× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cfc5aa65e21325110d3131378a63028697fd2413fdc104a9101940d167655f6
File name: bb4489acf9133da8e0a36c0f15be8401.virus
Detection ratio: 51 / 66
Analysis date: 2019-04-14 10:41:35 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190413
Ad-Aware Trojan.Zbot.IVX 20190414
AegisLab Trojan.Win32.Generic.ml6X 20190414
AhnLab-V3 Spyware/Win32.Zbot.R143076 20190414
ALYac Trojan.Zbot.IVX 20190414
Antiy-AVL Trojan/Win32.SGeneric 20190414
Arcabit Trojan.Zbot.IVX 20190414
Avast Win32:Zbot-UXR [Trj] 20190414
AVG Win32:Zbot-UXR [Trj] 20190414
Avira (no cloud) TR/Dropper.Gen 20190413
BitDefender Trojan.Zbot.IVX 20190414
CAT-QuickHeal Trojan.Ceeinject.A4 20190414
ClamAV Win.Trojan.DustySky-22 20190414
Comodo TrojWare.Win32.Senta.B@7jlodw 20190414
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.cf9133 20190403
Cyren W32/Trojan.BBI.gen!Eldorado 20190414
DrWeb Trojan.PWS.Tinba.148 20190414
eGambit Unsafe.AI_Score_56% 20190414
Emsisoft Trojan.Zbot.IVX (B) 20190414
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Injector.BYWF 20190414
F-Secure Trojan.TR/Dropper.Gen 20190413
FireEye Generic.mg.bb4489acf9133da8 20190414
Fortinet W32/Injector.BYOF!tr 20190414
GData Trojan.Zbot.IVX 20190414
Ikarus Trojan.Win32.Boaxxe 20190414
Sophos ML heuristic 20190313
Jiangmin TrojanDropper.Injector.avto 20190414
K7AntiVirus Trojan ( 004c660a1 ) 20190414
K7GW Trojan ( 004c660a1 ) 20190414
Kaspersky HEUR:Trojan.Win32.Generic 20190414
Malwarebytes Trojan.Injector 20190414
MAX malware (ai score=88) 20190414
McAfee Packed-EK!BB4489ACF913 20190414
McAfee-GW-Edition BehavesLike.Win32.HLLP.nh 20190414
Microsoft VirTool:Win32/CeeInject 20190414
eScan Trojan.Zbot.IVX 20190414
NANO-Antivirus Trojan.Win32.Tinba.drhznm 20190414
Panda Generic Suspicious 20190414
Qihoo-360 HEUR/QVM07.1.8441.Malware.Gen 20190414
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20190414
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Troj/Fondu-FC 20190414
TACHYON Trojan-Spy/W32.Banker.101300 20190414
Trapmine malicious.moderate.ml.score 20190325
TrendMicro-HouseCall TROJ_MALKRYP.SM7 20190414
VBA32 TrojanPSW.Tinba 20190412
Yandex Trojan.Agent!E2BfhIo2t9Y 20190412
Zillya Dropper.Injector.Win32.66524 20190412
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190414
Alibaba 20190402
Avast-Mobile 20190414
Babable 20180918
Baidu 20190318
Bkav 20190412
CMC 20190321
Kingsoft 20190414
Palo Alto Networks (Known Signatures) 20190414
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
Tencent 20190414
TheHacker 20190411
TotalDefense 20190413
Trustlook 20190414
ViRobot 20190413
Zoner 20190413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-02 18:40:29
Entry Point 0x000070F4
Number of sections 4
PE sections
Overlays
MD5 1c792292ac7be2bd646c935dde87705c
File type application/zip
Offset 49152
Size 52148
Entropy 7.99
PE imports
SelectPalette
DeleteObject
CreatePalette
StretchDIBits
GetACP
GetSystemTimeAdjustment
SetCurrentDirectoryW
TerminateProcess
MapViewOfFile
GetCurrentProcessId
SetFilePointer
UnmapViewOfFile
GetCurrentDirectoryA
ClearCommBreak
HeapDestroy
GetStartupInfoW
CloseHandle
GetCurrentThread
GetModuleHandleW
GetTimeFormatA
Ord(3820)
Ord(6113)
Ord(4621)
Ord(6332)
Ord(350)
Ord(354)
Ord(2980)
Ord(6371)
Ord(2438)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(641)
Ord(5233)
Ord(3449)
Ord(2388)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(1165)
Ord(2486)
Ord(617)
Ord(366)
Ord(4154)
Ord(4604)
Ord(5710)
Ord(4692)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(2874)
Ord(4606)
Ord(4335)
Ord(3345)
Ord(2619)
Ord(1767)
Ord(975)
Ord(4480)
Ord(4229)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(1089)
Ord(4158)
Ord(5573)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(2385)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5097)
Ord(1131)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(3054)
Ord(3658)
Ord(5296)
Ord(6372)
Ord(3131)
Ord(825)
Ord(5059)
Ord(3825)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
_except_handler3
__p__fmode
_CxxThrowException
_adjust_fdiv
__CxxFrameHandler
??1type_info@@UAE@XZ
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_exit
__set_app_type
TrackPopupMenu
UpdateWindow
EnableWindow
MessageBoxIndirectA
MoveWindow
GetClientRect
GetDlgItemTextW
SetDlgItemTextW
Number of PE resources by type
RT_STRING 13
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
KOREAN 13
ENGLISH US 1
ITALIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:02 20:40:29+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x70f4

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 bb4489acf9133da8e0a36c0f15be8401
SHA1 4fe1cea46a6d7fb2681bbfbbf88c4a4fc5d5c43d
SHA256 4cfc5aa65e21325110d3131378a63028697fd2413fdc104a9101940d167655f6
ssdeep
3072:YML4O96w0G1+aL2Bq9hfZrEgCSLDqKBr65:V8O96wt+e2Bw7rEgxs

authentihash 5e101b02d78e06ff67b9f4780af87ba9c90215ae6ba28f9b11e9bed5cbca7455
imphash 5085ed1633abf7ace84c9102f89d288f
File size 98.9 KB ( 101300 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-14 10:41:35 UTC ( 1 month ago )
Last submission 2019-04-14 10:41:35 UTC ( 1 month ago )
File names bb4489acf9133da8e0a36c0f15be8401.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!