× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 566ba3397e7137a69209008af26e73be7232318777af15375c3957a11f89e81f
File name: ab80f1de6a466bffed50cb3801b7dae8
Detection ratio: 44 / 67
Analysis date: 2017-12-27 16:58:12 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.270390 20171225
AegisLab Troj.W32.Mucc!c 20171227
ALYac Gen:Variant.Zusy.270390 20171227
Antiy-AVL Trojan/Win32.SGeneric 20171227
Arcabit Trojan.Zusy.D42036 20171227
Avast Win32:Malware-gen 20171227
AVG Win32:Malware-gen 20171227
Avira (no cloud) TR/Dropper.VB.ndzcm 20171227
AVware Trojan.Win32.Generic!BT 20171227
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9954 20171227
BitDefender Gen:Variant.Zusy.270390 20171227
CAT-QuickHeal Trojan.Mucc 20171227
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.2c184f 20171103
Cylance Unsafe 20171227
Emsisoft Gen:Variant.Zusy.270390 (B) 20171227
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DUQW 20171227
F-Secure Gen:Variant.Zusy.270390 20171227
Fortinet W32/GenKryptik.BJFQ!tr 20171227
Ikarus Trojan.Win32.Injector 20171227
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 005214091 ) 20171227
K7GW Trojan ( 005214091 ) 20171227
Kaspersky Trojan.Win32.Mucc.fay 20171227
MAX malware (ai score=100) 20171227
McAfee Artemis!AB80F1DE6A46 20171227
McAfee-GW-Edition BehavesLike.Win32.Emotet.hc 20171227
Microsoft Trojan:Win32/Totbrick.H 20171227
eScan Gen:Variant.Zusy.270390 20171227
NANO-Antivirus Trojan.Win32.Mucc.ewgflq 20171227
Palo Alto Networks (Known Signatures) generic.ml 20171227
Panda Trj/GdSda.A 20171227
Qihoo-360 Win32/Trojan.bc8 20171227
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Troj/TrikBot-AU 20171227
Symantec Trojan.Gen 20171227
Tencent Win32.Trojan.Mucc.Lorg 20171227
TrendMicro TROJ_GEN.R020C0DLJ17 20171227
TrendMicro-HouseCall TROJ_GEN.R020C0DLJ17 20171227
VIPRE Trojan.Win32.Generic!BT 20171227
ViRobot Trojan.Win32.Z.Zusy.512000.EB 20171227
Webroot W32.Trojan.Gen 20171227
ZoneAlarm by Check Point Trojan.Win32.Mucc.fay 20171227
AhnLab-V3 20171227
Alibaba 20171227
Avast-Mobile 20171226
Bkav 20171227
ClamAV 20171227
CMC 20171227
Comodo 20171227
Cyren 20171227
DrWeb 20171227
eGambit 20171227
F-Prot 20171227
Jiangmin 20171227
Kingsoft 20171227
Malwarebytes 20171227
nProtect 20171227
Rising 20171227
SUPERAntiSpyware 20171227
Symantec Mobile Insight 20171227
TheHacker 20171226
TotalDefense 20171227
Trustlook 20171227
VBA32 20171227
WhiteArmor 20171226
Yandex 20171225
Zillya 20171226
Zoner 20171227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
micrograms from foods or dietary supplements.

Product microgram
Original name zwsend.exe
Internal name zwsend
File version 5.00
Description micrograms from foods or dietary supplements.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-18 13:21:59
Entry Point 0x0000113C
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(516)
Ord(661)
Ord(546)
EVENT_SINK_AddRef
Ord(650)
Ord(300)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(540)
Ord(599)
Ord(608)
Ord(309)
Ord(100)
Ord(573)
ProcCallEngine
Ord(711)
Ord(606)
EVENT_SINK_Release
Ord(595)
Ord(303)
Ord(538)
Ord(306)
Ord(617)
Ord(644)
Ord(541)
Number of PE resources by type
RT_ICON 6
BUILDNUMBER2464 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
RUSSIAN 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
5.0

FileSubtype
0

FileVersionNumber
5.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
micrograms from foods or dietary supplements.

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
319488

EntryPoint
0x113c

OriginalFileName
zwsend.exe

MIMEType
application/octet-stream

LegalCopyright
micrograms from foods or dietary supplements.

FileVersion
5.0

TimeStamp
2017:12:18 14:21:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
zwsend

ProductVersion
5.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
188416

ProductName
microgram

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ab80f1de6a466bffed50cb3801b7dae8
SHA1 17d91b22c184f5bb2851133e9ef7dccdab354859
SHA256 566ba3397e7137a69209008af26e73be7232318777af15375c3957a11f89e81f
ssdeep
12288:dvyvavyvCoYZMJO/xavnG3qutlqVRdfE/QPco3nvyvX:Ro8ewxavnGauuVRFTO

authentihash 48fad6d771040c289af1515489ebc6446ebbe903299fae6810dc24e27ea2a772
imphash 5fbd126e0301380059f28b3d92dec160
File size 500.0 KB ( 512000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-24 01:00:12 UTC ( 1 year, 2 months ago )
Last submission 2018-05-28 17:57:34 UTC ( 9 months ago )
File names zwsend
zwsend.exe
ab80f1de6a466bffed50cb3801b7dae8
1024-17d91b22c184f5bb2851133e9ef7dccdab354859
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!