× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41ac0581a892fd0059db01445de9b8d8ef6f829afe1c083addb18f54e247b8c7
File name: 41ac0581a892fd0059db01445de9b8d8ef6f829afe1c083addb18f54e247b8c7
Detection ratio: 50 / 56
Analysis date: 2016-02-24 10:18:32 UTC ( 2 months, 4 weeks ago )
Antivirus Result Update
ALYac Trojan.VIZ.Gen.1 20160224
AVG Generic_s.BPW 20160224
AVware VirTool.Win32.Obfuscator.da!n (v) 20160224
Ad-Aware Trojan.VIZ.Gen.1 20160224
AegisLab Troj.Spy.W32.Zbot.mzce!c 20160224
Yandex TrojanSpy.Zbot!COz4Hq+o1/8 20160221
AhnLab-V3 Trojan/Win32.Tepfer 20160224
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160224
Arcabit Trojan.VIZ.Gen.1 20160224
Avast Win32:MalOb-IJ [Cryp] 20160224
Avira (no cloud) TR/Spy.ZBot.dfkm 20160224
Baidu-International Trojan.Win32.Katusha.aa 20160224
BitDefender Trojan.VIZ.Gen.1 20160224
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160224
ClamAV Win.Trojan.Tepfer-487 20160224
Comodo TrojWare.Win32.Kryptik.BOGE 20160224
Cyren W32/Trojan.TVSJ-7915 20160224
DrWeb Trojan.Packed.24465 20160224
ESET-NOD32 Win32/Spy.Zbot.AAU 20160224
Emsisoft Trojan.VIZ.Gen.1 (B) 20160224
F-Prot W32/Trojan3.FMO 20160224
F-Secure Trojan.VIZ.Gen.1 20160224
Fortinet W32/Kryptik.AGAJ!tr 20160224
GData Trojan.VIZ.Gen.1 20160224
Ikarus Trojan-PWS.Win32.Zbot 20160224
Jiangmin TrojanSpy.Zbot.dlnd 20160224
K7AntiVirus Trojan ( 0040f5041 ) 20160224
K7GW Trojan ( 0040f5041 ) 20160224
Kaspersky Packed.Win32.Katusha.aa 20160224
Malwarebytes Trojan.MalPack.RF 20160224
McAfee PWS-Zbot 20160224
McAfee-GW-Edition BehavesLike.Win32.Downloader.fc 20160224
eScan Trojan.VIZ.Gen.1 20160224
Microsoft PWS:Win32/Zbot!GO 20160224
NANO-Antivirus Trojan.Win32.Katusha.ccvkyi 20160224
Panda Trj/CI.A 20160223
Qihoo-360 Win32/Trojan.Spy.953 20160224
Rising PE:Trojan.Agent!1.6A5D [F] 20160224
SUPERAntiSpyware Trojan.Agent/Gen-Hupigon 20160224
Sophos Troj/Agent-ACMG 20160224
Symantec Trojan.Zbot 20160223
Tencent Win32.Trojan.Spy.Swvc 20160224
TheHacker Trojan/Kryptik.bezj 20160222
TrendMicro TSPY_ZBOT.SQV 20160224
TrendMicro-HouseCall TSPY_ZBOT.SQV 20160224
VBA32 Malware-Cryptor.Hlux 20160224
VIPRE VirTool.Win32.Obfuscator.da!n (v) 20160224
ViRobot Trojan.Win32.A.Katusha.318464.L[h] 20160224
Zillya Trojan.Zbot.Win32.124873 20160223
nProtect Trojan-Spy/W32.ZBot.318464.MO 20160223
Alibaba 20160224
Bkav 20160223
ByteHero 20160224
CMC 20160223
TotalDefense 20160223
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-11-13 23:15:40
Entry Point 0x000024A6
Number of sections 6
PE sections
PE imports
SetSetupSave
GetLastError
FormatMessageW
IsBadWritePtr
lstrcatA
GetFileSize
InitializeCriticalSection
HeapCreate
ReadFile
GetModuleHandleA
lstrcpyA
CreateMutexW
GetStartupInfoW
SetFileAttributesW
SetFileTime
CloseHandle
FindResourceA
LoadLibraryA
GetLocalTime
LeaveCriticalSection
MsiDatabaseCommit
MsiConfigureFeatureA
MsiAdvertiseProductW
MsiCollectUserInfoA
SetFocus
IsWindow
PeekMessageW
GetWindowRect
DispatchMessageA
wsprintfW
IsZoomed
LoadCursorW
SetCursorPos
GetWindowLongW
GetWindowTextA
PostMessageW
IsDialogMessageA
Number of PE resources by type
RT_ICON 4
Struct(25) 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH BELGIAN 7
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2003:11:14 00:15:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
0.255

EntryPoint
0x24a6

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 5e2c658096f7e2360b3ea15c093ef07e
SHA1 de0518f1976d5b20825cf21acdb95cb889464b56
SHA256 41ac0581a892fd0059db01445de9b8d8ef6f829afe1c083addb18f54e247b8c7
ssdeep
6144:a9b2krySinng4+0wcqZGDFxjFPMItSMJAfqgkrzGwh0TJ+d62:a9awPig/0iixJPMMGfO4N+I2

authentihash f94ffd5f98edbae1b511d1bb63cd7c006cf752958d2a3171c92cd62359242769
imphash d1098182011dede5979000ecdcc519db
File size 311.0 KB ( 318464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.2%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.8%)
Win16/32 Executable Delphi generic (6.8%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-03 19:33:36 UTC ( 2 years, 10 months ago )
Last submission 2013-12-03 05:16:54 UTC ( 2 years, 5 months ago )
File names 5e2c658096f7e2360b3ea15c093ef07e._7
invoice copy (2).exe
invoice copy.exe
vt-upload-QhAu9
41ac0581a892fd0059db01445de9b8d8ef6f829afe1c083addb18f54e247b8c7
vt-upload-gYlt2
5e2c658096f7e2360b3ea15c093ef07e.exe
vt-upload-GFLJd
file-5697693_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!