× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57612faa10fedff25c65a97661245a82fc1db18c578a84fa52fa91f5c95df995
File name: 47e3979a138ba5d07db70311309bb560
Detection ratio: 29 / 57
Analysis date: 2015-01-31 18:41:55 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.537219 20150131
AhnLab-V3 Trojan/Win32.Zbot 20150131
ALYac Gen:Variant.Kazy.537219 20150131
Avast Win32:Zbot-UVQ [Trj] 20150131
AVG PSW.Generic12.BEEC 20150131
Avira (no cloud) TR/Crypt.EPACK.30840 20150131
AVware Trojan.Win32.Generic!BT 20150131
BitDefender Gen:Variant.Kazy.537219 20150131
Cyren W32/Trojan.CAAS-8514 20150131
Emsisoft Gen:Variant.Kazy.537219 (B) 20150131
ESET-NOD32 a variant of Win32/Kryptik.CVYS 20150131
F-Secure Gen:Variant.Kazy.537219 20150131
Fortinet W32/Kryptik.CVYS!tr 20150131
GData Gen:Variant.Kazy.537219 20150131
Ikarus Trojan-Spy.Zbot 20150131
K7AntiVirus Riskware ( 0040eff71 ) 20150131
K7GW Riskware ( 0040eff71 ) 20150130
McAfee Artemis!47E3979A138B 20150131
McAfee-GW-Edition BehavesLike.Win32.BadFile.hz 20150131
Microsoft PWS:Win32/Zbot.gen!VM 20150131
eScan Gen:Variant.Kazy.537219 20150131
Panda Trj/Genetic.gen 20150131
Qihoo-360 Win32/Trojan.3b0 20150131
Rising PE:Trojan.Win32.Generic.17F97E5A!402226778 20150130
Sophos AV Mal/Generic-S 20150131
Symantec Trojan.Gen 20150131
TotalDefense Win32/Zbot.eBAGBI 20150131
TrendMicro-HouseCall TROJ_GEN.R028H01AJ15 20150131
VIPRE Trojan.Win32.Generic!BT 20150131
AegisLab 20150130
Yandex 20150131
Alibaba 20150130
Antiy-AVL 20150131
Baidu-International 20150130
Bkav 20150130
ByteHero 20150131
CAT-QuickHeal 20150131
ClamAV 20150131
CMC 20150129
Comodo 20150131
DrWeb 20150131
F-Prot 20150131
Jiangmin 20150129
Kaspersky 20150131
Kingsoft 20150131
Malwarebytes 20150131
NANO-Antivirus 20150131
Norman 20150131
nProtect 20150130
SUPERAntiSpyware 20150131
Tencent 20150131
TheHacker 20150131
TrendMicro 20150131
VBA32 20150129
ViRobot 20150131
Zillya 20150131
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-25 00:17:31
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
AddFontResourceA
SetMapMode
EnumFontsW
TextOutA
GetMetaRgn
GetBrushOrgEx
GdiGetDevmodeForPage
GetBoundsRect
GetCharWidthI
OffsetClipRgn
GetFontLanguageInfo
GetObjectA
GetCurrentObject
GetMiterLimit
SetMiterLimit
GdiPlayPrivatePageEMF
GetLogColorSpaceW
GdiEndPageEMF
GetKerningPairsW
CreateColorSpaceA
RemoveFontResourceW
ExtCreatePen
SetTextCharacterExtra
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:03:25 01:17:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
431104

LinkerVersion
0.0

FileAccessDate
2015:01:31 19:37:48+01:00

EntryPoint
0x1000

InitializedDataSize
146968

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:01:31 19:37:48+01:00

UninitializedDataSize
0

File identification
MD5 47e3979a138ba5d07db70311309bb560
SHA1 2f9b31745165461addd237c20cb5d617319ddedb
SHA256 57612faa10fedff25c65a97661245a82fc1db18c578a84fa52fa91f5c95df995
ssdeep
3072:vJjJk4/zOXQn5I4cZTS7TdKjiMPwQI20Rj:v//KXQnGZTS3dBtQIRj

authentihash 5a952ecab9b6d8ac4a7298a470b9eacd7afc3e062e47bfc507c9088bf3b3d08e
imphash a93ccc08c888682938a3dce7cf10c12b
File size 565.5 KB ( 579072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-31 18:41:55 UTC ( 4 years, 1 month ago )
Last submission 2015-01-31 18:41:55 UTC ( 4 years, 1 month ago )
File names 47e3979a138ba5d07db70311309bb560
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications