× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 484765ee18ad990eec237e4aaf7a4fb119bee5a26c2f7f520ffba7ac806b8ab0
File name: ea809b1498d89c603c850d83808bf468
Detection ratio: 25 / 56
Analysis date: 2015-01-21 22:39:44 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2098069 20150122
Avast Win32:Trojan-gen 20150122
AVG Crypt3.BTHD 20150122
Avira (no cloud) TR/Zbot.A.1486 20150122
AVware Trojan.Win32.Generic!BT 20150122
Baidu-International Trojan.Win32.Zbot.AhS 20150121
BitDefender Trojan.GenericKD.2098069 20150122
CAT-QuickHeal TrojanPWS.Zbot.A5 20150121
Emsisoft Trojan.GenericKD.2098069 (B) 20150122
ESET-NOD32 Win32/Spy.Zbot.ACB 20150122
F-Secure Trojan.GenericKD.2098069 20150122
Fortinet W32/Zbot.ACB!tr.spy 20150121
GData Trojan.GenericKD.2098069 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Spyware ( 004a08e61 ) 20150121
Kaspersky Trojan-Spy.Win32.Zbot.uvsf 20150122
Malwarebytes Trojan.Zbot 20150122
McAfee RDN/Generic PWS.y!bcn 20150122
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20150122
eScan Trojan.GenericKD.2098069 20150122
Norman ZBot.XRBT 20150121
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150122
Sophos AV Mal/Generic-S 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
AegisLab 20150122
Yandex 20150121
AhnLab-V3 20150121
Alibaba 20150120
ALYac 20150122
Antiy-AVL 20150122
Bkav 20150121
ByteHero 20150122
ClamAV 20150122
CMC 20150120
Comodo 20150122
Cyren 20150122
DrWeb 20150122
F-Prot 20150122
Jiangmin 20150121
Kingsoft 20150122
Microsoft 20150122
NANO-Antivirus 20150122
nProtect 20150121
Panda 20150121
Rising 20150121
SUPERAntiSpyware 20150122
Symantec 20150122
Tencent 20150122
TheHacker 20150121
TotalDefense 20150121
TrendMicro 20150122
VBA32 20150121
ViRobot 20150122
Zillya 20150121
Zoner 20150121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 SWGSoft

Product jeta-aaalogo Application
Internal name jeta-aaalogo
File version 1.0.0.4
Description jeta-aaalogo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-17 13:10:22
Entry Point 0x000022C0
Number of sections 5
PE sections
PE imports
OpenThreadToken
AVIFileInit
AVIStreamCreate
FindTextW
CreateFontIndirectW
SetBkMode
BitBlt
GetStockObject
CreateSolidBrush
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
LoadLibraryW
GlobalFree
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
FreeEnvironmentStringsW
GetCurrentProcessId
HeapQueryInformation
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
SetHandleCount
GetCommandLineA
GetProcAddress
EncodePointer
GetCurrentThread
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
HeapValidate
MulDiv
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
IsValidCodePage
OutputDebugStringW
CreateFileW
GlobalAlloc
DecodePointer
TlsGetValue
SetLastError
IsBadReadPtr
TlsSetValue
ExitProcess
OutputDebugStringA
LeaveCriticalSection
WriteConsoleW
CloseHandle
GetErrorInfo
OleTranslateColor
AssocCreate
StrDupA
GetUserNameExW
SetFocus
GetMessageA
GetParent
EndDialog
PostQuitMessage
DefWindowProcA
GetWindowThreadProcessId
DispatchMessageA
RegisterClassA
MessageBoxA
GetSysColor
SetWindowTextA
SendMessageA
GetClientRect
GetDlgItem
DrawTextW
ScreenToClient
CreateWindowExA
GetWindowTextW
GetDialogBaseUnits
GetWindowTextA
DialogBoxIndirectParamA
GetThemeSysFont
InternetCloseHandle
FtpFindFirstFileA
FtpGetCurrentDirectoryA
InternetFindNextFileA
socket
inet_addr
gethostbyname
connect
htons
closesocket
CoInitialize
Number of PE resources by type
REGISTRY 3
RT_ICON 2
RT_MANIFEST 2
RT_VERSION 2
RT_GROUP_ICON 2
TYPELIB 1
MUI 1
Number of PE resources by language
UKRAINIAN NEUTRAL 9
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.4

UninitializedDataSize
0

LanguageCode
Unknown (0022)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
189440

EntryPoint
0x22c0

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 SWGSoft

FileVersion
1.0.0.4

TimeStamp
2015:01:17 14:10:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jeta-aaalogo

ProductVersion
1.0.0.4

FileDescription
jeta-aaalogo

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
140288

ProductName
jeta-aaalogo Application

ProductVersionNumber
1.0.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ea809b1498d89c603c850d83808bf468
SHA1 34466d3436db3e4cf09b71d812c1eabc21471706
SHA256 484765ee18ad990eec237e4aaf7a4fb119bee5a26c2f7f520ffba7ac806b8ab0
ssdeep
6144:tPkLaKICNu5qEmudZ+nwLICHaJ0ykw4nx4jZdt1qOOpskuOC:tPkLaKICNu5ZZ+nsHaz4Kjzvqrpsku

authentihash b48247642a0413b853bf9574860078cd75de8998364412442fa37b64027069ff
imphash 56595b8ea24336ecae509f4e9541c016
File size 323.0 KB ( 330752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-21 00:02:25 UTC ( 4 years, 2 months ago )
Last submission 2015-01-21 00:02:25 UTC ( 4 years, 2 months ago )
File names jeta-aaalogo
ea809b1498d89c603c850d83808bf468
484765ee18ad990eec237e4aaf7a4fb119bee5a26c2f7f520ffba7ac806b8ab0.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.