× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36862e99434f6307d4654f928e018dbcbc53fd4b994f5d459a10d306c3fb23d8
File name: 204ca81a31d2484a09a0d43907bc7069
Detection ratio: 28 / 56
Analysis date: 2015-01-27 01:27:29 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.12590615 20150126
ALYac Trojan.Generic.12590615 20150127
Avast Win32:Malware-gen 20150127
AVG Inject2.BLXH 20150127
Avira (no cloud) TR/Crypt.ZPACK.118061 20150127
AVware Trojan.Win32.Generic!BT 20150126
Baidu-International Trojan.Win32.Zbot.AT 20150126
BitDefender Trojan.Generic.12590615 20150127
Cyren W32/Trojan.PLFN-9103 20150127
Emsisoft Trojan.Generic.12590615 (B) 20150127
F-Secure Trojan.Generic.12590615 20150126
Fortinet W32/Zbot.ACB!tr.spy 20150127
GData Trojan.Generic.12590615 20150126
K7AntiVirus Spyware ( 004a08e61 ) 20150126
K7GW DoS-Trojan ( 200a2b3d1 ) 20150127
Kaspersky Trojan-Spy.Win32.Zbot.uwce 20150127
McAfee RDN/Suspicious.bfr!bh 20150127
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20150126
eScan Trojan.Generic.12590615 20150126
NANO-Antivirus Trojan.Win32.Zbot.dmvptn 20150127
Norman Simda.TLT 20150126
nProtect Trojan.Generic.12590615 20150126
Panda Trj/Chgt.O 20150126
Qihoo-360 Win32/Trojan.be5 20150127
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150126
Sophos AV Mal/Generic-S 20150127
Symantec WS.Reputation.1 20150126
VIPRE Trojan.Win32.Generic!BT 20150126
AegisLab 20150127
Yandex 20150126
AhnLab-V3 20150126
Alibaba 20150127
Antiy-AVL 20150126
Bkav 20150126
ByteHero 20150127
CAT-QuickHeal 20150125
ClamAV 20150126
CMC 20150124
Comodo 20150126
DrWeb 20150127
F-Prot 20150127
Ikarus 20150126
Jiangmin 20150126
Kingsoft 20150127
Malwarebytes 20150127
Microsoft 20150127
SUPERAntiSpyware 20150125
Tencent 20150127
TheHacker 20150126
TotalDefense 20150126
TrendMicro 20150127
TrendMicro-HouseCall 20150127
VBA32 20150126
ViRobot 20150126
Zillya 20150126
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-20 16:53:20
Entry Point 0x00001180
Number of sections 5
PE sections
PE imports
RegQueryValueExA
RegOpenKeyA
GetMetaFileBitsEx
GetBkColor
CreatePalette
GetStockObject
SetMetaFileBitsEx
CloseMetaFile
GetPaletteEntries
AddFontResourceW
GetObjectW
PlayMetaFile
DeleteObject
DeleteMetaFile
CreateMetaFileW
GetLastError
HeapFree
EnterCriticalSection
ReleaseMutex
VirtualAllocEx
lstrlenA
GetOverlappedResult
GlobalFree
WaitForSingleObject
SetEvent
QueryPerformanceCounter
GetTickCount
GlobalUnlock
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
lstrlenW
GetLocalTime
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
GetCurrentProcessId
WaitForMultipleObjects
ProcessIdToSessionId
GetModuleHandleW
CreateThread
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GlobalLock
CancelIo
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CreateMutexW
ResetEvent
GetSystemTimeAsFileTime
TerminateProcess
ExitThread
GetDiskFreeSpaceA
GetProcAddress
PulseEvent
LocalFree
WaitForMultipleObjectsEx
GlobalMemoryStatus
DeviceIoControl
CreateEventW
InitializeCriticalSection
UnmapViewOfFile
OpenEventW
GlobalAlloc
InterlockedDecrement
Sleep
CloseHandle
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
SetLastError
InterlockedIncrement
SHFileOperationW
SHFileOperationA
RegisterWindowMessageW
EmptyClipboard
PostQuitMessage
DefWindowProcW
GetClipboardOwner
GetMessageW
GetClipboardData
GetClipboardViewer
SetWindowLongW
GetClipboardFormatNameW
SetClipboardViewer
ChangeClipboardChain
TranslateMessage
PostMessageW
RegisterClipboardFormatW
DispatchMessageW
SendMessageW
RegisterClassW
UnregisterClassW
LoadIconA
CountClipboardFormats
LoadStringW
EnumClipboardFormats
LoadIconW
CreateWindowExW
CloseClipboard
OpenClipboard
DestroyWindow
__p__fmode
malloc
rand
realloc
_wcsnicmp
_cexit
_except_handler3
_c_exit
__p__commode
wcslen
wcscmp
exit
_XcptFilter
wcsrchr
__setusermatherr
wcsncpy
_acmdln
_exit
_adjust_fdiv
free
__getmainargs
wcschr
_initterm
strchr
wcscpy
strrchr
_strnicmp
_controlfp
__set_app_type
OleIsCurrentClipboard
OleSetClipboard
OleInitialize
CoGetMalloc
Number of PE resources by type
RT_BITMAP 11
RT_RCDATA 6
MAD 2
Number of PE resources by language
NEUTRAL 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:20 17:53:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
213504

LinkerVersion
9.0

EntryPoint
0x1180

InitializedDataSize
109568

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 204ca81a31d2484a09a0d43907bc7069
SHA1 a08aada15e125927632156e91135798b89efbdef
SHA256 36862e99434f6307d4654f928e018dbcbc53fd4b994f5d459a10d306c3fb23d8
ssdeep
6144:/k8cFd3uIwhiwXtLWBUm2pFdImSvsGnk7moE9Fa:c8cCIyLWBUnhal6mTna

authentihash 1599de15c815cd49f2bfa430344ca31d093fc635526764a168d93faaa1843f83
imphash c4677fef0a8e7fb69b776af8111510aa
File size 316.0 KB ( 323584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-27 01:27:29 UTC ( 4 years, 1 month ago )
Last submission 2015-02-07 19:03:01 UTC ( 4 years, 1 month ago )
File names 204ca81a31d2484a09a0d43907bc7069
vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.