× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5180380fe533df4ce2f03d32cd615c6350dbfc56e1f86cb95ddc8d95d1d1c629
File name: b44bfb5daac1e64d6e0b7e2f617ab3d1.virobj
Detection ratio: 39 / 56
Analysis date: 2015-10-10 06:15:51 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Zum.Androm.1 20151010
Yandex Trojan.Inject!CaXp4pbvlYI 20151009
AhnLab-V3 Trojan/Win32.ZBot 20151009
Arcabit Zum.Androm.1 20151010
Avast Win32:Agent-AYTU [Trj] 20151010
AVG Inject2.ARAN 20151010
Avira (no cloud) TR/PSW.Zbot.16320 20151010
AVware Trojan.Win32.Generic!BT 20151010
BitDefender Zum.Androm.1 20151010
CAT-QuickHeal TrojanSpy.Zbot.r5 20151009
Comodo UnclassifiedMalware 20151010
Cyren W32/Injector.DWOT-9019 20151010
DrWeb Trojan.PWS.Panda.547 20151010
Emsisoft Zum.Androm.1 (B) 20151010
ESET-NOD32 NSIS/Agent.NBL 20151009
F-Prot W32/Injector.LS 20151010
F-Secure Zum.Androm.1 20151010
Fortinet W32/Kryptik.CKFX!tr 20151010
GData Zum.Androm.1 20151010
Ikarus Trojan-Spy.Win32.Zbot 20151010
K7AntiVirus Trojan ( 0049ffaf1 ) 20151009
K7GW Trojan ( 0049ffaf1 ) 20151010
Kaspersky Trojan-Spy.Win32.Zbot.ttgi 20151010
Kingsoft Win32.Troj.Zbot.tt.(kcloud) 20151010
Malwarebytes Trojan.Dropper.ED 20151010
McAfee RDN/Spybot.bfr!n 20151010
McAfee-GW-Edition BehavesLike.Win32.AdwareDoma.dc 20151010
Microsoft PWS:Win32/Zbot 20151010
eScan Zum.Androm.1 20151010
NANO-Antivirus Trojan.Win32.Inject.ddyczb 20151010
nProtect Zum.Androm.1 20151008
Panda Trj/CI.A 20151009
Qihoo-360 Win32/Trojan.Spy.42f 20151010
Sophos Troj/Zbot-ITR 20151010
Tencent Win32.Trojan-spy.Zbot.Pdlz 20151010
TrendMicro TSPY_ZBOT.SDN 20151010
TrendMicro-HouseCall TSPY_ZBOT.SDN 20151010
VBA32 Trojan.Inject 20151009
VIPRE Trojan.Win32.Generic!BT 20151010
AegisLab 20151009
Alibaba 20151010
ALYac 20151010
Antiy-AVL 20151010
Baidu-International 20151009
Bkav 20151008
ByteHero 20151010
ClamAV 20151009
CMC 20151009
Jiangmin 20151008
Rising 20151009
SUPERAntiSpyware 20151010
TheHacker 20151010
TotalDefense 20151010
ViRobot 20151010
Zillya 20151009
Zoner 20151010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Pneumothorax 2003-2010

Publisher Pneumothorax
Product Release
File version 3.1.4.2
Description The unconciliatory shapings atop the nationalists
Packers identified
Command NSIS
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:03:36
Entry Point 0x00003217
Number of sections 5
PE sections
Overlays
MD5 bf4367d76826fcded5e64ea77cae35b1
File type data
Offset 40960
Size 176852
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 3
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.1.4.2

UninitializedDataSize
1024

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
117760

EntryPoint
0x3217

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Pneumothorax 2003-2010

FileVersion
3.1.4.2

TimeStamp
2014:05:11 21:03:36+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.1.4.2

FileDescription
The unconciliatory shapings atop the nationalists

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pneumothorax

CodeSize
23552

ProductName
Release

ProductVersionNumber
3.1.4.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b44bfb5daac1e64d6e0b7e2f617ab3d1
SHA1 415a9ed0408959ac74a253df522175d0503845ee
SHA256 5180380fe533df4ce2f03d32cd615c6350dbfc56e1f86cb95ddc8d95d1d1c629
ssdeep
6144:EDpoeP3UvG+qEFoNrF2bsUWvSlja9NoJo5M25HOrW:AEvG+VFsFDARa3VOC

authentihash 601b5116f118468e8917b0714f19aee4e4aedcb73243fff33e6522687e18b120
imphash 59a4a44a250c4cf4f2d9de2b3fe5d95f
File size 212.7 KB ( 217812 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2014-08-12 04:17:51 UTC ( 2 years, 8 months ago )
Last submission 2015-10-10 06:15:51 UTC ( 1 year, 6 months ago )
File names b44bfb5daac1e64d6e0b7e2f617ab3d1.virobj
c-a48d6-7136-1407816977
virussign.com_b44bfb5daac1e64d6e0b7e2f617ab3d1.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.