× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 33b80765d591348d60b1b6ad1e05e7806abc0f1a26e0e36de50629a4b9f87d88
File name: 3c8119d1ea4d30458929a32897589440
Detection ratio: 43 / 55
Analysis date: 2014-09-25 00:05:04 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1800805 20140925
AhnLab-V3 Trojan/Win32.Zbot 20140924
Avast AutoIt:Zbot-M [Trj] 20140925
AVG Generic11_c.SJD 20140924
Avira (no cloud) TR/Spy.Banker.1306 20140924
AVware Trojan.Win32.Generic!BT 20140924
Baidu-International Trojan.Win32.Zbot.ARz 20140924
BitDefender Trojan.GenericKD.1800805 20140925
CAT-QuickHeal TrojanPWS.AutoIt.Zbot.S 20140924
CMC Trojan.Win32.Generic!O 20140924
Comodo UnclassifiedMalware 20140924
Cyren W32/Trojan.QZVV-8794 20140925
DrWeb Trojan.PWS.Panda.7278 20140924
Emsisoft Trojan.GenericKD.1800805 (B) 20140924
ESET-NOD32 Win32/Spy.Zbot.AAO 20140924
F-Prot W32/Trojan5.KME 20140924
F-Secure Trojan.GenericKD.1800805 20140924
Fortinet W32/Zbot.AAO!tr 20140925
GData Trojan.GenericKD.1800805 20140924
Ikarus Trojan.Autoit 20140924
K7AntiVirus Riskware ( 0040f0f51 ) 20140924
K7GW Riskware ( 0040f0f51 ) 20140924
Kaspersky Trojan-Spy.Win32.Zbot.ttez 20140924
Kingsoft Win32.Troj.Zbot.tt.(kcloud) 20140925
Malwarebytes Trojan.Zbot 20140924
McAfee Generic-FAVA!3C8119D1EA4D 20140924
McAfee-GW-Edition BehavesLike.Win32.Ransom.th 20140924
Microsoft PWS:Win32/Zbot 20140924
eScan Trojan.GenericKD.1800805 20140925
Norman Troj_Generic.VIRPM 20140924
nProtect Trojan.GenericKD.1800805 20140924
Panda Trj/CI.A 20140924
Qihoo-360 HEUR/Malware.QVM10.Gen 20140925
Rising PE:Trojan.Win32.Generic.172AFFA4!388693924 20140924
Sophos AV Mal/Generic-L 20140925
Symantec WS.Reputation.1 20140925
Tencent Win32.Trojan.Bp-generic.Ixrn 20140925
TrendMicro TROJ_GEN.R0CCC0DHF14 20140924
TrendMicro-HouseCall TROJ_GEN.R0CCC0DHF14 20140924
VBA32 TrojanSpy.Zbot 20140924
VIPRE Trojan.Win32.Generic!BT 20140924
ViRobot Trojan.Win32.A.Zbot.1648704 20140924
Zillya Trojan.ZBot.Win32.108 20140923
AegisLab 20140925
Yandex 20140924
Antiy-AVL 20140924
Bkav 20140923
ByteHero 20140925
ClamAV 20140924
Jiangmin 20140924
NANO-Antivirus 20140924
SUPERAntiSpyware 20140925
TheHacker 20140924
TotalDefense 20140924
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
File version 3, 3, 8, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000165C1
Number of sections 4
PE sections
Number of PE resources by type
RT_ICON 13
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 26
ENGLISH US 2
PE resources
File identification
MD5 3c8119d1ea4d30458929a32897589440
SHA1 f5b0d699e4e156e79aedd7d758aa07bde3a018f3
SHA256 33b80765d591348d60b1b6ad1e05e7806abc0f1a26e0e36de50629a4b9f87d88
ssdeep
24576:uRmJkcoQricOIQxiZY1ia+n+vErpHfau8nj49hS0c:7JZoQrbTFZY1iaa+R

authentihash 1e7178b550847418de4f6d2cd508a0b07f0d7c4c926afc09766341e5396210ee
imphash d3bf8a7746a8d1ee8f6e5960c3f69378
File size 1.6 MB ( 1648704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-14 01:20:36 UTC ( 4 years, 3 months ago )
Last submission 2014-08-14 01:20:36 UTC ( 4 years, 3 months ago )
File names 3c8119d1ea4d30458929a32897589440
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.