× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41d6eca5c876464e19c9d22d07ec48e864b13c85bfd00b6e715616c764840d0f
File name: LibDBS
Detection ratio: 36 / 54
Analysis date: 2014-10-31 08:35:30 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.43010 20141031
AhnLab-V3 Trojan/Win32.Zbot 20141030
Avast Win32:Vobfus-Q [Wrm] 20141031
AVG SHeur4.CDJO 20141031
Avira (no cloud) TR/Spy.ZBot.ulwc 20141031
Baidu-International Trojan.Win32.Zbot.AB 20141031
BitDefender Gen:Variant.Symmi.43010 20141031
Bkav HW32.Packed.8FBD 20141027
Comodo UnclassifiedMalware 20141031
Cyren W32/Trojan.ZXJG-5047 20141031
DrWeb BackDoor.Comet.1783 20141031
Emsisoft Gen:Variant.Symmi.43010 (B) 20141031
ESET-NOD32 a variant of Win32/Injector.BJFD 20141031
F-Prot W32/Trojan2.OLUH 20141031
F-Secure Gen:Variant.Symmi.43010 20141031
Fortinet W32/ZBOT.QU!tr 20141031
GData Gen:Variant.Symmi.43010 20141031
Ikarus Trojan.Win32.Inject 20141031
K7AntiVirus Trojan ( 0049f5941 ) 20141030
K7GW Trojan ( 0049f5941 ) 20141030
Kaspersky Trojan-Spy.Win32.Zbot.ulwc 20141031
Malwarebytes Trojan.Spy.Zbot 20141031
McAfee Generic-FAUT!F3F6F97DE412 20141031
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20141031
Microsoft PWS:Win32/Zbot 20141031
eScan Gen:Variant.Symmi.43010 20141030
NANO-Antivirus Trojan.Win32.DarkKomet.dhigtt 20141031
Norman Troj_Generic.WSYDV 20141031
Qihoo-360 Win32/Trojan.Spy.070 20141031
Rising PE:Trojan.Win32.Generic.178F1709!395253513 20141030
Sophos Mal/Zbot-QU 20141031
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20141031
Symantec Trojan.Zbot 20141031
Tencent Win32.Backdoor.Bp-generic.Oayz 20141031
TrendMicro TSPY_ZBOT.HJB 20141031
TrendMicro-HouseCall TSPY_ZBOT.HJB 20141031
AegisLab 20141031
Yandex 20141031
Antiy-AVL 20141031
AVware 20141031
ByteHero 20141031
CAT-QuickHeal 20141031
ClamAV 20141031
CMC 20141029
Jiangmin 20141030
Kingsoft 20141031
nProtect 20141030
TheHacker 20141028
TotalDefense 20141031
VBA32 20141030
VIPRE 20141031
ViRobot 20141031
Zillya 20141030
Zoner 20141030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2014

Publisher
Product LibDBS
Original name LibDBS.exe
Internal name LibDBS
File version 1, 0, 0, 1
Description LibDBS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-26 18:37:37
Entry Point 0x0000C0A0
Number of sections 6
PE sections
PE imports
GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
Ord(2023)
Ord(1775)
Ord(2358)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(815)
Ord(3136)
Ord(639)
Ord(693)
Ord(755)
Ord(6375)
Ord(4224)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(641)
Ord(3402)
Ord(616)
Ord(3811)
Ord(1006)
Ord(317)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(4425)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2578)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(3316)
Ord(470)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(5658)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5199)
Ord(5307)
Ord(6907)
Ord(567)
Ord(4424)
Ord(540)
Ord(2395)
Ord(4078)
Ord(2554)
Ord(2938)
Ord(6376)
Ord(3169)
Ord(1727)
Ord(3370)
Ord(823)
Ord(775)
Ord(4291)
Ord(2379)
Ord(2725)
Ord(5242)
Ord(3874)
Ord(4998)
Ord(268)
Ord(800)
Ord(3749)
Ord(2512)
Ord(3337)
Ord(3314)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(1911)
Ord(2124)
Ord(2370)
Ord(3168)
Ord(322)
Ord(4398)
Ord(2490)
Ord(3262)
Ord(1576)
Ord(2614)
Ord(1567)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(5192)
Ord(2976)
Ord(2367)
Ord(1089)
Ord(503)
Ord(2985)
Ord(5970)
Ord(2609)
Ord(3922)
Ord(5703)
Ord(5010)
Ord(1787)
Ord(2818)
Ord(6123)
Ord(4160)
Ord(4376)
Ord(1776)
Ord(3582)
Ord(635)
Ord(2582)
Ord(2621)
Ord(324)
Ord(5265)
Ord(2411)
Ord(3830)
Ord(2385)
Ord(6322)
Ord(3079)
Ord(6334)
Ord(1994)
Ord(2055)
Ord(3996)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(1783)
Ord(2820)
Ord(2364)
Ord(4622)
Ord(561)
Ord(551)
Ord(2302)
Ord(5699)
Ord(5708)
Ord(4486)
Ord(3640)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(1261)
Ord(4673)
Ord(5697)
Ord(5302)
Ord(6121)
Ord(860)
Ord(5731)
Ord(1774)
__p__fmode
__CxxFrameHandler
??1type_info@@UAE@XZ
__getmainargs
fclose
__dllonexit
_except_handler3
fseek
_mbscmp
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_adjust_fdiv
sprintf
_acmdln
fread
__p__commode
atoi
_wfopen
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
GetSystemMetrics
AppendMenuA
GetWindowRect
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 16
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 17
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
208896

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2014

FileVersion
1, 0, 0, 1

TimeStamp
2014:10:26 19:37:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LibDBS

FileAccessDate
2014:10:31 09:36:54+01:00

ProductVersion
1, 0, 0, 1

FileDescription
LibDBS

OSVersion
4.0

FileCreateDate
2014:10:31 09:36:54+01:00

OriginalFilename
LibDBS.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
53248

ProductName
LibDBS

ProductVersionNumber
1.0.0.1

EntryPoint
0xc0a0

ObjectFileType
Executable application

File identification
MD5 f3f6f97de412a693b22fc967b52ac624
SHA1 cdcb9016bdf0c16aff15efb36298d7865b3a46ca
SHA256 41d6eca5c876464e19c9d22d07ec48e864b13c85bfd00b6e715616c764840d0f
ssdeep
3072:rA4h7clwvi+xptvlDt47oaL82mz/TzIESgihHXPOQFRk1jSrUTg8iDoB2ZqEI2uO:Ph7clwvi+hlJAAJfIE1iETgdYxe

authentihash 0846f6b7e48fd0535bcdd7963d633315c7fad8d157d4c9405f9526aaf306c176
imphash 11123da4c2c467a39b92df959d57cb84
File size 260.6 KB ( 266816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-27 23:47:01 UTC ( 2 years, 7 months ago )
Last submission 2014-10-30 09:53:19 UTC ( 2 years, 7 months ago )
File names f3f6f97de412a693b22fc967b52ac624
LibDBS.exe
LibDBS
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.