× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 474821830c7ec9695855673e1292ae6d54c4c18c2dc2741f7e5e385488bc1880
File name: f86c59258413416e3853acc9cda5bbca.exe
Detection ratio: 41 / 51
Analysis date: 2014-04-04 08:54:37 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.718581 20140404
Yandex TrojanSpy.Zbot!S16cc1MK1uA 20140403
AhnLab-V3 Trojan/Win32.Yakes 20140404
AntiVir TR/Dropper.Gen8 20140404
Antiy-AVL Trojan/Win32.Yakes 20140404
Avast Win32:Zbot-PJM [Trj] 20140404
AVG Generic29.AOQP 20140404
BitDefender Trojan.Generic.KDV.718581 20140404
Bkav W32.AppdataSouqK.Trojan 20140404
ClamAV WIN.Trojan.Agent-248348 20140404
DrWeb Trojan.PWS.Panda.547 20140404
Emsisoft Trojan.Generic.KDV.718581 (B) 20140404
ESET-NOD32 Win32/Spy.Zbot.ZR 20140404
F-Secure Trojan.Generic.KDV.718581 20140404
Fortinet W32/Injector.VWW!tr 20140404
GData Trojan.Generic.KDV.718581 20140404
Ikarus Trojan-PWS.Win32.Zbot 20140404
Jiangmin Trojan/Yakes.hie 20140404
K7AntiVirus Trojan ( 0040037e1 ) 20140404
K7GW Trojan ( 0040037e1 ) 20140404
Kaspersky HEUR:Trojan.Win32.Generic 20140404
Kingsoft Win32.Troj.Yakes.(kcloud) 20140404
Malwarebytes Trojan.PWS 20140404
McAfee PWS-Zbot.gen.alx 20140404
McAfee-GW-Edition PWS-Zbot.gen.alx 20140403
Microsoft PWS:Win32/Zbot 20140404
eScan Trojan.Generic.KDV.718581 20140404
NANO-Antivirus Trojan.Win32.Zbot.xoroh 20140404
nProtect Trojan.Generic.KDV.718581 20140403
Panda Trj/Genetic.gen 20140404
Qihoo-360 Malware.QVM20.Gen 20140404
Sophos Mal/Zbot-IB 20140404
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140404
Symantec Trojan.Gen 20140404
TheHacker Trojan/Yakes.aytl 20140402
TotalDefense Win32/Zbot.FXD 20140403
TrendMicro TSPY_INJECTOR_BK084345.TOMC 20140404
TrendMicro-HouseCall TSPY_INJECTOR_BK084345.TOMC 20140404
VBA32 Trojan.Yakes 20140403
VIPRE Trojan.Win32.Generic!BT 20140404
ViRobot Trojan.Win32.A.Yakes.186880.F 20140404
AegisLab 20140404
Baidu-International 20140404
ByteHero 20140404
CAT-QuickHeal 20140404
CMC 20140331
Commtouch 20140404
Comodo 20140404
F-Prot 20140404
Norman 20140404
Rising 20140403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-02 22:16:48
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
InitCommonControls
DeleteDC
SetBkMode
BitBlt
CreateSolidBrush
DeleteObject
SelectObject
SetBkColor
CreateCompatibleDC
GetBkColor
SetTextColor
ExitProcess
CreateThread
GetModuleHandleA
RtlZeroMemory
lstrcpyA
Sleep
VirtualProtect
GetCommandLineA
LoadLibraryA
GetMessageA
UpdateWindow
SetMenuItemBitmaps
LoadMenuA
DestroyMenu
RegisterClassExA
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetSystemMetrics
DrawEdge
SetMenu
SetMenuItemInfoA
TranslateMessage
GetSysColor
GetMenuItemInfoA
DrawTextA
CreatePopupMenu
GetMenu
SendMessageA
DrawMenuBar
EnableMenuItem
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
DispatchMessageA
GetMenuItemCount
InsertMenuItemA
DestroyWindow
Number of PE resources by type
RT_DIALOG 526
RT_BITMAP 8
RT_MENU 2
Number of PE resources by language
ARABIC NEUTRAL 526
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:09:02 23:16:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
5.12

FileAccessDate
2014:04:04 09:54:05+01:00

EntryPoint
0x1000

InitializedDataSize
180224

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:04 09:54:05+01:00

UninitializedDataSize
0

File identification
MD5 efa9a644464ed11f3e6b48fe9355a1e2
SHA1 74ff1e74c6f5827b0fcb72509d49d6117f12c11c
SHA256 474821830c7ec9695855673e1292ae6d54c4c18c2dc2741f7e5e385488bc1880
ssdeep
3072:NYZYdIOEf4aQNEVMFWZZxRwn5Ej6cghxY1qv9ojxBG7eessQACN:NHdkWyMP0gbYciN8FssQ7N

imphash aa7938d87443afdb9aa999c37d04aca8
File size 182.5 KB ( 186881 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-04 08:54:37 UTC ( 2 years, 11 months ago )
Last submission 2014-04-04 08:54:37 UTC ( 2 years, 11 months ago )
File names f86c59258413416e3853acc9cda5bbca.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs