945e6ff3454a276a97c2a354b52beba330d5
imphash 04d6cbec4c051246d2c44586fac21b54
File size 373.0 KB ( 381952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-24 15:44:34 UTC ( 3 years, 10 months ago )
Last submission 2015-05-24 15:44:34 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!