× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c49d6dd2945e608c038d2d70dad24697610e4d54859c9fca070fe248950af9e
File name: ZeuS_binary_c9031cbb8f2d758298a24555422400ab.exe
Detection ratio: 50 / 56
Analysis date: 2016-11-07 21:44:13 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.165 20161107
AegisLab Troj.Spy.W32.Zbot.dhsw!c 20161107
AhnLab-V3 Trojan/Win32.Zbot.N511344700 20161107
ALYac Gen:Variant.Kazy.165 20161107
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161107
Arcabit Trojan.Kazy.165 20161107
Avast Sf:Crypt-BT [Trj] 20161107
AVG Generic_s.BE 20161107
Avira (no cloud) TR/Spy.ZBot.aoqb.5 20161107
AVware Trojan-PWS.Win32.Zbot.aac (v) 20161107
Baidu Win32.Trojan.Zbot.a 20161107
BitDefender Gen:Variant.Kazy.165 20161107
CAT-QuickHeal TrojanPWS.Zbot.Gen 20161107
ClamAV Win.Spyware.Zbot-1275 20161107
Comodo TrojWare.Win32.Kazy.MKD 20161107
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Zbot.BR.gen!Eldorado 20161107
DrWeb Trojan.PWS.Panda.655 20161107
Emsisoft Gen:Variant.Kazy.165 (B) 20161107
ESET-NOD32 a variant of Win32/Spy.Zbot.YW 20161107
F-Prot W32/Zbot.BR.gen!Eldorado 20161107
F-Secure Trojan-Spy:W32/Zbot.AVTH 20161107
Fortinet W32/Zbot.YW!tr 20161107
GData Gen:Variant.Kazy.165 20161107
Ikarus Trojan-Spy.Win32.Zbot 20161107
Invincea trojanspy.win32.nivdort.dd 20161018
Jiangmin TrojanSpy.Zbot.bnkw 20161107
K7AntiVirus Spyware ( 002891031 ) 20161107
K7GW Spyware ( 002891031 ) 20161107
Kaspersky HEUR:Trojan.Win32.Generic 20161107
Malwarebytes Spyware.Zbot 20161107
McAfee PWS-Zbot.gen.ds 20161107
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20161107
Microsoft PWS:Win32/Zbot!ZA 20161107
eScan Gen:Variant.Kazy.165 20161107
NANO-Antivirus Trojan.Win32.Panda.ctinmj 20161107
nProtect Trojan-Spy/W32.ZBot.141312.AD 20161107
Panda Generic Malware 20161107
Qihoo-360 HEUR/Malware.QVM20.Gen 20161107
Rising Malware.Generic!trhtv30d6UC@5 (thunder) 20161107
Sophos Troj/PWS-BSF 20161107
Symantec Heur.AdvML.B 20161107
Tencent Win32.Backdoor.Zbot.Auto 20161107
TheHacker Trojan/Spy.Zbot.dhsw 20161106
TotalDefense Win32/Zbot.AZ!generic 20161107
TrendMicro-HouseCall Cryp_Xin1 20161107
VBA32 SScope.Trojan.FakeAV.01110 20161105
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20161107
Yandex TrojanSpy.Zbot!0rhRCv0uwI0 20161107
Zillya Trojan.Zbot.Win32.189111 20161107
Alibaba 20161107
Bkav 20161107
CMC 20161107
Kingsoft 20161107
SUPERAntiSpyware 20161107
TrendMicro 20161107
ViRobot 20161107
Zoner 20161107
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-19 15:45:39
Entry Point 0x00012971
Number of sections 3
PE sections
Overlays
MD5 29c8af8b5b5562cec2fee17071db660e
File type data
Offset 140800
Size 512
Entropy 7.58
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
GetTempPathW
Thread32First
HeapReAlloc
SetEvent
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
FreeLibrary
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
WriteFile
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
SendMessageW
CreateDesktopW
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenu
EndMenu
DefFrameProcA
DefMDIChildProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
GetMessageA
GetUserObjectInformationW
GetParent
EqualRect
DefWindowProcA
GetMessageW
PeekMessageW
GetDC
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
DrawEdge
SwitchDesktop
BeginPaint
DefWindowProcW
ReleaseCapture
MapVirtualKeyW
DefMDIChildProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
SetKeyboardState
GetClassLongW
CreateWindowStationW
GetProcessWindowStation
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
DispatchMessageW
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
DefFrameProcW
RegisterClassExW
IsRectEmpty
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
SetCursorPos
SystemParametersInfoW
PostMessageW
CallWindowProcW
GetClassNameW
DefDlgProcW
DefDlgProcA
CloseDesktop
CallWindowProcA
SendMessageTimeoutW
GetAncestor
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
HttpSendRequestExW
InternetCloseHandle
InternetQueryOptionW
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
getpeername
WSAGetLastError
recv
send
WSASend
select
listen
WSAEventSelect
WSASetLastError
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
ExifTool file metadata
FileAccessDate
2014:04:29 04:15:32+01:00

FileCreateDate
2014:04:29 04:15:32+01:00

File identification
MD5 c9031cbb8f2d758298a24555422400ab
SHA1 da2ec45d1f08140a767e5a89c819232e8244b4fc
SHA256 3c49d6dd2945e608c038d2d70dad24697610e4d54859c9fca070fe248950af9e
ssdeep
3072:uMXVAOmHeojOj/XS3vDq1MzAgbDHtpTCfo3CEBlweDRQspVF:uMlAVjU/XS3eSjbDHtp7dQsl

authentihash c6515aa7dc2bf853f397fb3ad9614f09aefbf9b0bd9cf2e97e2c4f256e182bfe
imphash 1d1bd81bfbd68308098d138ae02395f3
File size 138.0 KB ( 141312 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2012-01-29 14:17:36 UTC ( 5 years, 1 month ago )
Last submission 2016-11-07 21:44:13 UTC ( 4 months, 2 weeks ago )
File names 3c49d6dd2945e608c038d2d70dad24697610e4d54859c9fca070fe248950af9e.bin
ZeuS_binary_c9031cbb8f2d758298a24555422400ab.exe
file-6765936_
bot6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!