× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a9191ce26b838b6f1fb7a0b1c3b642b92b024b28d238b51cc75f6d65bcfd728
File name: 1.exe1
Detection ratio: 34 / 43
Analysis date: 2012-02-19 11:31:48 UTC ( 6 years, 11 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Zbot.141824.AO 20120216
AntiVir TR/Hijacker.Gen 20120217
Avast Win32:Zbot-NRC [Trj] 20120219
AVG PSW.Generic8.BFLK 20120219
BitDefender Gen:Variant.Kazy.25748 20120219
CAT-QuickHeal TrojanPWS.Zbot.CP3 20120219
ClamAV Trojan.Spy.Zbot-142 20120219
Commtouch W32/Zbot.BR.gen!Eldorado 20120219
Comodo TrojWare.Win32.Agent.~wkcf 20120219
DrWeb Trojan.PWS.Panda.655 20120219
Emsisoft Trojan-Spy.Win32.Zbot!IK 20120219
eTrust-Vet Win32/Zbot.EGB 20120217
F-Prot W32/Zbot.BR.gen!Eldorado 20120219
F-Secure Gen:Variant.Kazy.25748 20120219
Fortinet W32/Zbot.DS!tr.spy 20120219
GData Gen:Variant.Kazy.25748 20120219
Ikarus Trojan-Spy.Win32.Zbot 20120219
Jiangmin TrojanSpy.Zbot.abiz 20120218
K7AntiVirus Riskware 20120217
Kaspersky Trojan-Spy.Win32.Zbot.biwp 20120219
McAfee PWS-Zbot.gen.ds 20120219
McAfee-GW-Edition Heuristic.BehavesLike.Win32.PasswordStealer.H 20120219
Microsoft PWS:Win32/Zbot.gen!Y 20120219
NOD32 Win32/Spy.Zbot.YW 20120219
Norman W32/Zbot.VAL 20120218
nProtect Trojan/W32.Agent.141824.EI 20120219
Panda Suspicious file 20120219
Sophos AV Troj/PWS-BSF 20120219
SUPERAntiSpyware Trojan.Agent/Gen-Frauder 20120206
TheHacker Trojan/Spy.Zbot.biwp 20120219
TrendMicro TSPY_ZBOT.SMIG 20120219
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20120219
VBA32 SScope.Trojan.FakeAV.01110 20120217
VIPRE Trojan.Win32.Generic!BT 20120219
Antiy-AVL 20120213
ByteHero 20120216
eSafe 20120219
PCTools 20120217
Prevx 20120219
Rising 20120217
Symantec 20120219
ViRobot 20120218
VirusBuster 20120218
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Number of sections 3
PE sections
PE imports
InitiateSystemShutdownExW, EqualSid, ConvertSidToStringSidW, GetLengthSid, RegOpenKeyExW, RegEnumKeyExW, RegCloseKey, IsWellKnownSid, CryptGetHashParam, OpenProcessToken, GetSidSubAuthority, CryptAcquireContextW, OpenThreadToken, GetSidSubAuthorityCount, GetTokenInformation, RegCreateKeyExW, CryptReleaseContext, RegQueryValueExW, CreateProcessAsUserW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetNamedSecurityInfoW, LookupPrivilegeValueW, CryptCreateHash, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, CryptDestroyHash, AdjustTokenPrivileges, RegSetValueExW, CryptHashData
PFXExportCertStoreEx, CertDuplicateCertificateContext, CertEnumCertificatesInStore, CertCloseStore, CertOpenSystemStoreW, CertDeleteCertificateFromStore, PFXImportCertStore, CryptUnprotectData
GetDeviceCaps, CreateCompatibleBitmap, CreateDIBSection, SetViewportOrgEx, DeleteDC, GdiFlush, SetRectRgn, CreateCompatibleDC, SaveDC, RestoreDC, GetDIBits, SelectObject, DeleteObject
TlsFree, GetCommandLineW, SetErrorMode, GetComputerNameW, VirtualFree, OpenEventW, DuplicateHandle, GetCurrentProcessId, WriteProcessMemory, GetEnvironmentVariableW, FileTimeToDosDateTime, GetTempFileNameW, HeapReAlloc, FindFirstFileW, SetEndOfFile, CreateProcessW, HeapAlloc, SystemTimeToFileTime, SetFilePointerEx, HeapFree, GetProcessHeap, IsBadReadPtr, SetFileTime, VirtualQueryEx, Thread32First, WideCharToMultiByte, ReadProcessMemory, WTSGetActiveConsoleSessionId, HeapDestroy, TlsAlloc, Thread32Next, ReadFile, GetTimeZoneInformation, MultiByteToWideChar, GetTempPathW, GetFileSizeEx, OpenMutexW, VirtualAlloc, VirtualProtectEx, VirtualAllocEx, FindClose, RemoveDirectoryW, FindNextFileW, VirtualProtect, GetFileTime, FileTimeToLocalFileTime, GetVolumeNameForVolumeMountPointW, DeleteFileW, GetFileInformationByHandle, GetThreadContext, SetThreadContext, GetProcessId, CreateFileW, LoadLibraryW, CreateFileMappingW, UnmapViewOfFile, MapViewOfFile, CreateMutexW, CreateToolhelp32Snapshot, Process32NextW, Process32FirstW, VirtualFreeEx, OpenProcess, CreateDirectoryW, ExitProcess, CreateRemoteThread, TerminateProcess, TlsSetValue, TlsGetValue, WaitForMultipleObjects, GetPrivateProfileIntW, FlushFileBuffers, WriteFile, GetPrivateProfileStringW, LocalFree, GetVersionExW, GetNativeSystemInfo, GlobalUnlock, GlobalLock, HeapCreate, SetFileAttributesW, CreateThread, GetSystemTime, GetLocalTime, lstrcmpiA, SetThreadPriority, GetCurrentThread, ExpandEnvironmentStringsW, ReleaseMutex, GetCurrentThreadId, CloseHandle, CreateEventW, ResetEvent, SetLastError, GetLastError, SetEvent, LoadLibraryA, FreeLibrary, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, GetUserDefaultUILanguage, GetModuleFileNameW, GetFileAttributesW, Sleep, GetTickCount, WaitForSingleObject, MoveFileExW, GetFileAttributesExW, lstrcmpiW, GetProcAddress, GetModuleHandleW
NetApiBufferFree, NetUserEnum, NetUserGetInfo
-, -, -, -
ShellExecuteW, SHGetFolderPathW, CommandLineToArgvW
PathQuoteSpacesW, PathRenameExtensionW, wvnsprintfA, StrCmpNIA, PathMatchSpecW, PathUnquoteSpacesW, PathAddExtensionW, PathCombineW, SHDeleteKeyW, PathSkipRootW, SHDeleteValueW, PathAddBackslashW, PathFindFileNameW, PathIsDirectoryW, wvnsprintfW, UrlUnescapeA, PathRemoveBackslashW, StrStrIW, StrStrIA, StrCmpNIW, PathIsURLW, PathRemoveFileSpecW
GetUserNameExW
OpenDesktopW, CloseDesktop, SetThreadDesktop, GetUserObjectInformationW, OpenWindowStationW, CharToOemW, CharLowerBuffA, ExitWindowsEx, GetWindowRect, PostMessageW, GetParent, GetWindowInfo, GetClassLongW, GetWindowLongW, GetAncestor, SetWindowPos, SendMessageTimeoutW, GetProcessWindowStation, SendMessageW, MapWindowPoints, GetWindowThreadProcessId, IsRectEmpty, DrawIcon, GetIconInfo, EndPaint, EndMenu, GetUpdateRgn, GetMessageW, RegisterClassExA, GetWindowDC, SetCapture, GetTopWindow, HiliteMenuItem, LoadImageW, MsgWaitForMultipleObjects, WindowFromPoint, CharLowerA, CharUpperW, SetWindowLongW, GetWindow, DispatchMessageW, RegisterWindowMessageW, GetMenuItemID, SetKeyboardState, GetSubMenu, MenuItemFromPoint, GetMenu, GetMenuItemRect, TrackPopupMenuEx, SystemParametersInfoW, GetClassNameW, GetMenuState, GetShellWindow, FillRect, CloseWindowStation, DrawEdge, GetMenuItemCount, IsWindow, IntersectRect, CreateWindowStationW, EqualRect, PrintWindow, RegisterClassA, DefFrameProcW, GetSystemMetrics, MapVirtualKeyW, GetKeyboardState, ToUnicode, DefDlgProcW, DefFrameProcA, OpenInputDesktop, BeginPaint, GetUpdateRect, GetDC, GetCapture, TranslateMessage, RegisterClassExW, SetCursorPos, GetClipboardData, PeekMessageW, GetDCEx, PeekMessageA, ReleaseDC, DefWindowProcA, GetCursorPos, DefMDIChildProcW, CharLowerW, CreateDesktopW, SetProcessWindowStation, GetThreadDesktop, GetMessageA, GetMessagePos, DefWindowProcW, CallWindowProcW, CallWindowProcA, RegisterClassW, ReleaseCapture, DefMDIChildProcA, DefDlgProcA, SwitchDesktop, PostThreadMessageW
InternetQueryOptionA, InternetSetOptionA, InternetQueryOptionW, InternetOpenA, HttpOpenRequestA, InternetCrackUrlA, InternetConnectA, HttpAddRequestHeadersA, HttpAddRequestHeadersW, InternetSetStatusCallbackW, GetUrlCacheEntryInfoW, InternetCloseHandle, HttpSendRequestA, HttpSendRequestW, InternetReadFile, InternetReadFileExA, InternetQueryDataAvailable, HttpSendRequestExW, HttpQueryInfoA, HttpSendRequestExA
-, -, -, -, getaddrinfo, -, -, WSAEventSelect, -, WSAIoctl, -, WSAAddressToStringW, -, -, -, -, -, -, -, freeaddrinfo, -, WSASend, -, -
StringFromGUID2, CLSIDFromString, CoUninitialize, CoCreateInstance, CoInitializeEx
File identification
MD5 99e9427dca40154ef80fc72e4711be4c
SHA1 c5ef3deced0976aef91994a4399898321d3e9d4d
SHA256 4a9191ce26b838b6f1fb7a0b1c3b642b92b024b28d238b51cc75f6d65bcfd728
ssdeep
3072:qzc1LZQEduEgsW2UPqxUErqkC0i50/YXiQXT+t/8XIgfUTaXD3kz1QNg:qzc1L+QHhUPqxUEJQiQwkXhfUThQK

File size 138.5 KB ( 141824 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable Generic (58.2%)
DOS Executable Borland Pascal 7.0x (13.9%)
Generic Win/DOS Executable (13.6%)
DOS Executable Generic (13.6%)
VXD Driver (0.2%)
VirusTotal metadata
First submission 2012-02-19 11:31:48 UTC ( 6 years, 11 months ago )
Last submission 2012-02-19 11:31:48 UTC ( 6 years, 11 months ago )
File names 1.exe1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!