× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c1e4c334629b20e21b8ab08b8aa19db738f2ed761290ffdd26665cd61cb7807
File name: 3c1e4c334629b20e21b8ab08b8aa19db738f2ed761290ffdd26665cd61cb7807.bin
Detection ratio: 48 / 70
Analysis date: 2019-01-26 20:32:20 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.18688948 20190126
AegisLab Trojan.Win32.Zbot.l!c 20190126
AhnLab-V3 Spyware/Win32.Zbot.C1526682 20190126
ALYac Trojan.Generic.18688948 20190126
Antiy-AVL Trojan[Spy]/Win32.Zbot 20190126
Arcabit Trojan.Generic.D11D2BB4 20190126
Avast Win32:Neutrino-B [Trj] 20190126
AVG Win32:Neutrino-B [Trj] 20190126
Avira (no cloud) TR/AD.InjectorA.avgwq 20190126
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Trojan.Generic.18688948 20190126
ClamAV Win.Malware.Zbot-70910 20190126
Comodo Malware@#3kdypy5zm1mln 20190126
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190126
DrWeb DLOADER.Trojan 20190126
Emsisoft Trojan.Generic.18688948 (B) 20190126
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Spy.Zbot.ACP 20190126
F-Secure Trojan.Generic.18688948 20190126
Fortinet W32/VMProtBad.A!tr.spy 20190126
GData Trojan.Generic.18688948 20190126
Ikarus Trojan-Spy.Agent 20190126
Jiangmin TrojanSpy.Zbot.fgpu 20190126
K7AntiVirus Spyware ( 004f8f051 ) 20190126
K7GW Spyware ( 004f8f051 ) 20190126
Kaspersky Trojan-Spy.Win32.Zbot.xdpm 20190126
MAX malware (ai score=84) 20190126
McAfee GenericRXDJ-JP!9B1FE9DBBE6B 20190126
McAfee-GW-Edition BehavesLike.Win32.Generic.th 20190126
Microsoft Trojan:Win32/Dynamer!ac 20190126
eScan Trojan.Generic.18688948 20190126
NANO-Antivirus Trojan.Win32.AD.egkysr 20190126
Palo Alto Networks (Known Signatures) generic.ml 20190126
Panda Trj/GdSda.A 20190126
Qihoo-360 Win32/Trojan.621 20190126
Rising Spyware.Zbot!8.16B (CLOUD) 20190126
Sophos AV Mal/VMProtBad-A 20190126
Symantec Trojan.Zbot 20190126
Tencent Win32.Trojan-spy.Zbot.Htch 20190126
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_DYNAMER.XXYR 20190126
TrendMicro-HouseCall TROJ_DYNAMER.XXYR 20190126
VBA32 TrojanSpy.Zbot 20190125
Webroot W32.Malware.Gen 20190126
Yandex TrojanSpy.Zbot!RJqwdjrBpfg 20190125
Zillya Trojan.VMProtect.Win32.669 20190125
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.xdpm 20190126
Acronis 20190124
Alibaba 20180921
Avast-Mobile 20190126
Babable 20180918
Baidu 20190125
Bkav 20190125
CAT-QuickHeal 20190126
CMC 20190126
Cybereason 20180308
Cyren 20190126
eGambit 20190126
F-Prot 20190126
Sophos ML 20181128
Kingsoft 20190126
Malwarebytes 20190126
SentinelOne (Static ML) 20190124
SUPERAntiSpyware 20190123
TACHYON 20190126
TheHacker 20190125
TotalDefense 20190126
Trustlook 20190126
ViRobot 20190126
Zoner 20190125
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-27 15:04:25
Entry Point 0x000B1EBD
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExA
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
RegisterEventSourceA
RegOpenKeyExA
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitiateSystemShutdownExW
RegSetValueExA
ReportEventA
SetNamedSecurityInfoW
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
FindFirstFileW
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetSystemDefaultLCID
LoadLibraryExW
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCPInfo
lstrcmpiA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
AddVectoredExceptionHandler
GetOEMCP
LocalFree
ResumeThread
GetTimeZoneInformation
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
ReadConsoleInputA
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateMutexA
SetFilePointer
GetFullPathNameW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
GetVolumeNameForVolumeMountPointW
IsProcessorFeaturePresent
GetFileInformationByHandle
ExitThread
DecodePointer
SetEnvironmentVariableA
SetThreadContext
GlobalMemoryStatus
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapCreate
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
CreateRemoteThread
FlushConsoleInputBuffer
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetComputerNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
GetCurrentThreadId
ResetEvent
CreateFileMappingA
Thread32Next
TerminateProcess
DuplicateHandle
FindFirstFileExW
GetProcAddress
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
RemoveVectoredExceptionHandler
InterlockedIncrement
GetNativeSystemInfo
GetLastError
InitializeCriticalSection
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
GetConsoleCP
GetEnvironmentStringsW
Process32NextW
VirtualFree
FileTimeToLocalFileTime
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
ReadConsoleW
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
GetTempPathW
CreateProcessW
Sleep
SetConsoleCtrlHandler
VirtualAlloc
SHGetFolderPathW
ShellExecuteW
PathRenameExtensionW
wvnsprintfA
SHDeleteKeyW
PathRemoveFileSpecW
PathAddBackslashW
PathIsURLW
UrlUnescapeA
wvnsprintfW
PathSkipRootW
SHDeleteValueW
StrCmpNIA
PathCombineW
PathRemoveBackslashW
PathAddExtensionW
CharLowerA
GetUserObjectInformationW
CharUpperW
MessageBoxA
CharLowerBuffA
GetProcessWindowStation
ExitWindowsEx
HttpSendRequestA
InternetSetOptionW
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
DeleteUrlCacheEntryA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
InternetQueryOptionW
getaddrinfo
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
htons
select
closesocket
inet_addr
send
ntohs
WSAGetLastError
listen
gethostbyname
WSASetLastError
recv
WSAIoctl
setsockopt
socket
bind
CLSIDFromString
StringFromGUID2
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:05:27 17:04:25+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
871424

LinkerVersion
11.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0xb1ebd

InitializedDataSize
425984

SubsystemVersion
6.0

ImageVersion
1.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 9b1fe9dbbe6bad811f280d7e1946b208
SHA1 e57362eaa240da948980c4c6133d63c2a4c07b31
SHA256 3c1e4c334629b20e21b8ab08b8aa19db738f2ed761290ffdd26665cd61cb7807
ssdeep
24576:MHvPE9oTqVu+y3xZkL9ergEGMg7JE4zp/U6Tdz+SuGsattl8:MHvVTqVubZfxglE4zp/NTd6+9ttl8

authentihash 27c9301609aec856b14101b8a339008dc8657a1f7c701a3c985c61a5de31d389
imphash 58b6f7e66ef163f8ca6f6681e96fcd82
File size 1.2 MB ( 1242624 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-09-21 16:01:36 UTC ( 2 years, 5 months ago )
Last submission 2019-01-26 20:32:20 UTC ( 3 weeks, 3 days ago )
File names 3c1e4c334629b20e21b8ab08b8aa19db738f2ed761290ffdd26665cd61cb7807.bin
deloader_payload_zeus_variant.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!