× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57dc2cb08cd8429abae4254128649ca4e38714c210fba62c3f9cd2a99dcc7c7e
File name: ea8f360f06b949b50b88676498e92c30.virobj
Detection ratio: 49 / 62
Analysis date: 2017-04-28 11:11:28 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.42484 20170428
AegisLab Troj.Spy.W32.Zbot!c 20170428
ALYac Gen:Variant.Symmi.42484 20170428
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet 20170428
Arcabit Trojan.Symmi.DA5F4 20170428
Avast Win32:Vobfus-Q [Wrm] 20170428
AVG Inject2.BFDJ 20170428
Avira (no cloud) TR/Crypt.ZPACK.Gen9 20170428
AVware Trojan.Win32.Generic!BT 20170428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170428
BitDefender Gen:Variant.Symmi.42484 20170428
Bkav W32.Clodde5.Trojan.a440 20170428
CAT-QuickHeal TrojanPWS.Zbot.AP4 20170428
Comodo UnclassifiedMalware 20170428
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.FTKB-1306 20170428
DrWeb Trojan.DownLoad3.35002 20170428
Emsisoft Gen:Variant.Symmi.42484 (B) 20170428
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/Spy.Zbot.YW 20170428
F-Prot W32/Trojan3.RWX 20170428
F-Secure Gen:Variant.Symmi.42484 20170428
Fortinet W32/Emotet.AB!tr 20170428
GData Gen:Variant.Symmi.42484 20170428
Ikarus Trojan.Win32.Boaxxe 20170428
Sophos ML virus.win32.sality.at 20170413
Jiangmin Backdoor/DarkKomet.gdf 20170428
K7AntiVirus Spyware ( 00009b291 ) 20170428
K7GW Spyware ( 00009b291 ) 20170426
Kaspersky Trojan-Spy.Win32.Zbot.upfq 20170428
Malwarebytes Trojan.Spy.Zbot 20170428
McAfee Generic-FAUT!EA8F360F06B9 20170428
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20170427
Microsoft VirTool:Win32/CeeInject.gen!KK 20170428
eScan Gen:Variant.Symmi.42484 20170428
NANO-Antivirus Trojan.Win32.Panda.djdhwt 20170428
Palo Alto Networks (Known Signatures) generic.ml 20170428
Panda Trj/Genetic.gen 20170427
Qihoo-360 Win32/Trojan.a81 20170428
Rising Trojan.Generic (cloud:MoET6bZFrMO) 20170428
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Zbot-QU 20170428
Symantec Trojan.Zbot 20170427
Tencent Win32.Trojan.Inject.Auto 20170428
VBA32 Backdoor.DarkKomet 20170428
VIPRE Trojan.Win32.Generic!BT 20170428
Webroot W32.Trojan.Gen 20170428
Yandex TrojanSpy.Zbot!VLG8pQPh2zw 20170427
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.upfq 20170428
AhnLab-V3 20170428
Alibaba 20170428
ClamAV 20170428
CMC 20170427
Kingsoft 20170428
nProtect 20170428
SUPERAntiSpyware 20170428
Symantec Mobile Insight 20170428
TheHacker 20170428
TotalDefense 20170426
TrendMicro 20170428
TrendMicro-HouseCall 20170428
Trustlook 20170428
ViRobot 20170428
WhiteArmor 20170409
Zillya 20170427
Zoner 20170428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2014

Product Inhabitants
Original name Inhabitants.exe
Internal name Inhabitants
File version 1, 0, 0, 1
Description Inhabitants
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-19 18:15:58
Entry Point 0x0000273C
Number of sections 4
PE sections
Overlays
MD5 f3826eb4c4743cc5ee18f2554dcdf11d
File type data
Offset 229376
Size 586
Entropy 7.61
PE imports
GetCurrentProcessId
OpenProcess
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(6113)
Ord(5573)
Ord(4621)
Ord(5298)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(2438)
Ord(5237)
Ord(665)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(4435)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(4852)
Ord(3313)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(5233)
Ord(1165)
Ord(2486)
Ord(617)
Ord(366)
Ord(4154)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(567)
Ord(4401)
Ord(2874)
Ord(4335)
Ord(4692)
Ord(674)
Ord(1767)
Ord(975)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(1658)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(2109)
Ord(2619)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(560)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(1937)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(4158)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(5180)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(2717)
Ord(324)
Ord(656)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5097)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(3054)
Ord(6372)
Ord(3131)
Ord(825)
Ord(5059)
Ord(3397)
Ord(3825)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(296)
Ord(5649)
Ord(5239)
Ord(3605)
Ord(5286)
Ord(4690)
_except_handler3
__p__fmode
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
_controlfp
exit
_XcptFilter
_wfopen
_initterm
_wcmdln
__p__commode
__set_app_type
GetModuleFileNameExW
EnableWindow
UpdateWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 3
RT_BITMAP 2
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 21
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Romanian

FileFlagsMask
0x003f

CharacterSet
Windows, Korea (Shift - KSC 5601)

InitializedDataSize
217088

EntryPoint
0x273c

OriginalFileName
Inhabitants.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2014

FileVersion
1, 0, 0, 1

TimeStamp
2014:11:19 19:15:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Inhabitants

ProductVersion
1, 0, 0, 1

FileDescription
Inhabitants

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

ProductName
Inhabitants

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ea8f360f06b949b50b88676498e92c30
SHA1 594f85ff91991e1c3dc08593df92c5f9ce904b74
SHA256 57dc2cb08cd8429abae4254128649ca4e38714c210fba62c3f9cd2a99dcc7c7e
ssdeep
3072:aWjVbdboJ4LWKf0si/gXPNrhWIhBa/oqzjibmRvwiYDc071YEaRtJDdg86ZI0:aWjVdq4LWps0gXlrB9q6KoNAPEanJEL

authentihash 548268b9344b14645e126573536c45d653ac12bc1ffc800b820c64909c03022c
imphash 2f5ab7d663eb242e44728d9be887c8b4
File size 224.6 KB ( 229962 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-11-20 15:36:50 UTC ( 4 years, 1 month ago )
Last submission 2017-04-28 11:11:28 UTC ( 1 year, 8 months ago )
File names Inhabitants
ea8f360f06b949b50b88676498e92c30.virobj
Inhabitants.exe
orderfiles.exe
57dc2cb08cd8429abae4254128649ca4e38714c210fba62c3f9cd2a99dcc7c7e.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EGB15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.