× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4603f908de8080fc6e5d33738225a3f4c2ae609a958819be16e782ad469f38c7
File name: 1d4aaaf4ae7bfdb0d9936cd71ea717b2
Detection ratio: 23 / 45
Analysis date: 2013-03-21 07:15:18 UTC ( 1 year ago )
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20130321
AntiVir TR/Kazy.156397 20130320
BitDefender Trojan.Generic.KDV.907187 20130321
Comodo UnclassifiedMalware 20130321
DrWeb Trojan.Necurs.97 20130321
ESET-NOD32 Win32/Cridex.AA 20130321
Emsisoft Trojan.Win32.Bublik.ajnz.AMN (A) 20130321
F-Secure Trojan.Generic.KDV.907187 20130321
GData Trojan.Generic.KDV.907187 20130321
Ikarus Trojan.Win32.Bublik 20130321
Kaspersky Trojan.Win32.Bublik.ajnz 20130321
Kingsoft Win32.Troj.Agent.xh.(kcloud) 20130318
Malwarebytes Trojan.Zbot 20130321
McAfee PWS-Zbot-FANV!1D4AAAF4AE7B 20130321
McAfee-GW-Edition PWS-Zbot-FANV!1D4AAAF4AE7B 20130321
MicroWorld-eScan Trojan.Generic.KDV.907187 20130321
Norman Suspicious_Gen4.DCMPB 20130320
Panda Trj/Genetic.gen 20130320
Symantec WS.Reputation.1 20130321
TrendMicro BKDR_CRIDEX.AJPM 20130321
TrendMicro-HouseCall BKDR_CRIDEX.AJPM 20130321
VBA32 BScope.TrojanPSW.Zbot.2716 20130320
VIPRE Win32.Malware!Drop 20130321
AVG 20130320
Agnitum 20130320
Antiy-AVL 20130317
Avast 20130321
ByteHero 20130320
CAT-QuickHeal 20130321
ClamAV 20130320
Commtouch 20130321
F-Prot 20130321
Fortinet 20130321
Jiangmin 20130321
K7AntiVirus 20130320
Microsoft 20130321
NANO-Antivirus 20130321
PCTools 20130321
SUPERAntiSpyware 20130321
Sophos 20130321
TheHacker 20130321
TotalDefense 20130320
ViRobot 20130321
eSafe 20130319
nProtect 20130321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher __________ __________
Description ________ ______ ________
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-19 07:09:44
Entry Point 0x00004430
Number of sections 8
PE sections
PE imports
RegOpenKeyExW
GetACP
GetStartupInfoA
GetWindowsDirectoryW
ReadFile
LoadLibraryW
lstrlenA
lstrcatA
CreateFileW
lstrcpyA
ExitProcess
GetStartupInfoW
lstrcatW
GetProcAddress
LoadIconW
LoadIconA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Struct(240) 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
114176

ImageVersion
0.0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

TimeStamp
2013:03:19 08:09:44+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
13824

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x4430

ObjectFileType
Executable application

File identification
MD5 1d4aaaf4ae7bfdb0d9936cd71ea717b2
SHA1 2464b7b40e5eb43e9655ca47eced6ac291bd9a0b
SHA256 4603f908de8080fc6e5d33738225a3f4c2ae609a958819be16e782ad469f38c7
ssdeep
1536:n5R2MtSdlLG1dGKQyD262wCy3HfHeSK4ySZjFIBszj0VBzErM/yF4:n5R2M8T61hQSkg3fGF1AjelK6

File size 125.5 KB ( 128512 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-19 14:54:44 UTC ( 1 year ago )
Last submission 2013-03-21 07:15:18 UTC ( 1 year ago )
File names KB00371046.exl
2342430.exe
1d4aaaf4ae7bfdb0d9936cd71ea717b2
contacts.exe
KB01367860.exe
Copy of KB00883353.exe
5819098.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.