× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3af29a5e192866565294337e2b6254e9e736a1b9efbfab4377fbdd32bfbea449
File name: 34ab9e26eb48d884226af48cfa3d5fe8
Detection ratio: 21 / 56
Analysis date: 2015-03-16 19:29:55 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2226910 20150316
AhnLab-V3 Trojan/Win32.MDA 20150316
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150316
Avast Win32:Malware-gen 20150316
AVG Zbot.ZOT 20150316
Avira (no cloud) TR/Zbot.A.1640 20150316
Baidu-International Trojan.Win32.Zbot.vegc 20150316
BitDefender Trojan.GenericKD.2226910 20150316
Bkav HW32.Packed.250F 20150314
Emsisoft Trojan.GenericKD.2226910 (B) 20150316
ESET-NOD32 Win32/Spy.Zbot.ACB 20150316
Fortinet W32/Zbot.ACB!tr.spy 20150316
GData Trojan.GenericKD.2226910 20150316
Ikarus Trojan-Spy.Agent 20150316
Kaspersky Trojan-Spy.Win32.Zbot.vegc 20150316
Malwarebytes Trojan.Agent.ED 20150316
eScan Trojan.GenericKD.2226910 20150316
Panda Generic Suspicious 20150316
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150316
Sophos AV Mal/Generic-S 20150316
Symantec Trojan.Gen.2 20150316
AegisLab 20150316
Yandex 20150316
Alibaba 20150316
ALYac 20150316
AVware 20150316
ByteHero 20150316
CAT-QuickHeal 20150316
ClamAV 20150315
CMC 20150316
Comodo 20150316
Cyren 20150316
DrWeb 20150316
F-Prot 20150316
F-Secure 20150316
Jiangmin 20150316
K7AntiVirus 20150316
K7GW 20150316
Kingsoft 20150316
McAfee 20150316
McAfee-GW-Edition 20150316
Microsoft 20150316
NANO-Antivirus 20150316
Norman 20150316
nProtect 20150316
Qihoo-360 20150316
SUPERAntiSpyware 20150315
Tencent 20150316
TheHacker 20150316
TotalDefense 20150316
TrendMicro 20150316
TrendMicro-HouseCall 20150316
VBA32 20150315
VIPRE 20150316
ViRobot 20150316
Zoner 20150316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
f></>freshcan Among likesellEither

Publisher ActivEngage
Product Plane Branch
Original name missLe.exe
Internal name Plane Branch
File version 9.7.8662.5212
Description Plane Branch
Comments f></>needevening f></>firekeep Yard Determine dryofferskill gather Spot Fourdream
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-14 15:47:43
Entry Point 0x0000224B
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetSystemPowerState
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
GetStartupInfoW
GetProcAddress
SetSystemTimeAdjustment
GetProcessHeap
CompareStringW
HeapValidate
CompareStringA
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
HeapCompact
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ResetEvent
WSAStartup
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACleanup
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
f></>wondereight Fun suggest mustevery Like

SubsystemVersion
4.0

Comments
f></>needevening f></>firekeep Yard Determine dryofferskill gather Spot Fourdream

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.7.8662.5212

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Plane Branch

CharacterSet
Unicode

InitializedDataSize
1454080

EntryPoint
0x224b

OriginalFileName
missLe.exe

MIMEType
application/octet-stream

LegalCopyright
f></>freshcan Among likesellEither

FileVersion
9.7.8662.5212

TimeStamp
2015:03:14 16:47:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Plane Branch

ProductVersion
9.7.8662.5212

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ActivEngage

CodeSize
147456

ProductName
Plane Branch

ProductVersionNumber
9.7.8662.5212

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 34ab9e26eb48d884226af48cfa3d5fe8
SHA1 2eb6c190eee9d558a9cb0a223d0f0ffa1b54dd27
SHA256 3af29a5e192866565294337e2b6254e9e736a1b9efbfab4377fbdd32bfbea449
ssdeep
6144:Y2z1SbQswT5TE+o86qhQjDzR98AOMOfDSnRLsD4u6LAdG:V1S1wt2qhQnYALOfDuRCwAd

authentihash 3c331105c3a80ded54ec67c79f8ee37a9af540e45840b522a87c2bb78e8905e7
imphash b2bf06fd10a355f3f9cf934591436777
File size 284.0 KB ( 290816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-16 19:29:55 UTC ( 4 years ago )
Last submission 2015-03-16 19:29:55 UTC ( 4 years ago )
File names missLe.exe
Plane Branch
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.