× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 59246a0a6176a2c229b9227d1b9b6428195bf62abbf720494a1c9d267890fcdb
File name: 8f8e84c1d982c53a6a171c9be55097b9
Detection ratio: 41 / 56
Analysis date: 2017-01-24 21:32:36 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Spy.Zbot.FCQ 20170124
AegisLab Backdoor.W32.ZAccess.baqp!c 20170124
ALYac Trojan.Spy.Zbot.FCQ 20170124
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20170124
Arcabit Trojan.Spy.Zbot.FCQ 20170124
Avast Win32:Karagany 20170124
AVG Win32/DH{bg?} 20170124
Avira (no cloud) TR/Crypt.ZPACK.Gen 20170124
AVware Trojan.Win32.Zbot.dhn (v) 20170124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20170124
BitDefender Trojan.Spy.Zbot.FCQ 20170124
Comodo TrojWare.Win32.Trojan.Agent.Gen 20170124
CrowdStrike Falcon (ML) malicious_confidence_91% (D) 20161024
DrWeb Trojan.Packed.23728 20170124
Emsisoft Trojan.Spy.Zbot.FCQ (B) 20170124
ESET-NOD32 a variant of Win32/Kryptik.ARZG 20170124
F-Secure Trojan:W32/Kamala.A 20170124
Fortinet W32/Zbot.FG!tr 20170124
GData Trojan.Spy.Zbot.FCQ 20170124
Ikarus Trojan-Downloader.Win32.Cbeplay 20170124
Sophos ML trojandropper.win32.bunitu.g 20170111
Jiangmin Backdoor/ZAccess.imo 20170124
Kaspersky HEUR:Trojan.Win32.Generic 20170124
McAfee PWS-Zbot.gen.xd 20170124
McAfee-GW-Edition PWS-Zbot.gen.xd 20170124
Microsoft TrojanDownloader:Win32/Cbeplay.P 20170124
eScan Trojan.Spy.Zbot.FCQ 20170124
NANO-Antivirus Trojan.Win32.ZAccess.beptgv 20170124
Panda Trj/Genetic.gen 20170124
Qihoo-360 HEUR/Malware.QVM20.Gen 20170124
Rising Trojan.Generic-Dg5hVIqjTMG (cloud) 20170124
Sophos AV Mal/EncPk-AIR 20170124
Symantec ML.Relationship.HighConfidence [Backdoor.Trojan] 20170124
Tencent Win32.Backdoor.Zaccess.ccjm 20170124
TheHacker Trojan/Kryptik.arzg 20170123
TrendMicro TROJ_SIGEKAF.SM 20170124
TrendMicro-HouseCall TROJ_SIGEKAF.SM 20170124
VBA32 Backdoor.ZAccess 20170124
VIPRE Trojan.Win32.Zbot.dhn (v) 20170124
Yandex Trojan.Kryptik!20CrnJFUMy0 20170123
Zillya Backdoor.ZAccess.Win32.11793 20170124
AhnLab-V3 20170124
Alibaba 20170122
CAT-QuickHeal 20170124
ClamAV 20170124
CMC 20170124
Cyren 20170124
F-Prot 20170124
K7AntiVirus 20170124
K7GW 20170124
Kingsoft 20170124
Malwarebytes 20170124
nProtect 20170124
SUPERAntiSpyware 20170124
TotalDefense 20170124
Trustlook 20170124
ViRobot 20170124
WhiteArmor 20170123
Zoner 20170124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 10:32 PM 1/24/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-10 08:50:07
Entry Point 0x00001A40
Number of sections 5
PE sections
Overlays
MD5 eec9115a86028030e41efd4a758b7a7b
File type data
Offset 105472
Size 13064
Entropy 5.75
PE imports
RegOpenKeyExW
GetStockObject
VirtualAllocEx
lstrcatA
ReadFile
GetWindowsDirectoryA
ExitProcess
CreateFileA
RegisterClassExA
PlaySoundA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:10 09:50:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
2.5

FileTypeExtension
exe

InitializedDataSize
100864

SubsystemVersion
4.0

EntryPoint
0x1a40

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8f8e84c1d982c53a6a171c9be55097b9
SHA1 986d46c5889a2231ac094fb2f7e1f65a0360e354
SHA256 59246a0a6176a2c229b9227d1b9b6428195bf62abbf720494a1c9d267890fcdb
ssdeep
3072:haysPrmSGDae8oBWr7+Y1KQgQbhCPJPsMsbsxsDFN:tsjmz+VlcQgohgJPZmQa

authentihash 12d7f02a15b1b68476293aa433be47af40075054490bfb26d0b3f4036234f29f
imphash 4a3b6e9978a909e996223a7d80090767
File size 115.8 KB ( 118536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (75.0%)
Win64 Executable (generic) (15.3%)
Win32 Dynamic Link Library (generic) (3.6%)
Win32 Executable (generic) (2.5%)
Win16/32 Executable Delphi generic (1.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-01-10 14:09:05 UTC ( 6 years ago )
Last submission 2017-01-24 21:32:36 UTC ( 1 year, 11 months ago )
File names 8f8e84c1d982c53a6a171c9be55097b9
wgsdgsdgdsgsd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications