× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 44604009b66ee2769a4f6d0756e40faa35481a74b0b74896aeb829b058e0b5b2
File name: b233c2039c5527e309f94bae1a8a61d915f930ec
Detection ratio: 30 / 57
Analysis date: 2015-09-02 15:24:24 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2693267 20150902
ALYac Trojan.GenericKD.2693267 20150902
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150902
Arcabit Trojan.Generic.D291893 20150902
Avast Win32:Malware-gen 20150902
AVG Atros2.NBG 20150902
Avira (no cloud) TR/Crypt.Xpack.41850 20150902
BitDefender Trojan.GenericKD.2693267 20150902
Cyren W32/Trojan.MLJF-7860 20150902
DrWeb Trojan.DownLoader15.52184 20150902
Emsisoft Trojan.Win32.Zbot (A) 20150902
ESET-NOD32 Win32/Spy.Zbot.ACB 20150902
F-Prot W32/Trojan3.RKK 20150902
F-Secure Trojan.GenericKD.2693267 20150902
Fortinet PossibleThreat.P0 20150902
GData Trojan.GenericKD.2693267 20150902
Ikarus Trojan-Spy.Zeus 20150902
K7AntiVirus Trojan ( 004ce3351 ) 20150902
K7GW Trojan ( 004ce3351 ) 20150902
Kaspersky Trojan-Spy.Win32.Zbot.vxte 20150902
Malwarebytes Backdoor.Bot 20150902
McAfee Generic-FAWK!D7F098705B74 20150902
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20150902
Microsoft Ransom:Win32/Crowti.A 20150902
eScan Trojan.GenericKD.2693267 20150902
nProtect Trojan.GenericKD.2693267 20150902
Panda Trj/Downloader.WON 20150902
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150902
Rising PE:Malware.Obscure/Heur!1.9E03[F1] 20150902
Sophos AV Mal/Generic-S 20150902
AegisLab 20150902
Yandex 20150901
AhnLab-V3 20150902
Alibaba 20150902
AVware 20150901
Baidu-International 20150902
Bkav 20150901
ByteHero 20150902
CAT-QuickHeal 20150902
ClamAV 20150902
CMC 20150902
Comodo 20150902
Jiangmin 20150901
Kingsoft 20150902
NANO-Antivirus 20150902
SUPERAntiSpyware 20150829
Symantec 20150901
Tencent 20150902
TheHacker 20150831
TotalDefense 20150902
TrendMicro 20150902
TrendMicro-HouseCall 20150902
VBA32 20150902
VIPRE 20150902
ViRobot 20150902
Zillya 20150902
Zoner 20150902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014

Product mation
Original name mation.exe
Internal name mation
File version 1, 0, 0, 1
Description mation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-28 19:17:15
Entry Point 0x000021E2
Number of sections 6
PE sections
Overlays
MD5 1b6f5dd17415ab0ca84cd38627d61f3b
File type data
Offset 253952
Size 512
Entropy 7.57
PE imports
RegDeleteKeyW
GetCharABCWidthsFloatA
CreateCompatibleDC
SetStdHandle
GetDateFormatA
GetStartupInfoW
GetModuleFileNameA
GetTimeZoneInformation
MapViewOfFile
CreateFileW
GetModuleFileNameW
FindNextFileW
GetOEMCP
CreateFileA
HeapDestroy
ExitProcess
FindFirstFileA
GetCommandLineA
GetEnvironmentStringsW
FlushFileBuffers
GetACP
HeapReAlloc
GetModuleHandleW
GetLocaleInfoW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2478)
Ord(6371)
Ord(3998)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(4435)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4155)
Ord(3917)
Ord(1165)
Ord(2388)
Ord(3076)
Ord(1791)
Ord(3142)
Ord(5285)
Ord(290)
Ord(4667)
Ord(825)
Ord(5571)
Ord(5710)
Ord(839)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(4692)
Ord(1196)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(823)
Ord(2047)
Ord(446)
Ord(2504)
Ord(3131)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(4221)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(465)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(5712)
Ord(4992)
Ord(1662)
Ord(464)
Ord(4459)
Ord(2377)
Ord(6211)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(1203)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(2615)
Ord(1220)
Ord(5713)
Ord(5273)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(1808)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(433)
Ord(6350)
Ord(743)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(2980)
Ord(2546)
Ord(561)
Ord(4028)
Ord(434)
Ord(1143)
Ord(6372)
Ord(614)
Ord(5059)
Ord(3825)
Ord(4370)
Ord(5496)
Ord(1202)
_except_handler3
__p__fmode
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
VariantClear
GetCursorPos
GetSystemMetrics
GetCaretBlinkTime
PeekMessageW
SendMessageW
UpdateWindow
MessageBoxIndirectA
LoadIconW
HideCaret
DrawIcon
RegisterClipboardFormatW
GetDesktopWindow
GetClientRect
GetSystemMenu
EnableWindow
ShowWindow
IsIconic
AppendMenuW
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
HUNGARIAN DEFAULT 1
SPANISH MODERN 1
SPANISH 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Swedish

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
241664

EntryPoint
0x21e2

OriginalFileName
mation.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2014

FileVersion
1, 0, 0, 1

TimeStamp
2015:08:28 20:17:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mation

ProductVersion
1, 0, 0, 1

FileDescription
mation

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

ProductName
mation

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d7f098705b746717b3dc4d34162d267f
SHA1 eca51b8e20dd1243421b5a206af7889ea6600866
SHA256 44604009b66ee2769a4f6d0756e40faa35481a74b0b74896aeb829b058e0b5b2
ssdeep
6144:8TK0IkPCQWepeA4rIa2N9JPH5QRbgkXguqSHjsXCQr:8TKkl68XJPq9Bir

authentihash 619677267445f4c8a6ddde5e91d8c66fc457da0a5a251cd8b8c242bc4b98f059
imphash d6cdd27078d9037a63e53ddccd6a2f6b
File size 248.5 KB ( 254464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-01 10:21:38 UTC ( 3 years, 6 months ago )
Last submission 2016-05-06 13:51:32 UTC ( 2 years, 10 months ago )
File names 2931655
d7f098705b746717b3dc4d34162d267f.exe
mation.exe
ZeuS 3.exe
b233c2039c5527e309f94bae1a8a61d915f930ec
klj15.exe
mation
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs