× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 37b69600e249d0ec3f1c99870f9b0e8b22a72302970225fa2b3ce63142ea50b9
File name: PL-file1
Detection ratio: 20 / 56
Analysis date: 2014-12-17 17:20:00 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.119140 20141217
AhnLab-V3 Trojan/Win32.MDA 20141217
Antiy-AVL Trojan/Win32.Yakes 20141217
Avast Win32:Dropper-gen [Drp] 20141217
AVG Inject2.BIGK 20141217
Avira (no cloud) TR/Crypt.XPACK.Gen8 20141217
BitDefender Gen:Variant.Zusy.119140 20141217
DrWeb BackDoor.IRC.NgrBot.42 20141217
Emsisoft Gen:Variant.Zusy.119140 (B) 20141217
ESET-NOD32 a variant of Win32/Injector.BRJE 20141217
F-Secure Gen:Variant.Graftor.167446 20141217
Fortinet W32/Injector.BRJE!tr 20141217
GData Gen:Variant.Zusy.119140 20141217
Malwarebytes Trojan.MSIL.ECED 20141217
McAfee Trojan-FFLJ!14A18B30C40F 20141217
eScan Gen:Variant.Zusy.119140 20141217
NANO-Antivirus Trojan.Win32.Yakes.dkmcjp 20141217
Qihoo-360 Malware.QVM10.Gen 20141217
Sophos AV Mal/Wonton-T 20141217
VBA32 Heur.Malware-Cryptor.Ngrbot 20141217
AegisLab 20141217
Yandex 20141217
ALYac 20141217
AVware 20141217
Baidu-International 20141217
Bkav 20141217
ByteHero 20141217
CAT-QuickHeal 20141216
ClamAV 20141217
CMC 20141215
Comodo 20141217
Cyren 20141217
F-Prot 20141217
Ikarus 20141217
Jiangmin 20141216
K7AntiVirus 20141217
K7GW 20141217
Kaspersky 20141217
Kingsoft 20141217
McAfee-GW-Edition 20141217
Microsoft 20141217
Norman 20141217
nProtect 20141217
Panda 20141217
Rising 20141217
SUPERAntiSpyware 20141217
Symantec 20141217
Tencent 20141217
TheHacker 20141216
TotalDefense 20141217
TrendMicro 20141217
TrendMicro-HouseCall 20141217
VIPRE 20141217
ViRobot 20141217
Zillya 20141216
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-15 13:52:41
Entry Point 0x00001D7D
Number of sections 4
PE sections
Overlays
MD5 86f20cad3e35611ad02c1c467e7f57d7
File type data
Offset 298496
Size 1304
Entropy 7.69
PE imports
SetSecurityDescriptorDacl
RegFlushKey
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
GetLastError
GetWriteWatch
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
CreateTapePartition
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
HeapSize
GetCurrentProcessId
UnhandledExceptionFilter
SetProcessPriorityBoost
LCMapStringA
GetCPInfo
ClearCommBreak
InterlockedDecrement
MultiByteToWideChar
IsProcessInJob
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
GetStringTypeW
ReleaseSemaphore
WideCharToMultiByte
TlsFree
TlsSetValue
WTSGetActiveConsoleSessionId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
ClearCommError
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
GlobalUnWire
TerminateProcess
GetProcessHandleCount
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
SetMessageWaitingIndicator
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 6
RT_ICON 5
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
RUSSIAN 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:12:15 14:52:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
9.0

EntryPoint
0x1d7d

InitializedDataSize
268800

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 14a18b30c40f5a4fafe08e0c21cc5844
SHA1 cb0dd3276e81bbd0c40d44cb9f03571f431bd4b7
SHA256 37b69600e249d0ec3f1c99870f9b0e8b22a72302970225fa2b3ce63142ea50b9
ssdeep
3072:uZV+pnkyYRDUNCrnqT9y6e4t+OOMcbwuCU5+6DAD/NZ9VJex4cWR/g:ur+YRDWJLcbwuuUI/9fxcWR/g

authentihash 09863329b96f404413eb027f96bf484b631f407624e1b1f973546f71d5be70a1
imphash 7f95a79e46346551ca44bccf7679bd02
File size 292.8 KB ( 299800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-12-17 17:20:00 UTC ( 2 years, 8 months ago )
Last submission 2016-11-26 18:32:57 UTC ( 8 months, 3 weeks ago )
File names ZeuS_binary_14a18b30c40f5a4fafe08e0c21cc5844.exe
6.exe
14A18B30C40F5A4FAFE08E0C21CC5844
bot.exe
01.exe
ZeuS_binary_14a18b30c40f5a4fafe08e0c21cc5844.exe
PL-file1
37b69600e249d0ec3f1c99870f9b0e8b22a72302970225fa2b3ce63142ea50b9.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs