× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d25e8ff8b7552849c6cf4f308061b5744d19c430ca4da52807a831c39b7aa9a
File name: 00ace509710e87df326fea26ff55b799
Detection ratio: 42 / 57
Analysis date: 2015-02-18 22:16:22 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.12524201 20150218
Yandex TrojanSpy.Zbot!kkdhNAL5ZrY 20150218
AhnLab-V3 Trojan/Win32.Zbot 20150218
ALYac Trojan.Generic.12524201 20150218
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150218
Avast Win32:Crypt-RQS [Trj] 20150218
AVG Crypt3.BQVR 20150218
Avira (no cloud) TR/Crypt.ZPACK.Gen4 20150218
AVware Trojan.Win32.Generic!BT 20150218
BitDefender Trojan.Generic.12524201 20150218
Bkav HW32.Packed.2D59 20150213
Cyren W32/Trojan.NRQO-4234 20150218
DrWeb Trojan.PWS.Panda.7708 20150218
Emsisoft Trojan.Generic.12524201 (B) 20150218
ESET-NOD32 a variant of Win32/Kryptik.CUXK 20150218
F-Secure Trojan.Generic.12524201 20150218
Fortinet W32/Kryptik.CUYC!tr 20150218
GData Trojan.Generic.12524201 20150218
Ikarus Trojan-Spy.Zbot 20150218
Jiangmin TrojanSpy.Zbot.hnoo 20150216
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150218
K7GW DoS-Trojan ( 2007718d1 ) 20150218
Kaspersky Trojan-Spy.Win32.Zbot.uuur 20150218
Malwarebytes Trojan.Agent.ED 20150218
McAfee Gamarue-FAS!00ACE509710E 20150218
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20150218
Microsoft Trojan:Win32/Peals.B!gfc 20150218
eScan Trojan.Generic.12524201 20150218
NANO-Antivirus Trojan.Win32.Zbot.dmgnmj 20150218
Norman Kryptik.CEXF 20150218
nProtect Trojan.Generic.12524201 20150218
Panda Trj/Genetic.gen 20150218
Qihoo-360 Win32/Trojan.38d 20150218
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150218
Sophos AV Mal/Generic-S 20150218
Symantec Backdoor.Trojan 20150218
TheHacker Trojan/Kryptik.cuxk 20150218
TrendMicro TROJ_GEN.R021C0CBG15 20150218
TrendMicro-HouseCall TROJ_GEN.R021C0CBG15 20150218
VBA32 TrojanSpy.Zbot 20150218
VIPRE Trojan.Win32.Generic!BT 20150218
Zillya Trojan.Zbot.Win32.173058 20150218
AegisLab 20150218
Alibaba 20150218
Baidu-International 20150218
ByteHero 20150218
CAT-QuickHeal 20150218
ClamAV 20150218
CMC 20150214
Comodo 20150218
F-Prot 20150218
Kingsoft 20150218
SUPERAntiSpyware 20150218
Tencent 20150218
TotalDefense 20150218
ViRobot 20150218
Zoner 20150218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-08 09:40:51
Entry Point 0x0001F60E
Number of sections 4
PE sections
PE imports
OpenProcessToken
capCreateCaptureWindowW
LineTo
SetBkMode
MoveToEx
GetStockObject
TextOutA
SelectObject
SetBkColor
SetTextColor
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
FreeEnvironmentStringsA
HeapSetInformation
GetCurrentProcess
GetEnvironmentStrings
DecodePointer
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
WNetConnectionDialog
acmMetrics
acmFormatEnumA
acmDriverOpen
acmDriverClose
StrDupA
ReleaseDC
GetSystemMetrics
SetTimer
EnumDesktopsA
DlgDirListA
DrawTextA
EndPaint
BeginPaint
MessageBoxA
KillTimer
DestroyMenu
PostQuitMessage
GetDC
InvalidateRect
OpenThemeData
CloseThemeData
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 3
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:08 10:40:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
236544

LinkerVersion
10.0

EntryPoint
0x1f60e

InitializedDataSize
33280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 00ace509710e87df326fea26ff55b799
SHA1 18e1bb0e79a62b4d5aa12fbf32d8a13e44db4caa
SHA256 4d25e8ff8b7552849c6cf4f308061b5744d19c430ca4da52807a831c39b7aa9a
ssdeep
3072:X5LTd+cWHE4p6kepOhvUx4DzYWqcoLFaZVrwDaQHZgjYL/6u3xI9PyEiMvH54:pLTgcWxFQKvUatVoLFaZdCKk6gNEBq

authentihash a21d43f086f5d0d9af408bfdcb0a72406629952e53a5d9bbebce1cca39307f86
imphash 14f8077019bda44015aaf887231a83d6
File size 264.5 KB ( 270852 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-18 22:16:22 UTC ( 4 years, 1 month ago )
Last submission 2015-02-18 22:16:22 UTC ( 4 years, 1 month ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications