× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 352439d5b2f326b25eed2160d03b9f7e4007de283037c4951cb9675f41bef832
File name: 8fad5dfac3671d90dd12792ec81fe595.EXE
Detection ratio: 48 / 56
Analysis date: 2015-04-28 09:42:27 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.AutoIT.Injector.AN 20150428
Yandex Trojan.Agent!uGdZhD9+NuU 20150427
AhnLab-V3 Trojan/Win32.Zbot 20150428
ALYac Trojan.AutoIT.Injector.AN 20150428
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150428
Avast Win32:GenMalicious-HMV [Trj] 20150428
AVG Zbot.KXP 20150428
Avira (no cloud) TR/Spy.A.5797 20150428
AVware Trojan.Win32.Generic!BT 20150428
BitDefender Trojan.AutoIT.Injector.AN 20150428
CAT-QuickHeal TrojanPWS.Zbot.Y3 20150428
ClamAV Trojan.Spy.Zbot-142 20150428
CMC Packed.Win32.Toggaf.4!O 20150423
Comodo TrojWare.Win32.Kazy.MKD 20150428
Cyren W32/Zbot.BR.gen!Eldorado 20150428
DrWeb Trojan.Proxy.27230 20150428
Emsisoft Trojan.AutoIT.Injector.AN (B) 20150428
ESET-NOD32 Win32/Spy.Zbot.AAQ 20150428
F-Prot W32/Zbot.BR.gen!Eldorado 20150428
F-Secure Trojan-Spy:W32/Zbot.AVTH 20150428
Fortinet W32/Zbot.AT!tr 20150428
GData Trojan.AutoIT.Injector.AN 20150428
Ikarus Trojan-Spy.Zbot 20150428
Jiangmin TrojanSpy.Zbot.hfms 20150427
K7AntiVirus Spyware ( 002891031 ) 20150428
K7GW Spyware ( 002891031 ) 20150428
Kaspersky Trojan-Spy.Win32.Zbot.sbdj 20150428
McAfee PWS-Zbot.gen.ds 20150428
McAfee-GW-Edition BehavesLike.Win32.ZBot.ch 20150428
Microsoft Trojan:Win32/Bagsu!rfn 20150428
eScan Trojan.AutoIT.Injector.AN 20150428
NANO-Antivirus Trojan.Win32.Panda.cswodz 20150428
Norman ZBot.VAL 20150427
nProtect Trojan/W32.Agent.141824.QP 20150428
Panda Trj/WLT.B 20150427
Rising PE:Stealer.Zbot!1.648A 20150427
Sophos Troj/PWS-BSF 20150428
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20150428
Symantec Trojan.Zbot 20150428
Tencent Trojan-spy.Win32.Zbot.sbdja 20150428
TheHacker Trojan/Spy.Zbot.aaq 20150426
TotalDefense Win32/Zbot.AZ!generic 20150427
TrendMicro TSPY_ZBOT.SMIG 20150428
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20150428
VBA32 SScope.Trojan.FakeAV.01110 20150427
VIPRE Trojan.Win32.Generic!BT 20150428
ViRobot Trojan.Win32.Zbot.141312.L[h] 20150428
Zoner Trojan.Zbot.AAQ 20150427
AegisLab 20150428
Alibaba 20150428
Baidu-International 20150426
Bkav 20150425
ByteHero 20150428
Kingsoft 20150428
Qihoo-360 20150428
Zillya 20150428
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-19 00:10:29
Entry Point 0x00013048
Number of sections 3
PE sections
Overlays
MD5 d8220c57f0ea6caeac3d094dfc0c1122
File type data
Offset 141312
Size 512
Entropy 7.59
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
lstrcmpiA
WriteFile
Thread32First
HeapReAlloc
SetEvent
LocalFree
InitializeCriticalSection
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateEventW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
HeapCreate
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
UnmapViewOfFile
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
StrStrIA
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
SHDeleteKeyW
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
SendMessageW
CreateDesktopW
DispatchMessageW
GetCursorPos
ReleaseDC
DefFrameProcW
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
GetMenuItemID
GetMessageA
GetUserObjectInformationW
GetParent
EqualRect
DefMDIChildProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
DrawEdge
SwitchDesktop
BeginPaint
DefMDIChildProcW
ReleaseCapture
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
GetProcessWindowStation
GetClassLongW
CreateWindowStationW
SetKeyboardState
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
GetDC
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
IsRectEmpty
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
SetCursorPos
SystemParametersInfoW
PostMessageW
CallWindowProcW
GetClassNameW
DefDlgProcW
DefDlgProcA
CloseDesktop
CallWindowProcA
SendMessageTimeoutW
GetAncestor
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpAddRequestHeadersW
HttpSendRequestExA
InternetQueryOptionW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
WSASend
shutdown
WSASetLastError
select
recv
send
WSAGetLastError
listen
WSAEventSelect
getpeername
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
connect
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
Execution parents
Compressed bundles
File identification
MD5 8fad5dfac3671d90dd12792ec81fe595
SHA1 da930ea37f6d45108f80c137dcf4f7b4f42445d1
SHA256 352439d5b2f326b25eed2160d03b9f7e4007de283037c4951cb9675f41bef832
ssdeep
3072:KTzx50VJqtHGbu5XCniylWrtGA1GHvGXaCH1Fukp133wQGc:KTzoGtmiYlW4A1QvGXjBQQGc

authentihash 67e6bd26da2466a489d0cdcad0ca3fd7a5c11d879c1e24c905f635bcf044f70b
imphash 9dba42e03feaa2fe2fdb66c5e897b3ae
File size 138.5 KB ( 141824 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
overlay via-tor mz

VirusTotal metadata
First submission 2015-04-28 09:42:27 UTC ( 2 years ago )
Last submission 2016-11-06 16:46:52 UTC ( 5 months, 3 weeks ago )
File names ZeuS_binary_8fad5dfac3671d90dd12792ec81fe595 (1).exe
8FAD5DFAC3671D90DD12792EC81FE595
ZeuS_binary_8fad5dfac3671d90dd12792ec81fe595.exe
8fad5dfac3671d90dd12792ec81fe595.EXE
45bbf460-sample
8FAD5DFAC3671D90DD12792EC81FE595.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications