× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bcac89fd4a07dd73fc8d977eebf1767814a0ee41264f20517c3c742d222372b
File name: zeus.exe
Detection ratio: 0 / 67
Analysis date: 2017-10-24 19:20:06 UTC ( 11 months ago )
Antivirus Result Update
Ad-Aware 20171024
AegisLab 20171024
AhnLab-V3 20171024
Alibaba 20170911
ALYac 20171024
Antiy-AVL 20171024
Arcabit 20171024
Avast 20171024
Avast-Mobile 20171024
AVG 20171024
Avira (no cloud) 20171024
AVware 20171024
Baidu 20171024
BitDefender 20171024
Bkav 20171024
CAT-QuickHeal 20171024
ClamAV 20171024
CMC 20171024
Comodo 20171024
CrowdStrike Falcon (ML) 20171016
Cylance 20171024
Cyren 20171024
DrWeb 20171024
eGambit 20171024
Emsisoft 20171024
Endgame 20171016
ESET-NOD32 20171024
F-Prot 20171024
F-Secure 20171024
Fortinet 20171024
GData 20171024
Ikarus 20171024
Sophos ML 20170914
Jiangmin 20171024
K7AntiVirus 20171024
K7GW 20171024
Kaspersky 20171024
Kingsoft 20171024
Malwarebytes 20171024
MAX 20171024
McAfee 20171024
McAfee-GW-Edition 20171024
Microsoft 20171024
eScan 20171024
NANO-Antivirus 20171024
nProtect 20171024
Palo Alto Networks (Known Signatures) 20171024
Panda 20171024
Qihoo-360 20171024
Rising 20171024
SentinelOne (Static ML) 20171019
Sophos AV 20171024
SUPERAntiSpyware 20171024
Symantec 20171024
Symantec Mobile Insight 20171011
Tencent 20171024
TheHacker 20171024
TotalDefense 20171023
TrendMicro 20171024
TrendMicro-HouseCall 20171024
Trustlook 20171024
VBA32 20171024
VIPRE 20171024
ViRobot 20171024
Webroot 20171024
WhiteArmor 20171024
Yandex 20171023
Zillya 20171024
ZoneAlarm by Check Point 20171024
Zoner 20171024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-14 16:01:32
Entry Point 0x02A73D50
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
FindTextW
IsEqualGUID
VariantCopy
ShellExecuteW
VerQueryValueW
timeGetTime
OpenPrinterW
Number of PE resources by type
RT_STRING 41
RT_BITMAP 33
RT_GROUP_CURSOR 9
RT_RCDATA 9
RT_CURSOR 9
UNICODEDATA 6
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 71
ENGLISH US 38
ENGLISH UK 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:14 17:01:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1433600

LinkerVersion
2.25

EntryPoint
0x2a73d50

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
43077632

File identification
MD5 823701204a5d3fecfd7bf2e8e9103575
SHA1 72da88c01e7937e6c334ace068d922094633755c
SHA256 4bcac89fd4a07dd73fc8d977eebf1767814a0ee41264f20517c3c742d222372b
ssdeep
24576:O2IwLQengvOZWMfOok/yI5HgUn/1iEfmtQ3G7SbDd/9/zKIDafkCHv9XiT:fLQengvOZdNyn/3etKk89fDacENiT

authentihash d99bbb1f5bfd5c5633284c2168f68225e0098798bd948c693da19f2d7da0a550
imphash 5d458f91928ce63021f0027b3d8044a6
File size 1.4 MB ( 1443328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (64.2%)
Win32 Dynamic Link Library (generic) (15.6%)
Win32 Executable (generic) (10.6%)
Generic Win/DOS Executable (4.7%)
DOS Executable Generic (4.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-08-05 17:16:57 UTC ( 1 year, 1 month ago )
Last submission 2017-08-19 04:26:22 UTC ( 1 year, 1 month ago )
File names zeus.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications