× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 539be5146016a5e21d8d6e7471fbc430cd2e0b333ba9dd9c3f4fee7fb9166fe5
File name: 539be5146016a5e21d8d6e7471fbc430cd2e0b333ba9dd9c3f4fee7fb9166fe5.vir
Detection ratio: 45 / 55
Analysis date: 2016-01-13 02:01:45 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.76760 20160112
Yandex TrojanSpy.Zbot!x3Ur3PI4UfY 20160111
AhnLab-V3 Trojan/Win32.Zbot 20160112
ALYac Gen:Variant.Kazy.76760 20160113
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160113
Arcabit Trojan.Kazy.D12BD8 20160113
Avast Win32:Susn-AU [Trj] 20160113
AVG Win32/Cryptor 20160113
Avira (no cloud) DR/Delphi.Gen7 20160113
AVware Trojan.Win32.Generic.pak!cobra 20160111
BitDefender Gen:Variant.Kazy.76760 20160113
Bkav HW32.Packed.A30B 20160112
CAT-QuickHeal Trojan.Kanots.A 20160112
ClamAV Win.Trojan.Zbot-27879 20160113
Comodo ApplicUnwnt.Win32.Hoax.ArchSMS.SIE 20160113
DrWeb Trojan.SMSSend.2363 20160113
Emsisoft Gen:Variant.Kazy.76760 (B) 20160113
ESET-NOD32 Win32/Spy.Zbot.YW 20160113
F-Secure Gen:Variant.Kazy.76760 20160113
Fortinet W32/Kryptik.WED!tr 20160113
GData Gen:Variant.Kazy.76760 20160113
Ikarus Win32.SuspectCrc 20160113
Jiangmin TrojanSpy.Zbot.btbm 20160112
K7AntiVirus Spyware ( 00009b291 ) 20160112
K7GW Spyware ( 00009b291 ) 20160113
Kaspersky HEUR:Trojan.Win32.Generic 20160112
Malwarebytes Spyware.ZeuS 20160113
McAfee PWS-Zbot.gen.aeq 20160113
McAfee-GW-Edition BehavesLike.Win32.Ransom.ch 20160113
Microsoft Trojan:Win32/Toga!rfn 20160113
eScan Gen:Variant.Kazy.76760 20160113
NANO-Antivirus Trojan.Win32.SmsSend.cbobaq 20160112
nProtect Trojan-Spy/W32.ZBot.195585 20160112
Panda Generic Malware 20160112
Qihoo-360 HEUR/Malware.QVM20.Gen 20160113
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160112
Sophos AV Mal/EncPk-AEH 20160113
Symantec Infostealer 20160112
TheHacker Trojan/Kryptik.ahco 20160107
TrendMicro TSPY_ZBOT.SMAR 20160113
TrendMicro-HouseCall TSPY_ZBOT.SMAR 20160113
VBA32 TrojanSpy.Zbot 20160112
VIPRE Trojan.Win32.Generic.pak!cobra 20160113
ViRobot Trojan.Win32.A.Zbot.195585.B[h] 20160112
Zillya Trojan.Zbot.Win32.62018 20160112
AegisLab 20160112
Alibaba 20160112
Baidu-International 20160112
ByteHero 20160113
CMC 20160111
Cyren 20160113
F-Prot 20160111
SUPERAntiSpyware 20160113
TotalDefense 20160112
Zoner 20160113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002BF08
Number of sections 6
PE sections
Overlays
MD5 d270290e34de0bcf1be1eed3388ce762
File type data
Offset 195072
Size 513
Entropy 7.57
PE imports
GetUserNameW
ReplaceTextA
ChooseColorW
GlobalDeleteAtom
lstrlenA
LoadLibraryW
lstrlen
DeleteTimerQueueEx
GetUserGeoID
LocalAlloc
LCMapStringW
GetCommandLineW
EnumerateLocalComputerNamesW
SetThreadAffinityMask
WaitForMultipleObjects
Process32FirstW
GetProfileStringW
GetStringTypeA
Module32NextW
GetACP
GlobalMemoryStatus
DuplicateConsoleHandle
WriteConsoleOutputCharacterA
GetProcessTimes
LeaveCriticalSection
PathSetDlgItemPathW
PathIsNetworkPathA
SHRegDeleteEmptyUSKeyA
SetMenuContextHelpId
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
SetWindowWord
SetWindowLongW
SetDlgItemTextA
LoadKeyboardLayoutW
SetDlgItemInt
CascadeWindows
GetMenuDefaultItem
GetWindowWord
IsCharAlphaNumericA
GetDlgCtrlID
PrintWindow
SetDoubleClickTime
GetRawInputDeviceInfoA
GetDlgItem
BringWindowToTop
GetThreadDesktop
CreateWindowExA
AlignRects
PostThreadMessageW
CloseDesktop
DrawFrame
EnumPropsW
GetInternalWindowPos
VerInstallFileA
VerQueryValueW
GetFileVersionInfoA
VerFindFileW
EndDocPrinter
ConnectToPrinterDlg
ConvertUnicodeDevModeToAnsiDevmode
DeletePrinterDriverA
AddPrintProcessorA
Number of PE resources by type
RT_DIALOG 5
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
176640

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
17408

SubsystemVersion
4.0

EntryPoint
0x2bf08

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d310dd2fe534b7a9cb3bbf999bf42475
SHA1 c21e0a5b87d85c4d8e0fd17ea39460cb90b43629
SHA256 539be5146016a5e21d8d6e7471fbc430cd2e0b333ba9dd9c3f4fee7fb9166fe5
ssdeep
3072:X2j0wLl/EC8sW89i+6X367jtTgDGTJQ/MUlWPo8NIkMkgihZzbVN77Jp7vQzrU3m:X2j0cl8C8sWj+6X36vtTaG2/MUwP5NvM

authentihash 1476d6dd4ef65b6042293ab69c7c9db5926360ca2eb39358df564f76846aa4e6
imphash b2d46e034d9e332ba0fd9914caf04d69
File size 191.0 KB ( 195585 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-06-11 11:04:41 UTC ( 6 years, 7 months ago )
Last submission 2016-01-13 02:01:45 UTC ( 3 years ago )
File names 1816185
rapport.pdf.exe
rapport.pdf.exe
output.1698063.txt
output.1816185.txt
d310dd2fe534b7a9cb3bbf999bf42475
1698063
aa
ba97335eebf51e4898322556088b62f1329a03cb52c75a73185dbd179df170cd370aefd22c6ee07eff4c0d5f954171c7a9df6ca52138994b72540058ca6cc93b
file
539be5146016a5e21d8d6e7471fbc430cd2e0b333ba9dd9c3f4fee7fb9166fe5.vir
539be5146016a5e21d8d6e7471fbc430cd2e0b333ba9dd9c3f4fee7fb9166fe5
rapport.pdf.ex=
test.txt
file-4086650_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!