× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b5e60a7061d0ca3283c24d8d1a97afdc00b7bbee0cb3ffadd521c911fbf4209
File name: 007405080
Detection ratio: 60 / 62
Analysis date: 2017-04-13 04:13:37 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.SpyEye.S 20170413
AegisLab Troj.Spy.W32.Zbot.bopd!c 20170413
AhnLab-V3 Trojan/Win32.Zbot.R4880 20170413
ALYac Trojan.SpyEye.S 20170413
Antiy-AVL Trojan[Spy]/Win32.Zbot 20170413
Arcabit Trojan.SpyEye.S 20170413
Avast Sf:Crypt-BT [Trj] 20170413
AVG Generic_s.BE 20170413
Avira (no cloud) TR/Spy.A.5678 20170413
AVware Trojan.Win32.Generic!BT 20170410
Baidu Win32.Trojan.Zbot.a 20170411
BitDefender Trojan.SpyEye.S 20170413
Bkav W32.AppdataUfmavLnr.Trojan 20170412
CAT-QuickHeal Trojan.Zbot.MUE.AO4 20170412
ClamAV Win.Spyware.Zbot-1275 20170412
CMC Trojan-Spy.Win32.Zbot!O 20170412
Comodo TrojWare.Win32.Spy.Zbot.BPOD 20170413
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Zbot.BR.gen!Eldorado 20170413
DrWeb Trojan.PWS.Panda.786 20170413
Emsisoft Trojan.SpyEye.S (B) 20170413
Endgame malicious (high confidence) 20170413
ESET-NOD32 Win32/Spy.Zbot.YW 20170412
F-Prot W32/Zbot.BR.gen!Eldorado 20170413
F-Secure Trojan-Spy:W32/Zbot.AVTH 20170413
Fortinet W32/Zbot.BOPD!tr 20170413
GData Win32.Trojan.Agent.I19SGF 20170413
Ikarus Trojan-Spy.Win32.Zbot 20170412
Invincea trojanspy.win32.nivdort.dd 20170203
Jiangmin Trojan/Invader.cfa 20170412
K7AntiVirus Spyware ( 00009b291 ) 20170412
K7GW Spyware ( 00009b291 ) 20170412
Kaspersky Trojan-Spy.Win32.Zbot.bopd 20170413
Malwarebytes Trojan.Zbot 20170412
McAfee PWS-Zbot.gen.ds 20170412
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20170413
Microsoft PWS:Win32/Zbot!ZA 20170412
eScan Trojan.SpyEye.S 20170413
NANO-Antivirus Trojan.Win32.Panda.dpuawp 20170413
Palo Alto Networks (Known Signatures) generic.ml 20170413
Panda Trj/WLT.A 20170412
Qihoo-360 Trojan.Downloader.Win32.Needaye.A 20170413
Rising Trojan.Generic (cloud:jtK0dqyEqKI) 20170413
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Troj/PWS-BSF 20170413
SUPERAntiSpyware Trojan.Agent/Gen-Cryptor 20170413
Symantec Trojan.Zbot!gen19 20170412
Tencent Win32.Trojan-spy.Zbot.Wqwy 20170413
TheHacker Trojan/Spy.Zbot.yw 20170412
TotalDefense Win32/Zbot.ELT 20170410
TrendMicro TROJ_FORUCON.BMC 20170413
TrendMicro-HouseCall TSPY_ZBOT.SMJV 20170413
VBA32 SScope.Trojan.FakeAV.01110 20170412
VIPRE Trojan.Win32.Generic!BT 20170412
ViRobot Trojan.Win32.Zbot.141312.H[h] 20170413
Webroot W32.Infostealer.Zeus 20170413
Yandex TrojanSpy.Zbot!m1tuldSmKhw 20170411
Zillya Trojan.ZBot.Win32.3529 20170411
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.bopd 20170413
Zoner Trojan.Zbot.YW 20170413
Alibaba 20170413
Kingsoft 20170413
nProtect 20170413
Symantec Mobile Insight 20170413
Trustlook 20170413
WhiteArmor 20170409
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-14 15:07:12
Entry Point 0x0001D470
Number of sections 3
PE sections
Overlays
MD5 fcc35e9530bcc3fe563c4a6d15c1e74a
File type data
Offset 140800
Size 512
Entropy 7.58
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
CreateCompatibleBitmap
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
WriteFile
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
GetTimeZoneInformation
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
OpenEventW
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GlobalLock
GetModuleHandleW
GetFileAttributesExW
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathIsURLW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
GetDC
GetCursorPos
ReleaseDC
SendMessageW
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
DrawEdge
GetUserObjectInformationW
GetParent
EqualRect
DefMDIChildProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
GetMessageA
SwitchDesktop
BeginPaint
DefMDIChildProcW
ReleaseCapture
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
PostMessageW
GetClassLongW
CreateWindowStationW
GetProcessWindowStation
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
GetMenuItemID
SetKeyboardState
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
CallWindowProcA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
DispatchMessageW
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
DefDlgProcW
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
WSASend
shutdown
getpeername
select
recv
send
WSAGetLastError
listen
WSAEventSelect
WSASetLastError
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
connect
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
ExifTool file metadata
FileAccessDate
2014:04:08 02:23:29+01:00

FileCreateDate
2014:04:08 02:23:29+01:00

File identification
MD5 6b84c66d2e3092d63c3c049b405b2688
SHA1 a43dc42dd9cf3934480f8cea4eb6b2f89797dad5
SHA256 4b5e60a7061d0ca3283c24d8d1a97afdc00b7bbee0cb3ffadd521c911fbf4209
ssdeep
3072:/caqyte6iV77snHLLxtklyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONmq:/caBt077snHRagY7PNNW4IxZ7zbC0rOd

authentihash 7d00cc1bf48223bcc709721cfc4d6fa9431d567e570c767272f9f867bd9a4d02
imphash 1c2489367a741a394ef5f46c06397c1b
File size 138.0 KB ( 141312 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2013-12-21 17:12:49 UTC ( 3 years, 6 months ago )
Last submission 2017-04-13 04:13:37 UTC ( 2 months, 2 weeks ago )
File names 6b84c66d2e3092d63c3c049b405b2688.exe
007405080
VirusShare_6b84c66d2e3092d63c3c049b405b2688
12ff61bea9dee60c8bd7534986016e6d4678d27c
bot.exe
PL-file1
aa
6b84c66d2e3092d63c3c049b405b2688
ZeuS_binary_6b84c66d2e3092d63c3c049b405b2688.exe
18522792
15801
file-6435537_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!