× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d84cdc7fd6e5da03f24c52827cd7e55f28f165facfec60da51a95ca64854728
File name: 3ae687bf9dfbd362c2cfa0aff3d00d52
Detection ratio: 50 / 54
Analysis date: 2014-10-16 21:42:15 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Downloader.JPEE 20141016
Yandex TrojanSpy.Zbot!IXxjbvejv/w 20141015
AhnLab-V3 Trojan/Win32.Zbot 20141016
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141016
Avast Win32:Zbot-OAM [Trj] 20141016
AVG PSW.Generic9.BLCZ 20141016
Avira (no cloud) TR/Kazy.MK 20141016
AVware Trojan.Win32.Generic!SB.0 20141016
Baidu-International Trojan.Win32.Zbot.amJ 20141016
BitDefender Trojan.Downloader.JPEE 20141016
CAT-QuickHeal TrojanPWS.Zbot.Gen 20141016
ClamAV Trojan.Spy.Zbot-142 20141016
CMC Packed.Win32.Toggaf.4!O 20141016
Comodo TrojWare.Win32.Kazy.MKD 20141016
Cyren W32/Zbot.BR.gen!Eldorado 20141016
DrWeb Trojan.PWS.Panda.547 20141016
Emsisoft Trojan.Downloader.JPEE (B) 20141016
ESET-NOD32 Win32/Spy.Zbot.YW 20141016
F-Prot W32/Zbot.BR.gen!Eldorado 20141016
F-Secure Trojan-Spy:W32/Zbot.AVTH 20141016
Fortinet W32/Zbot.AT!tr 20141016
GData Trojan.Downloader.JPEE 20141016
Ikarus Trojan-Spy.Win32.Zbot 20141016
Jiangmin Trojan/Generic.yhha 20141016
K7AntiVirus Backdoor ( 04c4ee7b1 ) 20141016
K7GW Backdoor ( 04c4ee7b1 ) 20141016
Kaspersky Trojan-Spy.Win32.Zbot.dsba 20141016
Kingsoft Win32.Troj.Undef.(kcloud) 20141016
Malwarebytes Trojan.Zbot 20141016
McAfee PWS-Zbot.gen.ds 20141016
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20141016
Microsoft PWS:Win32/Zbot.gen!Y 20141016
eScan Trojan.Downloader.JPEE 20141016
NANO-Antivirus Trojan.Win32.Zbot.whnfn 20141016
Norman ZBot.VAL 20141016
nProtect Trojan-Spy/W32.ZBot.144384.AU 20141016
Qihoo-360 Win32/Trojan.Downloader.80a 20141016
Rising PE:Stealer.Zbot!1.648A 20141016
Sophos Mal/Zbot-HX 20141016
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20141016
Symantec Trojan.Zbot 20141016
Tencent Win32.Trojan-spy.Zbot.Lnyk 20141016
TheHacker Trojan/Spy.Zbot.yw 20141013
TotalDefense Win32/Zbot.HIA 20141016
TrendMicro TROJ_FORUCON.BMC 20141016
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20141016
VBA32 SScope.Trojan.FakeAV.01110 20141016
VIPRE Trojan.Win32.Generic!SB.0 20141016
ViRobot Trojan.Win32.A.Zbot.143872.CA 20141016
Zillya Trojan.ZBot.Win32.287 20141016
AegisLab 20141016
Bkav 20141015
ByteHero 20141016
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-09 19:19:58
Entry Point 0x000154B2
Number of sections 3
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
CheckTokenMembership
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
WriteFile
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
HeapCreate
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
OpenEventW
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
SendMessageW
CreateDesktopW
DispatchMessageW
GetCursorPos
ReleaseDC
GetMenu
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
GetMessageA
GetUserObjectInformationW
GetParent
EqualRect
DefWindowProcA
GetMessageW
PeekMessageW
GetDC
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
DrawEdge
SwitchDesktop
BeginPaint
DefMDIChildProcW
DrawIcon
MapVirtualKeyW
DefMDIChildProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SetProcessWindowStation
GetProcessWindowStation
GetClassLongW
CreateWindowStationW
SetKeyboardState
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
GetMenuItemID
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
DefFrameProcW
RegisterClassExW
CallWindowProcA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
SetCursorPos
SystemParametersInfoW
PostMessageW
CallWindowProcW
GetClassNameW
DefDlgProcW
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
GetAncestor
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpAddRequestHeadersW
HttpSendRequestExA
InternetQueryOptionW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
getpeername
WSAGetLastError
closesocket
send
WSASend
select
listen
WSAEventSelect
WSASetLastError
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:09 20:19:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135680

LinkerVersion
10.0

FileAccessDate
2014:10:16 22:44:29+01:00

EntryPoint
0x154b2

InitializedDataSize
14848

SubsystemVersion
5.1

ImageVersion
1.0

OSVersion
5.1

FileCreateDate
2014:10:16 22:44:29+01:00

UninitializedDataSize
0

File identification
MD5 3ae687bf9dfbd362c2cfa0aff3d00d52
SHA1 7ca21e100f17405b7b848289ce906e6399ec1cff
SHA256 3d84cdc7fd6e5da03f24c52827cd7e55f28f165facfec60da51a95ca64854728
ssdeep
3072:s96aX+XmwoBh7tx2lXQZ3C2fpquiQfNCPz0HyH0W3iCbkAUhzHh:s96uBHx2KxtiQfqzAyH0WtqhzHh

authentihash a1ec98bf69d2ea60edc750eed3514a37a18faceb31e30210a45585938e7cb9f3
imphash 6dab74de194ffb8ceec59b2257567fb1
File size 141.0 KB ( 144384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-26 08:11:52 UTC ( 2 years, 7 months ago )
Last submission 2014-10-02 11:46:49 UTC ( 2 years, 6 months ago )
File names 3ae687bf9dfbd362c2cfa0aff3d00d52
3d84cdc7fd6e5da03f24c52827cd7e55f28f165facfec60da51a95ca64854728.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications