× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43c91995ee9cb6319a66a21f2e6ff8b28d48bca5872ad2df97d84a653ad5e9a0
File name: bot.exe
Detection ratio: 40 / 56
Analysis date: 2015-11-25 20:18:01 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.10 20151126
Yandex TrojanSpy.Zbot!NjZabdK3Les 20151125
AhnLab-V3 Trojan/Win32.Agent 20151125
ALYac Trojan.Lethic.Gen.10 20151126
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151126
Arcabit Trojan.Lethic.Gen.10 20151126
Avast Win32:Malware-gen 20151126
AVG Crypt_r.ADM 20151126
Avira (no cloud) TR/Crypt.Xpack.298719 20151126
AVware Trojan.Win32.Generic!BT 20151125
Baidu-International Adware.Win32.iBryte.EATX 20151125
BitDefender Trojan.Lethic.Gen.10 20151126
Cyren W32/Agent.XL.gen!Eldorado 20151126
DrWeb Trojan.Inject1.56622 20151126
Emsisoft Trojan.Lethic.Gen.10 (B) 20151126
ESET-NOD32 a variant of Win32/Kryptik.EATX 20151126
F-Prot W32/Agent.XL.gen!Eldorado 20151126
F-Secure Trojan.Lethic.Gen.10 20151126
Fortinet W32/Kryptik.EAQQ!tr 20151126
GData Trojan.Lethic.Gen.10 20151126
Ikarus Trojan.Win32.Crypt 20151126
K7AntiVirus Trojan ( 004d42e51 ) 20151125
K7GW Trojan ( 004d42e51 ) 20151125
Kaspersky Trojan-Spy.Win32.Zbot.wbmw 20151126
Malwarebytes Trojan.Sharik 20151126
McAfee RDN/Generic PWS.y 20151126
McAfee-GW-Edition RDN/Generic PWS.y 20151126
Microsoft VirTool:Win32/CeeInject.GF 20151126
eScan Trojan.Lethic.Gen.10 20151126
NANO-Antivirus Trojan.Win32.Inject1.dxwrjc 20151126
nProtect Trojan.Lethic.Gen.10 20151125
Panda Trj/Genetic.gen 20151125
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151126
Sophos AV Mal/Wonton-BP 20151126
Symantec Trojan.Gen 20151125
Tencent Win32.Trojan-spy.Zbot.Sueg 20151126
TrendMicro TROJ_GEN.R000C0PJS15 20151126
VBA32 Heur.Malware-Cryptor.Ngrbot 20151125
VIPRE Trojan.Win32.Generic!BT 20151126
Zillya Trojan.Tepfer.Win32.84574 20151123
AegisLab 20151125
Alibaba 20151125
Bkav 20151125
ByteHero 20151126
CAT-QuickHeal 20151125
ClamAV 20151125
CMC 20151124
Comodo 20151125
Jiangmin 20151125
Rising 20151124
SUPERAntiSpyware 20151126
TheHacker 20151125
TotalDefense 20151125
TrendMicro-HouseCall 20151126
ViRobot 20151125
Zoner 20151126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2001-2015 PGWARE LLC

Product GameBoost
File version 1.0.0.1
Description GameBoost Setup
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-14 21:59:58
Entry Point 0x0002C952
Number of sections 4
PE sections
Overlays
MD5 5e9886ba91ab0b41a5420224c9133754
File type data
Offset 730112
Size 1035
Entropy 7.79
PE imports
RegQueryValueExA
GetOpenFileNameA
CertOIDToAlgId
SetROP2
CreateFontIndirectW
CreateFontA
SetWindowOrgEx
Arc
GetCharWidthA
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
GetSystemDirectoryW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
FindResourceExA
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
FormatMessageW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
MoveFileW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
RaiseException
EnumSystemLocalesA
CreateEventA
GetUserDefaultLCID
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ClearCommError
ExitThread
SetEnvironmentVariableA
TerminateProcess
ConvertThreadToFiber
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryW
GetProcAddress
lstrcpyW
GetFileSizeEx
ExpandEnvironmentStringsW
CompareStringA
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
WriteConsoleA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
LoadResource
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
lstrlenW
WinExec
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
SuspendThread
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetTimeFormatA
GetACP
GlobalLock
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
ResetEvent
ShellExecuteA
SetFocus
CreateDialogParamW
CharToOemBuffW
GetParent
SetScrollInfo
SetCapture
GetWindow
EndDialog
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
ScreenToClient
FindWindowA
MessageBeep
LoadBitmapA
wvsprintfW
SetScrollRange
GetWindowRect
EnableWindow
VkKeyScanA
CharUpperW
MessageBoxA
GetClassNameA
CharLowerW
GetWindowDC
GetSysColor
DispatchMessageW
GetDC
CopyImage
EndDeferWindowPos
ReleaseDC
SendMessageW
ShowWindow
DrawIconEx
SendMessageA
SetWindowTextW
CreateWindowExA
SystemParametersInfoW
DrawTextW
EnableMenuItem
ClientToScreen
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
GetWindowTextW
CallWindowProcA
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
wsprintfW
ModifyMenuA
DestroyWindow
GetHGlobalFromILockBytes
CoRegisterMessageFilter
CoDisconnectObject
WriteClassStg
CoRegisterClassObject
Number of PE resources by type
RT_STRING 13
RT_DIALOG 6
RT_BITMAP 5
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 27
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
505856

EntryPoint
0x2c952

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001-2015 PGWARE LLC

FileVersion
1.0.0.1

TimeStamp
2015:10:14 22:59:58+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
1.0.0.1

FileDescription
GameBoost Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PGWARE LLC

CodeSize
223232

ProductName
GameBoost

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 581eb87538fd2b65f2ba19f30e2f64ba
SHA1 f99c7e0d999801f701e3e2c361b2bc32c5519588
SHA256 43c91995ee9cb6319a66a21f2e6ff8b28d48bca5872ad2df97d84a653ad5e9a0
ssdeep
12288:AiKR4Go6BErnaQC+mVVt/9rzsQxQz2q8vPopriynQT5gMbL+UgPMxgUWWr6KMLzH:EOGdBunaQC+mDt1ni2q8vA8ynQuMuVUk

authentihash 88dbcf4a27b5f521c3b017998a5077b8f2f994360178589139304a296222c479
imphash 5b575217761764cf5fff4462daff4a40
File size 714.0 KB ( 731147 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-14 22:16:18 UTC ( 2 years, 11 months ago )
Last submission 2015-10-14 22:16:18 UTC ( 2 years, 11 months ago )
File names bot.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs