× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38da71476ed4e2467fac579d8301edc5ac0d72905db395b977c9161a0245f4d0
File name: binary.exe_
Detection ratio: 38 / 56
Analysis date: 2015-08-07 11:24:05 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2603506 20150807
AhnLab-V3 Trojan/Win32.ZBot 20150807
ALYac Trojan.GenericKD.2603506 20150807
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150807
Arcabit Trojan.Generic.D27B9F2 20150807
Avast Win32:Agent-AZXV [Trj] 20150807
AVG Crypt4.BQIC 20150807
Avira (no cloud) TR/Crypt.EPACK.16 20150807
AVware Trojan.Win32.Generic!BT 20150807
Baidu-International Trojan.Win32.Zbot.vtmp 20150807
BitDefender Trojan.GenericKD.2603506 20150807
CAT-QuickHeal TrojanPWS.Zbot.re 20150807
Cyren W32/Trojan.JJUB-3439 20150807
DrWeb Trojan.PWS.Panda.8087 20150807
Emsisoft Trojan.Win32.Injector (A) 20150807
ESET-NOD32 a variant of Win32/Kryptik.DRQY 20150807
F-Secure Trojan.GenericKD.2603506 20150807
Fortinet W32/Zbot.DRQY!tr 20150807
GData Trojan.GenericKD.2603506 20150807
Ikarus Trojan.Win32.Crypt 20150807
K7AntiVirus Riskware ( 0040eff71 ) 20150807
K7GW Riskware ( 0040eff71 ) 20150807
Kaspersky Trojan-Spy.Win32.Zbot.vtmp 20150807
McAfee RDN/Generic PWS.y 20150807
McAfee-GW-Edition BehavesLike.Win32.Obfuscated.dm 20150807
Microsoft PWS:Win32/Zbot!VM 20150807
eScan Trojan.GenericKD.2603506 20150807
NANO-Antivirus Trojan.Win32.MLW.dunxnj 20150807
nProtect Trojan.GenericKD.2603506 20150807
Panda Generic Suspicious 20150806
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150807
Sophos AV Mal/Generic-S 20150807
Symantec Trojan.Zbot 20150807
TheHacker Trojan/Kryptik.drqy 20150805
TotalDefense Win32/Zbot.ZANX!suspicious 20150807
TrendMicro TROJ_FORUCON.BMC 20150807
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150807
VIPRE Trojan.Win32.Generic!BT 20150807
AegisLab 20150807
Yandex 20150806
Alibaba 20150803
Bkav 20150806
ByteHero 20150807
ClamAV 20150806
Comodo 20150807
F-Prot 20150807
Jiangmin 20150806
Kingsoft 20150807
Malwarebytes 20150807
Rising 20150807
SUPERAntiSpyware 20150807
Tencent 20150807
VBA32 20150807
ViRobot 20150807
Zillya 20150806
Zoner 20150807
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-07 11:49:28
Entry Point 0x00001000
Number of sections 14
PE sections
PE imports
RedrawWindow
DrawAnimatedRects
GetParent
LoadIconA
DdeFreeDataHandle
GetScrollInfo
MoveWindow
GetMouseMovePointsEx
GetWindowTextW
FindWindowA
GetWindowContextHelpId
IsWindowEnabled
wvsprintfW
GetSysColorBrush
GetClipboardViewer
IsIconic
ValidateRgn
InflateRect
RegisterClassExW
DrawIcon
DialogBoxParamW
CascadeWindows
ChildWindowFromPoint
SetUserObjectInformationW
GetSysColor
SetActiveWindow
CopyImage
GetCursorPos
MapDialogRect
CharNextExA
GetDlgCtrlID
IsCharUpperA
IsZoomed
GetMessageTime
GetClientRect
GetDlgItem
CharLowerBuffA
MessageBoxW
SendInput
InvalidateRect
LoadAcceleratorsA
GetClassNameW
GetKeyboardLayout
GetTopWindow
GetUpdateRgn
CharNextA
MapVirtualKeyExW
CreateDesktopW
GetDesktopWindow
ChangeDisplaySettingsExW
IsCharUpperW
CloseClipboard
GetWindowInfo
GetKeyboardType
IsChild
PostThreadMessageA
GetMenuStringW
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:04:07 12:49:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
205312

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
31232

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ce0dc1ab104d69ef12337cb60e100501
SHA1 d6f0ac9dc31f19c1c2a39d00ee6685b3274473e6
SHA256 38da71476ed4e2467fac579d8301edc5ac0d72905db395b977c9161a0245f4d0
ssdeep
1536:nAFMwstKz6anUyDKRBtMUInYYko1ERbXglOHyKqgxkBUsoSFPT:VpEzJnbDKTiUYY22vL2UsoSFPT

authentihash ced5db7b0e1b2b724ee9d1367a4445eada79ab96f20673f4ad6c4756110db6a4
imphash 9422a59e4ebf3fd018b4065bdc74f72d
File size 253.5 KB ( 259584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-29 08:02:43 UTC ( 3 years, 7 months ago )
Last submission 2015-07-29 19:01:10 UTC ( 3 years, 7 months ago )
File names klj15.exe
ZeuS_binary.exe
ZeuS_binary.exe_
binary.exe_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs