× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5726a94295eb3fa83e6deda604b5c53a7593d1df3c02f972cd339fb83ad64842
File name: 5726a94295eb3fa83e6deda604b5c53a7593d1df3c02f972cd339fb83ad64842.vir
Detection ratio: 37 / 56
Analysis date: 2015-12-12 08:53:39 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.38626 20151212
Yandex TrojanSpy.Zbot!1K5phr9mWuw 20151211
AhnLab-V3 Trojan/Win32.Zbot 20151211
ALYac Gen:Variant.Symmi.38626 20151212
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151212
Arcabit Trojan.Symmi.D96E2 20151212
Avast Win32:Zbot-TFB [Trj] 20151212
AVG Zbot.HMA 20151212
Avira (no cloud) TR/Dropper.VB.Gen8 20151211
AVware Trojan.Win32.Generic!BT 20151212
BitDefender Gen:Variant.Symmi.38626 20151212
ByteHero Virus.Win32.Heur.p 20151212
CAT-QuickHeal TrojanSpy.Zbot.r3 20151212
Comodo UnclassifiedMalware 20151208
DrWeb Trojan.PWS.Panda.2401 20151212
Emsisoft Gen:Variant.Symmi.38626 (B) 20151212
ESET-NOD32 a variant of Win32/Injector.AUJW 20151212
F-Secure Gen:Variant.Symmi.38626 20151211
Fortinet W32/Zbot.AAO!tr 20151212
GData Gen:Variant.Symmi.38626 20151212
Ikarus Trojan.Dropper 20151212
K7AntiVirus Trojan ( 004ab35f1 ) 20151212
K7GW Trojan ( 004ab35f1 ) 20151212
Kaspersky Trojan-Spy.Win32.Zbot.rzhv 20151212
Malwarebytes Trojan.VBInject 20151212
McAfee Artemis!CC2F6DC6DE38 20151212
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20151212
eScan Gen:Variant.Symmi.38626 20151212
NANO-Antivirus Trojan.Win32.Zbot.cwtpts 20151212
Panda Trj/Genetic.gen 20151211
Qihoo-360 Win32/Trojan.Spy.c32 20151212
Rising PE:Trojan.FakeIcon!1.64A5 [F] 20151211
Sophos Mal/VBZbot-B 20151212
Symantec Trojan.Zbot 20151211
Tencent Win32.Trojan-spy.Zbot.Syrv 20151212
VIPRE Trojan.Win32.Generic!BT 20151212
ViRobot Trojan.Win32.S.Agent.372721[h] 20151212
AegisLab 20151212
Alibaba 20151208
Baidu-International 20151212
Bkav 20151211
ClamAV 20151212
CMC 20151211
Cyren 20151212
F-Prot 20151212
Jiangmin 20151211
Microsoft 20151212
nProtect 20151211
SUPERAntiSpyware 20151212
TheHacker 20151211
TotalDefense 20151212
TrendMicro 20151212
TrendMicro-HouseCall 20151212
VBA32 20151211
Zillya 20151211
Zoner 20151212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Symantec Corporation Blue

Product Scyt noncapit loudspea hyssopus
Original name Brac.exe
Internal name Brac
File version 7.05.0009
Description Ithunn tranvia spina's amplific
Signature verification The digital signature of the object did not verify.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-10 22:45:55
Entry Point 0x000DA7E0
Number of sections 3
PE sections
Overlays
MD5 d6972942beb4c94865b1f0f1f51c35e3
File type data
Offset 340480
Size 32241
Entropy 7.74
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(546)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
7.5

FileSubtype
0

FileVersionNumber
7.5.0.9

UninitializedDataSize
577536

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0xda7e0

OriginalFileName
Brac.exe

MIMEType
application/octet-stream

LegalCopyright
Symantec Corporation Blue

FileVersion
7.05.0009

TimeStamp
2013:12:10 22:45:55+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Brac

ProductVersion
7.05.0009

FileDescription
Ithunn tranvia spina's amplific

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Symantec Corporation Orange

CodeSize
315392

ProductName
Scyt noncapit loudspea hyssopus

ProductVersionNumber
7.5.0.9

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cc2f6dc6de38fd93ed5da946485e949b
SHA1 5f4989837776195e7cb0f04875cd9637dab20945
SHA256 5726a94295eb3fa83e6deda604b5c53a7593d1df3c02f972cd339fb83ad64842
ssdeep
6144:3Z2AIFYSvBnsBVmk8wIdZYmH8mZ6LvdepLDbbbAW9XH/v4HZV3+Ajr1vth:fIFYaBnsnJ8ZZDHWgrAMHHI+Atv7

authentihash fa3e2606918b8625b00ce7b1bdc0ae8c683f2fdab84b0bdd0b825a9e1364a888
imphash 9f965e238de315597d990bf81c19377f
File size 364.0 KB ( 372721 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2014-04-20 20:18:34 UTC ( 3 years, 2 months ago )
Last submission 2015-12-12 08:53:39 UTC ( 1 year, 6 months ago )
File names Brac
cc2f6dc6de38fd93ed5da946485e949b
5726a94295eb3fa83e6deda604b5c53a7593d1df3c02f972cd339fb83ad64842.vir
vt-upload-SOtIA
Brac.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.