× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 35c8a180cfb224cf23583614001f49df5b41b390ad48634b1900155af2ce7c57
File name: DiskAnalysis.exe
Detection ratio: 33 / 55
Analysis date: 2014-10-11 21:39:04 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1903590 20141011
AegisLab Troj.W32.Jorik.Slenfbot 20141011
Yandex TrojanSpy.Zbot!9WaHhjmOUAo 20141010
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141011
Avast Win32:Malware-gen 20141011
AVG Zbot.OQB 20141011
Avira (no cloud) TR/Rogue.387584.12 20141011
Baidu-International Trojan.Win32.Zbot.AD 20141011
BitDefender Trojan.GenericKD.1903590 20141011
Comodo UnclassifiedMalware 20141011
Emsisoft Trojan.GenericKD.1903590 (B) 20141011
ESET-NOD32 Win32/Spy.Zbot.AAO 20141011
F-Secure Trojan.GenericKD.1903590 20141011
Fortinet W32/Zbot.AAO!tr.spy 20141011
GData Trojan.GenericKD.1903590 20141011
Ikarus Trojan.Zbot 20141011
K7AntiVirus Spyware ( 0029a43a1 ) 20141010
K7GW Spyware ( 0029a43a1 ) 20141011
Kaspersky Trojan-Spy.Win32.Zbot.uiee 20141011
Malwarebytes Trojan.Pseudo 20141011
McAfee RDN/Generic PWS.y!bb3 20141011
McAfee-GW-Edition RDN/Generic PWS.y!bb3 20141011
Microsoft PWS:Win32/Zbot 20141011
eScan Trojan.GenericKD.1903590 20141011
nProtect Trojan.GenericKD.1903590 20141010
Panda Trj/CI.A 20141011
Qihoo-360 Win32/Trojan.Multi.daf 20141011
Rising PE:Trojan.Win32.Generic.176541AD!392511917 20141011
Sophos AV Troj/Wonton-IU 20141011
Symantec WS.Reputation.1 20141011
Tencent Win32.Trojan.Bp-generic.Ixrn 20141011
TrendMicro TROJ_GEN.R072C0DJB14 20141011
TrendMicro-HouseCall TROJ_GEN.R072C0DJB14 20141011
AhnLab-V3 20141011
AVware 20141011
Bkav 20141011
ByteHero 20141011
CAT-QuickHeal 20141011
ClamAV 20141011
CMC 20141009
Cyren 20141011
DrWeb 20141011
F-Prot 20141009
Jiangmin 20141011
Kingsoft 20141011
NANO-Antivirus 20141011
Norman 20141011
SUPERAntiSpyware 20141011
TheHacker 20141010
TotalDefense 20141011
VBA32 20141010
VIPRE 20141011
ViRobot 20141011
Zillya 20141011
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2014 Glarysoft Ltd

Publisher Glarysoft Ltd
Product Glary Utilities
Original name DiskAnalysis.exe
Internal name DiskAnalysis.exe
File version 5.0.0.49
Description Glary Utilities DiskAnalyzsis
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-03 22:35:19
Entry Point 0x000023C0
Number of sections 5
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
InitializeSecurityDescriptor
OpenThreadToken
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CreateToolbarEx
ReplaceTextA
GetDeviceCaps
CreateDCA
DeleteDC
PatBlt
BitBlt
GetStockObject
CreateSolidBrush
SelectObject
SelectClipRgn
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
Module32First
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
Module32Next
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetVersion
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetProcAddress
lstrcmpA
FindFirstFileA
lstrcpyA
HeapValidate
FindNextFileA
LocalSize
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
HeapQueryInformation
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
IsBadReadPtr
SafeArrayCreate
RegisterActiveObject
ExtractIconA
EmptyClipboard
GetParent
EndDialog
BeginPaint
GetWindowThreadProcessId
SendDlgItemMessageA
IsWindow
GetWindowRect
EndPaint
ScrollWindowEx
SetDlgItemTextA
SetCapture
GetDlgItemTextA
MessageBoxA
GetWindow
GetDC
CopyImage
ReleaseDC
SetWindowTextA
CheckMenuItem
GetMenu
GetSubMenu
EndMenu
SetClipboardData
DrawIconEx
GetClientRect
GetDlgItem
SetScrollPos
SetRect
wsprintfA
FillRect
CloseClipboard
OpenClipboard
DestroyWindow
EnumPrintersA
Number of PE resources by type
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_ICON 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.49

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
226304

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2003-2014 Glarysoft Ltd

FileVersion
5.0.0.49

TimeStamp
2014:10:03 23:35:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DiskAnalysis.exe

FileAccessDate
2014:10:11 22:42:44+01:00

ProductVersion
5.0.0.49

FileDescription
Glary Utilities DiskAnalyzsis

OSVersion
5.1

FileCreateDate
2014:10:11 22:42:44+01:00

OriginalFilename
DiskAnalysis.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Glarysoft Ltd

CodeSize
160256

ProductName
Glary Utilities

ProductVersionNumber
5.0.0.49

EntryPoint
0x23c0

ObjectFileType
Executable application

File identification
MD5 66571cb6ee98b6176396c8570ad6242d
SHA1 d154ed227e7ff787548cfe2cf401ae78598b4ac0
SHA256 35c8a180cfb224cf23583614001f49df5b41b390ad48634b1900155af2ce7c57
ssdeep
6144:/Baeg3zn6Eu26Q5J+PFzHedMrVWF588kzTqmfLbdzhsBscFGYxALFoDqzdCLrBrZ:paeg3OEu26Q2Ad0cja5TbBwsq/2FoOzc

authentihash 1c8e5ed0cc2c7496e037821d4e46bc0af44ce1a5b0b7726e3a904106130623ae
imphash dc37b3a6b71acadd3fce8d8e79e21008
File size 378.5 KB ( 387584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-04 21:36:05 UTC ( 4 years, 1 month ago )
Last submission 2014-10-04 21:36:05 UTC ( 4 years, 1 month ago )
File names 35c8a180cfb224cf23583614001f49df5b41b390ad48634b1900155af2ce7c57.exe
66571cb6ee98b6176396c8570ad6242d
35c8a180cfb224cf23583614001f49df5b41b390ad48634b1900155af2ce7c57.exe
DiskAnalysis.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests