× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5993447f8d1dc4a29c529b11b014eee79196b3a5752285fcbf52682148f237b6
File name: 71aacf0849211dd49d43316fe9bfe061a832251c
Detection ratio: 45 / 49
Analysis date: 2014-03-13 01:45:28 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Adware.Symmi.24055 20140313
Yandex Trojan.Agent!PkaqPp1wCeE 20140312
AntiVir TR/Kazy.MK 20140312
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140311
Avast Win32:Zbot-NRC [Trj] 20140313
AVG Agent.7.BB 20140312
Baidu-International Trojan.Win32.Zbot.aw 20140312
BitDefender Gen:Variant.Adware.Symmi.24055 20140313
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140312
ClamAV Trojan.Spy.Zbot-142 20140312
CMC Packed.Win32.Toggaf.4!O 20140312
Commtouch W32/Zbot.BR.gen!Eldorado 20140313
Comodo TrojWare.Win32.Agent.~wkcf 20140312
DrWeb Trojan.PWS.Panda.655 20140313
Emsisoft Gen:Variant.Adware.Symmi.24055 (B) 20140313
ESET-NOD32 Win32/Spy.Zbot.AAQ 20140312
F-Prot W32/Zbot.BR.gen!Eldorado 20140313
F-Secure Gen:Variant.Adware.Symmi.24055 20140313
Fortinet W32/Zbot.AAU!tr 20140313
GData Gen:Variant.Adware.Symmi.24055 20140313
Ikarus Trojan-Spy.Win32.Zbot 20140313
Jiangmin TrojanSpy.Zbot.gitw 20140312
K7AntiVirus Spyware ( 002891031 ) 20140312
K7GW Spyware ( 002891031 ) 20140312
Kaspersky Trojan-Spy.Win32.Zbot.reuj 20140313
Kingsoft Win32.Troj.Undef.(kcloud) 20140313
Malwarebytes Trojan.Agent.ED 20140313
McAfee PWS-Zbot.gen.aov 20140313
McAfee-GW-Edition PWS-Zbot.gen.aov 20140312
Microsoft PWS:Win32/Zbot.gen!Y 20140313
eScan Gen:Variant.Adware.Symmi.24055 20140313
NANO-Antivirus Trojan.Win32.Panda.cqkzgd 20140312
Norman ZBot.VAL 20140312
nProtect Trojan-Spy/W32.ZBot.164864.BG 20140312
Panda Generic Malware 20140312
Qihoo-360 Win32/Trojan.333 20140313
Rising PE:Stealer.Zbot!1.648A 20140312
Sophos Troj/PWS-BSF 20140313
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140313
Symantec Trojan.Zbot 20140313
TotalDefense Win32/Zbot.CXZ 20140312
TrendMicro Cryp_Xin1 20140313
TrendMicro-HouseCall TROJ_GEN.F47V0311 20140313
VBA32 SScope.Trojan.FakeAV.01110 20140312
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20140313
AhnLab-V3 20140312
Bkav 20140312
ByteHero 20140313
TheHacker 20140312
ViRobot 20140312
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-30 19:39:18
Entry Point 0x0000EADC
Number of sections 3
PE sections
Overlays
MD5 75e0fef757153dff275748dcc634520c
File type data
Offset 162816
Size 2048
Entropy 7.85
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
CreateCompatibleDC
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleBitmap
DeleteObject
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
GetDriveTypeW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
LoadLibraryA
SetThreadPriority
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
OpenEventW
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetProcAddress
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
StrStrIA
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
SHDeleteKeyW
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
GetDC
GetCursorPos
ReleaseDC
SendMessageW
EndMenu
DefFrameProcA
DefMDIChildProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
GetMenuItemID
GetMessageA
GetUserObjectInformationW
GetParent
EqualRect
DefWindowProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
DrawEdge
SwitchDesktop
BeginPaint
DefWindowProcW
DrawIcon
MapVirtualKeyW
DefMDIChildProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SetProcessWindowStation
SetKeyboardState
GetClassLongW
CreateWindowStationW
GetProcessWindowStation
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
DispatchMessageW
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
FindWindowA
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
IsRectEmpty
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
PostMessageW
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
CallWindowProcA
SendMessageTimeoutW
DefDlgProcW
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
HttpSendRequestExW
InternetCloseHandle
InternetQueryOptionW
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
WSASetLastError
WSAGetLastError
recv
send
WSASend
select
listen
WSAEventSelect
getpeername
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
ExifTool file metadata
FileAccessDate
2015:01:26 14:37:22+01:00

FileCreateDate
2015:01:26 14:37:22+01:00

Compressed bundles
File identification
MD5 be39759c2e6f2685097deae282692851
SHA1 b614edbec959d9f9cede472dedac249b99046c69
SHA256 5993447f8d1dc4a29c529b11b014eee79196b3a5752285fcbf52682148f237b6
ssdeep
3072:O1UqeDPEobBYTN6jZ4fReG6NkHqQTtwRc6GCCT/oQXbTlOf/mdQgUfTmM:OuqeDPEWBYGkV6NkHq4wpGsYbTi/8Qgy

authentihash 34c571b8854cc142835a1b8839d8fd29ddc02396065f3245f808088c966439bc
imphash 26ad5e61373998943ddbc30739153e5c
File size 161.0 KB ( 164864 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2014-03-11 06:10:00 UTC ( 3 years, 2 months ago )
Last submission 2016-09-15 04:25:07 UTC ( 8 months, 2 weeks ago )
File names 11
tuenti.exe
425.exe
file-6810658_bin
output.22504195.txt
imagen.exe
imagen(1).exe
be39759c2e6f2685097deae282692851
22504195
XYL2K_bot(1).exe.ViR
bot.exe
be39759c2e6f2685097deae282692851.exe
bot (1).exe
03.exe
ZeuS_binary_be39759c2e6f2685097deae282692851.exe
71aacf0849211dd49d43316fe9bfe061a832251c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!