× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b3112468b1bb6a382dc6fdf5483bc73013d36fe1ba60df73c8f4cb46d70a440
File name: b433a5f88ba31d49a930c5a85b2d6a464edf7a2a
Detection ratio: 35 / 51
Analysis date: 2014-04-09 10:13:23 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.120852 20140409
Yandex TrojanSpy.Zbot!vE8QPuIl6PQ 20140408
AhnLab-V3 Spyware/Win32.Zbot 20140408
AntiVir TR/Crypt.ZPACK.16084 20140409
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140409
AVG Zbot.CKI 20140409
BitDefender Gen:Variant.Graftor.120852 20140409
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140409
Comodo UnclassifiedMalware 20140409
DrWeb Trojan.PWS.Panda.4795 20140409
Emsisoft Gen:Variant.Graftor.120852 (B) 20140409
ESET-NOD32 Win32/Spy.Zbot.AAO 20140409
F-Secure Gen:Variant.Graftor.120852 20140409
Fortinet W32/SpyZbot.PVJV!tr 20140408
GData Gen:Variant.Graftor.120852 20140409
Ikarus Trojan-Spy.Win32.Zbot 20140409
K7AntiVirus Trojan ( 0048cad01 ) 20140409
K7GW Trojan ( 0048cad01 ) 20140409
Kaspersky Trojan-Spy.Win32.Zbot.qgky 20140409
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140409
Malwarebytes Backdoor.Bot 20140409
McAfee PWSZbot-FEN!A095F4EC6E17 20140409
McAfee-GW-Edition PWSZbot-FEN!A095F4EC6E17 20140409
Microsoft VirTool:Win32/CeeInject.gen!KK 20140409
eScan Gen:Variant.Graftor.120852 20140409
NANO-Antivirus Trojan.Win32.Zbot.chvvco 20140409
Norman ZBot.OEZQ 20140409
Panda Trj/CI.A 20140409
Qihoo-360 HEUR/Malware.QVM07.Gen 20140409
Sophos Mal/Generic-S 20140409
Symantec Trojan.Zbot!gen58 20140409
TrendMicro TSPY_ZBOT.SMQA 20140409
TrendMicro-HouseCall TSPY_ZBOT.SMQA 20140409
VBA32 BScope.Malware-Cryptor.Mystig 20140408
VIPRE Trojan.Win32.Zbot.f (v) 20140409
AegisLab 20140409
Avast 20140409
Baidu-International 20140409
Bkav 20140408
ByteHero 20140409
ClamAV 20140409
CMC 20140408
Commtouch 20140409
F-Prot 20140409
Jiangmin 20140409
nProtect 20140408
Rising 20140408
SUPERAntiSpyware 20140409
TheHacker 20140408
TotalDefense 20140409
ViRobot 20140409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-14 15:09:53
Entry Point 0x0000B59E
Number of sections 4
PE sections
PE imports
RegCloseKey
LocalFree
GetStartupInfoA
GetModuleHandleA
GetLastError
Sleep
CloseHandle
CreateFileA
GetTickCount
GetModuleFileNameA
SetLastError
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(4524)
Ord(5101)
Ord(5012)
Ord(5237)
Ord(665)
Ord(5289)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4890)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(2383)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(4245)
Ord(3869)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(4428)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(4272)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6376)
Ord(1942)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(5259)
Ord(1859)
Ord(2127)
Ord(401)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4303)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(2880)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4892)
Ord(1726)
Ord(4077)
Ord(6336)
Ord(4238)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(4437)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4152)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(353)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(4370)
Ord(303)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(4376)
Ord(1776)
Ord(402)
Ord(4623)
Ord(324)
Ord(5265)
Ord(2391)
Ord(3830)
Ord(2385)
Ord(4961)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(4246)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(5102)
Ord(4543)
Ord(4610)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(4698)
Ord(5254)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
GetCursorPos
EnableWindow
MessageBoxA
GetForegroundWindow
UpdateWindow
Number of PE resources by type
RT_STRING 11
RT_MENU 2
RT_DIALOG 2
RT_ACCELERATOR 1
Number of PE resources by language
FRENCH 15
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:14 16:09:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

FileAccessDate
2014:04:09 11:22:35+01:00

EntryPoint
0xb59e

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:09 11:22:35+01:00

UninitializedDataSize
0

File identification
MD5 a095f4ec6e1706e806d4dd12d1459ff7
SHA1 b433a5f88ba31d49a930c5a85b2d6a464edf7a2a
SHA256 4b3112468b1bb6a382dc6fdf5483bc73013d36fe1ba60df73c8f4cb46d70a440
ssdeep
6144:bBmVy5FNTtUxjv92FHR8ZmbyEah6PY4nByebPkD4gah41oxCdxdWLeR:bBkyNEziHumMh6vXjkEga4Td0eR

imphash beba5f6b6d1b1affd95ae3ad3eedbd50
File size 352.2 KB ( 360661 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-01 17:15:25 UTC ( 3 years, 8 months ago )
Last submission 2013-10-01 17:15:25 UTC ( 3 years, 8 months ago )
File names b433a5f88ba31d49a930c5a85b2d6a464edf7a2a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications