× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f9865e56e7a4299b5a414707d24af766482b62d8a84bdb11355809d99629ac1
File name: vt-upload-QFFAh
Detection ratio: 35 / 53
Analysis date: 2014-10-31 21:46:08 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11939442 20141031
AegisLab Troj.Spy.W32.Zbot 20141031
Yandex Trojan.Injector!v1ce9qU5yfk 20141031
AhnLab-V3 Trojan/Win32.ZBot 20141031
Antiy-AVL Trojan/Win32.Reconyc 20141031
Avast Win32:Malware-gen 20141031
AVG Inject2.AZFE 20141031
Avira (no cloud) TR/Spy.ZBot.xbbeiaj 20141031
AVware Trojan.Win32.Generic!BT 20141031
BitDefender Trojan.Generic.11939442 20141031
Cyren W32/Trojan.FFOG-4093 20141031
DrWeb Trojan.Siggen6.24084 20141031
Emsisoft Trojan.Generic.11939442 (B) 20141031
ESET-NOD32 a variant of Win32/Injector.BNTE 20141031
F-Secure Trojan.Generic.11939442 20141031
Fortinet W32/ZBOT.QU!tr 20141031
GData Trojan.Generic.11939442 20141031
K7AntiVirus Trojan ( 004af1751 ) 20141031
K7GW Trojan ( 004af1751 ) 20141031
Kaspersky Trojan-Spy.Win32.Zbot.ujco 20141031
Malwarebytes Spyware.Zbot.ED 20141031
McAfee Generic-FAVG 20141031
McAfee-GW-Edition RDN/Generic PWS.y!bbk 20141031
Microsoft PWS:Win32/Zbot 20141031
eScan Trojan.Generic.11939442 20141031
NANO-Antivirus Trojan.Win32.Zbot.dgnaiz 20141031
nProtect Trojan.Generic.11939442 20141031
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20141031
Sophos AV Mal/Zbot-QU 20141031
Symantec WS.Reputation.1 20141031
TotalDefense Win32/Zbot.NOfGARD 20141031
TrendMicro TROJ_GEN.R00JC0DJB14 20141031
VBA32 TrojanSpy.Zbot 20141031
VIPRE Trojan.Win32.Generic!BT 20141031
Zillya Trojan.ZBot.Win32.145 20141030
Baidu-International 20141031
Bkav 20141027
ByteHero 20141031
CAT-QuickHeal 20141031
ClamAV 20141031
CMC 20141031
Comodo 20141031
F-Prot 20141031
Ikarus 20141031
Jiangmin 20141031
Kingsoft 20141031
Norman 20141031
Rising 20141031
SUPERAntiSpyware 20141031
Tencent 20141031
TheHacker 20141031
ViRobot 20141031
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-07 17:22:08
Entry Point 0x00002750
Number of sections 5
PE sections
PE imports
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
SelectObject
SetWindowOrgEx
CreatePen
BitBlt
CreateFontIndirectA
CreateSolidBrush
MoveToEx
SetTextColor
GetClipBox
SetTextAlign
Polyline
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetModuleFileNameW
Ord(2023)
Ord(1775)
Ord(2291)
Ord(2438)
Ord(4080)
Ord(2362)
Ord(4531)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(527)
Ord(1641)
Ord(3136)
Ord(2542)
Ord(2370)
Ord(4524)
Ord(3481)
Ord(5012)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(1949)
Ord(6375)
Ord(4273)
Ord(3626)
Ord(755)
Ord(3798)
Ord(537)
Ord(2621)
Ord(3259)
Ord(2252)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(2864)
Ord(5301)
Ord(2383)
Ord(4163)
Ord(5289)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(6366)
Ord(1725)
Ord(3869)
Ord(4529)
Ord(795)
Ord(554)
Ord(616)
Ord(815)
Ord(2723)
Ord(6270)
Ord(641)
Ord(2494)
Ord(3403)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(4353)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(609)
Ord(2863)
Ord(5300)
Ord(5284)
Ord(4398)
Ord(2379)
Ord(3797)
Ord(6175)
Ord(5199)
Ord(338)
Ord(6111)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6376)
Ord(4589)
Ord(2982)
Ord(617)
Ord(561)
Ord(4526)
Ord(4234)
Ord(2091)
Ord(825)
Ord(2135)
Ord(3081)
Ord(4218)
Ord(2581)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(2513)
Ord(567)
Ord(4401)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(3639)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(1859)
Ord(2127)
Ord(4614)
Ord(2294)
Ord(364)
Ord(2117)
Ord(401)
Ord(1727)
Ord(1776)
Ord(5243)
Ord(4347)
Ord(6646)
Ord(283)
Ord(1644)
Ord(4543)
Ord(6055)
Ord(813)
Ord(2725)
Ord(6117)
Ord(4998)
Ord(5472)
Ord(4241)
Ord(823)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(4694)
Ord(2512)
Ord(470)
Ord(4427)
Ord(2642)
Ord(4274)
Ord(5037)
Ord(5261)
Ord(2859)
Ord(2878)
Ord(2413)
Ord(4079)
Ord(5265)
Ord(1146)
Ord(2880)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(4892)
Ord(2879)
Ord(2578)
Ord(1771)
Ord(1726)
Ord(560)
Ord(4508)
Ord(5101)
Ord(6336)
Ord(2584)
Ord(4238)
Ord(3748)
Ord(3262)
Ord(3719)
Ord(5653)
Ord(674)
Ord(293)
Ord(975)
Ord(3573)
Ord(4299)
Ord(4437)
Ord(2575)
Ord(4533)
Ord(4486)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(4963)
Ord(4275)
Ord(2535)
Ord(3663)
Ord(3346)
Ord(4220)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(2289)
Ord(3825)
Ord(2976)
Ord(5104)
Ord(4370)
Ord(2367)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(6199)
Ord(807)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(6052)
Ord(976)
Ord(4034)
Ord(3574)
Ord(4219)
Ord(3402)
Ord(3716)
Ord(818)
Ord(4899)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(2391)
Ord(794)
Ord(3654)
Ord(2510)
Ord(5281)
Ord(3830)
Ord(790)
Ord(2385)
Ord(4613)
Ord(3582)
Ord(4720)
Ord(4349)
Ord(402)
Ord(6605)
Ord(5875)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(4340)
Ord(5241)
Ord(3721)
Ord(2399)
Ord(4889)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(4246)
Ord(4545)
Ord(4428)
Ord(2113)
Ord(4622)
Ord(3172)
Ord(4216)
Ord(1746)
Ord(411)
Ord(4960)
Ord(5102)
Ord(793)
Ord(2302)
Ord(4890)
Ord(4610)
Ord(4961)
Ord(2024)
Ord(1841)
Ord(4123)
Ord(692)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(4696)
Ord(6054)
Ord(4588)
Ord(5163)
Ord(2626)
Ord(2411)
Ord(2567)
Ord(4152)
Ord(4858)
Ord(784)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(3058)
Ord(860)
Ord(5731)
_except_handler3
__CxxFrameHandler
_gcvt
fseek
?terminate@@YAXXZ
memmove
_ftol
_wfopen
fread
fclose
_CIpow
free
_onexit
__dllonexit
ftell
sprintf
rewind
calloc
_purecall
GetSubMenu
SetTimer
IsWindow
GetParent
UpdateWindow
InflateRect
EnableWindow
LoadMenuA
KillTimer
CopyRect
SendMessageA
GetClientRect
FillRect
DrawEdge
GetSysColor
DrawFocusRect
InvalidateRect
Number of PE resources by type
RT_MENU 88
RT_STRING 14
RT_DIALOG 6
Struct(240) 3
RT_ICON 1
RT_DLGINCLUDE 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 38
NEUTRAL 34
CHINESE NEUTRAL 29
ENGLISH AUS 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:07 18:22:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

FileAccessDate
2014:10:31 22:48:09+01:00

EntryPoint
0x2750

InitializedDataSize
258048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:10:31 22:48:09+01:00

UninitializedDataSize
0

File identification
MD5 115ddb510083b99f04aef0e9045057fb
SHA1 e40a22ff77e25d63b213ecd09e7a994c124a3ab0
SHA256 4f9865e56e7a4299b5a414707d24af766482b62d8a84bdb11355809d99629ac1
ssdeep
6144:WCH+u9F8qXtui9OdXqA9JlCo/qhjFLNvXGiq4+gqi/:eKF8qXDOdXlgJNuc+gv

authentihash a2e2fbd9c68ff2178524901e86725d605853df5022689913e8ff794364741957
imphash 977ce628d88a8e1f9865af280d684649
File size 292.5 KB ( 299520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-31 21:46:08 UTC ( 4 years, 4 months ago )
Last submission 2014-10-31 21:46:08 UTC ( 4 years, 4 months ago )
File names 4f9865e56e7a4299b5a414707d24af766482b62d8a84bdb11355809d99629ac1.exe
vt-upload-QFFAh
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.