× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ca9158ec1adeac043c8f9d4a2d2aa76759cd4e73cc91c8081f972fa3c9ab788
File name: 4371f99b9005a9e2031e83f850acd5c6e336ec54
Detection ratio: 17 / 56
Analysis date: 2015-04-10 16:36:57 UTC ( 3 years, 11 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MDA 20150410
AVG Inject2.BXLD 20150410
AVware Trojan.Win32.Generic.pak!cobra 20150410
BitDefender Gen:Variant.Strictor.83449 20150410
CAT-QuickHeal TrojanPWS.Zbot.A4 20150410
Cyren W32/Damaged_File.gen!Eldorado 20150410
DrWeb Trojan.DownLoader12.29517 20150410
ESET-NOD32 a variant of Win32/Injector.BXZV 20150410
Fortinet W32/Zbot.VHTU!tr 20150410
GData Win32.Trojan.Agent.1CTU5V 20150410
K7GW Trojan ( 004bcc0d1 ) 20150410
Kaspersky Trojan-Spy.Win32.Zbot.vhtu 20150410
Malwarebytes Trojan.FileLock 20150410
Panda Generic Suspicious 20150410
Sophos AV Troj/Fondu-EU 20150410
Tencent Trojan.Win32.YY.Gen.24 20150410
VIPRE Trojan.Win32.Generic.pak!cobra 20150410
Ad-Aware 20150410
AegisLab 20150410
Yandex 20150409
Alibaba 20150410
ALYac 20150410
Antiy-AVL 20150410
Avast 20150410
Baidu-International 20150410
Bkav 20150410
ByteHero 20150410
ClamAV 20150410
CMC 20150410
Comodo 20150410
Emsisoft 20150410
F-Prot 20150410
F-Secure 20150410
Ikarus 20150410
Jiangmin 20150409
K7AntiVirus 20150410
Kingsoft 20150410
McAfee 20150410
McAfee-GW-Edition 20150409
Microsoft 20150410
eScan 20150410
NANO-Antivirus 20150410
Norman 20150410
nProtect 20150410
Qihoo-360 20150410
Rising 20150410
SUPERAntiSpyware 20150410
Symantec 20150410
TheHacker 20150408
TotalDefense 20150409
TrendMicro 20150410
TrendMicro-HouseCall 20150410
VBA32 20150410
ViRobot 20150410
Zillya 20150409
Zoner 20150410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-28 09:00:29
Entry Point 0x0000B4E2
Number of sections 6
PE sections
PE imports
StretchDIBits
GetModuleFileNameW
GetStartupInfoW
CreateFileW
GetModuleHandleW
Ord(3820)
Ord(1131)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(6113)
Ord(5237)
Ord(4073)
Ord(6153)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4461)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(517)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(554)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(4343)
Ord(567)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(6127)
Ord(5285)
Ord(4617)
Ord(5233)
Ord(6330)
Ord(1165)
Ord(617)
Ord(3053)
Ord(366)
Ord(825)
Ord(2644)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(2502)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4335)
Ord(5273)
Ord(1767)
Ord(2371)
Ord(975)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4954)
Ord(2504)
Ord(5006)
Ord(1912)
Ord(4607)
Ord(656)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(1658)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4458)
Ord(4269)
Ord(2879)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(1718)
Ord(2641)
Ord(1834)
Ord(2109)
Ord(796)
Ord(4957)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4158)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3490)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4257)
Ord(4451)
Ord(4692)
Ord(4381)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(2717)
Ord(324)
Ord(5157)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(1662)
Ord(3793)
Ord(5097)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(2859)
Ord(652)
Ord(5094)
Ord(4420)
Ord(520)
Ord(4435)
Ord(6212)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(2078)
Ord(3054)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(5059)
Ord(3397)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(800)
Ord(296)
Ord(5649)
Ord(5239)
Ord(3605)
Ord(5286)
Ord(4690)
_except_handler3
__p__fmode
__CxxFrameHandler
?terminate@@YAXXZ
_exit
__p__commode
floor
__dllonexit
_onexit
__wgetmainargs
_controlfp
exit
_XcptFilter
_ftol
_initterm
__setusermatherr
_wcmdln
_adjust_fdiv
__set_app_type
ReleaseDC
SendMessageW
UpdateWindow
EnableWindow
SetCapture
GetDC
InvalidateRect
Number of PE resources by type
RT_STRING 15
RT_DIALOG 6
RT_ICON 1
Struct(33) 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN AUSTRIAN 15
CHINESE SIMPLIFIED 9
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:28 10:00:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

EntryPoint
0xb4e2

InitializedDataSize
245760

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8d22983c8a14f28cc1996c93753d22e6
SHA1 62c73c9caf6365501ab7c704b50678f654c2d3b6
SHA256 3ca9158ec1adeac043c8f9d4a2d2aa76759cd4e73cc91c8081f972fa3c9ab788
ssdeep
6144:kaceevYXGcVG46ECy9RUd8EGIEQRDJZ23V3qqBELaz8LKmm9BY:7ce3bN6Vy0HGIEQRDJooq6LagL2Y

authentihash 3d3a1c156c2bcb262c98209e02a9a28082cc442482dc3195c6e04bd87516248c
imphash 16c516c1cecf60be25a6a19798089ba1
File size 288.5 KB ( 295424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-10 16:36:57 UTC ( 3 years, 11 months ago )
Last submission 2015-04-10 16:36:57 UTC ( 3 years, 11 months ago )
File names 4371f99b9005a9e2031e83f850acd5c6e336ec54
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!