× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 511575f9ec02ff502db06caca1c0afff0f1d3c1a0d4ee136f025f83d6f75d10c
File name: fb0731efa9c12165a3f1fbbcb8e13487.exe
Detection ratio: 35 / 38
Analysis date: 2013-01-18 03:25:53 UTC ( 6 years, 4 months ago )
Antivirus Result Update
Yandex TrojanSpy.ZBot.Gen!Pac.9 20130117
AhnLab-V3 Win-Trojan/Zbot.64000 20130117
AntiVir TR/Crypt.ZPACK.Gen 20130117
AVG Win32/Heri 20130117
BitDefender Trojan.Spy.Zbot.SO 20130118
CAT-QuickHeal TrojanPWS.Zbot.Y 20130117
ClamAV Trojan.Zbot-8956 20130118
Commtouch W32/Trojan2.LIFM 20130118
Comodo TrojWare.Win32.Spy.Zbot.GEN 20130118
Emsisoft Trojan.Spy.Win32.Zbot.AMN (A) 20130117
ESET-NOD32 Win32/Spy.Zbot.UN 20130117
F-Prot W32/Trojan2.LIFM 20130117
Fortinet W32/Zbot.gen!tr 20130118
Ikarus Trojan-Spy.Win32.Zbot 20130118
Jiangmin TrojanSpy.Zbot.xvc 20121221
K7AntiVirus Trojan 20130117
Kaspersky Trojan-Spy.Win32.Zbot.gen 20130118
Kingsoft Win32.Troj.Generic_01.g 20130115
Malwarebytes Spyware.Zbot 20130118
Microsoft PWS:Win32/Zbot.PG 20130118
eScan Trojan.Spy.Zbot.SO 20130118
NANO-Antivirus Trojan.Win32.Zbot.ofza 20130118
Norman W32/ZBot.gen.gen 20130117
nProtect Trojan.Spy.Zbot.SO 20130117
Panda Trj/Sinowal.DW 20130117
PCTools HeurEngine.MaliciousPacker 20130118
Sophos AV Mal/Zbot-O 20130117
Symantec Packed.Generic.232 20130117
TheHacker Trojan/Spy.Zbot.gen 20130117
TotalDefense Win32/KollahCryptor.B 20130117
TrendMicro TSPY_ZBOT.SMLA 20130118
TrendMicro-HouseCall TROJ_GEN.F47V1005 20130118
VBA32 Malware-Cryptor.Win32.Vals.22 20130117
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20130118
ViRobot Spyware.Zbot.62976.AL 20130118
Antiy-AVL 20130117
ByteHero 20130117
SUPERAntiSpyware 20130118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-12-25 04:06:32
Entry Point 0x0000AB93
Number of sections 3
PE sections
PE imports
DuplicateTokenEx
CryptReleaseContext
GetUserNameW
CryptGetHashParam
RegQueryValueExA
CryptAcquireContextW
RegEnumKeyExA
CryptDestroyHash
CryptCreateHash
lstrcpynW
ExpandEnvironmentStringsW
GetFileSizeEx
GetSystemTime
SetFilePointer
GetModuleFileNameW
SetFileTime
GetVersionExW
CreateProcessW
CreateFileA
lstrcpyA
CreateMutexW
WaitForSingleObject
VirtualProtect
GetModuleFileNameA
HeapReAlloc
VirtualAlloc
GetEnvironmentVariableW
GetModuleHandleA
ResetEvent
StrCmpNIW
wvnsprintfA
PathFindFileNameW
wnsprintfW
PathFileExistsW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
StrStrW
PathCombineW
GetCursorPos
GetForegroundWindow
SetProcessWindowStation
GetKeyboardState
EndDialog
DrawIcon
SendMessageA
SetThreadDesktop
GetClassNameA
GetDlgItem
ToUnicode
MsgWaitForMultipleObjects
GetWindowTextA
GetIconInfo
GetClipboardData
GetKeyState
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:12:25 04:06:32+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
9.0

EntryPoint
0xab93

InitializedDataSize
23040

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 fb0731efa9c12165a3f1fbbcb8e13487
SHA1 4ee2b8613c1f25be9da014fae55981d6fb6c72f5
SHA256 511575f9ec02ff502db06caca1c0afff0f1d3c1a0d4ee136f025f83d6f75d10c
ssdeep
1536:I8jOpViPoyxkT+Qb0eM225hi9wADSxC/MZHAkL+:I8kiQfyNeOf6xWxC/MNX+

File size 61.5 KB ( 62976 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2009-12-20 01:40:17 UTC ( 9 years, 5 months ago )
Last submission 2011-05-05 12:08:13 UTC ( 8 years ago )
File names OoL6BB91.bz2
aa
fb0731efa9c12165a3f1fbbcb8e13487.exe
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!