× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3930fca3340798e84dc0eb5e47607cd1eb68740c6b2101370cf6bf23e910a69e
File name: 7981fc8df2ae9c28b8c59fe154b4ae7ebb793271
Detection ratio: 19 / 52
Analysis date: 2014-05-31 08:10:20 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1698187 20140531
AntiVir TR/Rogue.245760.9 20140531
Avast Win32:Dropper-gen [Drp] 20140531
AVG Zbot.JJH 20140530
BitDefender Trojan.GenericKD.1698187 20140531
Emsisoft Trojan.GenericKD.1698187 (B) 20140531
ESET-NOD32 Win32/Spy.Zbot.YW 20140531
F-Secure Trojan.GenericKD.1698187 20140531
Fortinet W32/Zbot.TCAB!tr 20140531
GData Trojan.GenericKD.1698187 20140531
Kaspersky Trojan-Spy.Win32.Zbot.tcab 20140531
Malwarebytes Malware.Packer.LOL 20140531
McAfee RDN/Generic PWS.y!zt 20140531
McAfee-GW-Edition Artemis!C45D7F40C43B 20140530
eScan Trojan.GenericKD.1698187 20140531
Qihoo-360 HEUR/Malware.QVM20.Gen 20140531
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140530
Sophos AV Mal/Generic-S 20140531
Tencent Win32.Trojan-spy.Zbot.Swun 20140531
AegisLab 20140531
Yandex 20140530
AhnLab-V3 20140530
Antiy-AVL 20140530
Baidu-International 20140531
Bkav 20140530
ByteHero 20140531
CAT-QuickHeal 20140531
ClamAV 20140530
CMC 20140530
Commtouch 20140531
Comodo 20140531
DrWeb 20140531
F-Prot 20140531
Ikarus 20140531
Jiangmin 20140531
K7AntiVirus 20140530
K7GW 20140530
Kingsoft 20140531
Microsoft 20140531
NANO-Antivirus 20140531
Norman 20140531
nProtect 20140530
Panda 20140530
SUPERAntiSpyware 20140531
Symantec 20140531
TheHacker 20140531
TotalDefense 20140530
TrendMicro 20140531
TrendMicro-HouseCall 20140531
VBA32 20140530
VIPRE 20140531
ViRobot 20140531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-24 12:15:22
Entry Point 0x000068A6
Number of sections 4
PE sections
PE imports
AuthzAccessCheck
AuthzFreeAuditEvent
GetVolumePathNameW
GetSystemInfo
lstrcmpiA
PurgeComm
EncodePointer
ReplaceFileW
GetLocalTime
GetCurrentDirectoryA
GetShortPathNameA
GetLogicalDrives
GetConsoleTitleA
GetProcAddress
GetProcessHeap
SetFileAttributesA
CreateMutexA
CreateSemaphoreA
GetModuleHandleA
lstrcmpA
FormatMessageA
HeapValidate
CompareStringA
lstrcpynA
GetBinaryTypeA
GetFullPathNameA
QueryDosDeviceA
FindResourceA
CreateEventW
GetEnvironmentVariableA
TlsGetValue
GetFileType
GetTickCount
GetCurrentThread
SetCurrentDirectoryA
SetFocus
GetMessageA
CreateWindowExA
GetWindowLongA
PostMessageA
IsZoomed
PeekMessageA
SetCursorPos
DialogBoxParamA
GetCaretPos
IsDialogMessageA
CharToOemA
Number of PE resources by type
RT_MANIFEST 1
Struct(34) 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:24 13:15:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
62976

LinkerVersion
9.0

FileAccessDate
2014:06:13 01:09:07+01:00

EntryPoint
0x68a6

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:13 01:09:07+01:00

UninitializedDataSize
0

File identification
MD5 c45d7f40c43b7b5c6c46c9b3d4c2e445
SHA1 01f03d4a6eed048084156201c6d5065b147affd0
SHA256 3930fca3340798e84dc0eb5e47607cd1eb68740c6b2101370cf6bf23e910a69e
ssdeep
6144:wzoJeicWTjj4FnQkpC6U/diePxWdTG7T:iccWTX4FS6U/diePxWdTG

imphash 752038401c425bea9ab49a0d01cce28f
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-31 08:10:20 UTC ( 4 years, 9 months ago )
Last submission 2014-05-31 08:10:20 UTC ( 4 years, 9 months ago )
File names 7981fc8df2ae9c28b8c59fe154b4ae7ebb793271
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests