× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a5328f1b17edffaf7f12ebf759ab43c67363799e8e84a2df7596774f252914d
File name: 5a5328f1b17edffaf7f12ebf759ab43c67363799e8e84a2df7596774f252914d.vir
Detection ratio: 38 / 54
Analysis date: 2015-12-17 19:38:41 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.7 20151217
Yandex TrojanSpy.Zbot!PJPJEyBkym8 20151217
AhnLab-V3 Trojan/Win32.Zbot 20151217
Antiy-AVL Trojan/Win32.SGeneric 20151217
Arcabit Trojan.Lethic.Gen.7 20151217
Avast Win32:Zbot-UHB [Trj] 20151217
AVG Luhe.Fiha.A 20151217
Avira (no cloud) TR/Crypt.ZPACK.Gen9 20151217
AVware Trojan.Win32.Generic!BT 20151217
Baidu-International Trojan.Win32.Zbot.AAO 20151217
BitDefender Trojan.Lethic.Gen.7 20151217
Bkav W32.HfsIemusi.D472 20151217
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151217
Comodo UnclassifiedMalware 20151217
DrWeb Trojan.PWS.Panda.2401 20151217
Emsisoft Trojan.Lethic.Gen.7 (B) 20151217
ESET-NOD32 Win32/Spy.Zbot.AAO 20151217
F-Secure Trojan.Lethic.Gen.7 20151217
Fortinet W32/Kryptik.AHOB!tr 20151217
GData Trojan.Lethic.Gen.7 20151217
Ikarus Trojan-Spy.Zbot 20151217
Jiangmin TrojanSpy.Zbot.eelq 20151217
K7AntiVirus Spyware ( 004abbe21 ) 20151217
K7GW Spyware ( 004abbe21 ) 20151217
Kaspersky HEUR:Trojan.Win32.Generic 20151217
Malwarebytes Trojan.Agent 20151217
McAfee PWSZbot-FEGS!A20207CF0B4F 20151217
McAfee-GW-Edition PWSZbot-FEGS!A20207CF0B4F 20151217
Microsoft PWS:Win32/Zbot 20151217
eScan Trojan.Lethic.Gen.7 20151217
NANO-Antivirus Trojan.Win32.Panda.cxteug 20151217
nProtect Trojan.Lethic.Gen.7 20151217
Panda Trj/CI.A 20151217
Rising PE:Malware.FakePDF@CV!1.9C3A [F] 20151217
Sophos Troj/Agent-AGYV 20151217
Tencent Win32.Trojan.Falsesign.Lify 20151217
VIPRE Trojan.Win32.Generic!BT 20151217
ViRobot Trojan.Win32.S.Agent.349416[h] 20151217
AegisLab 20151217
Alibaba 20151208
ByteHero 20151217
ClamAV 20151217
CMC 20151217
Cyren 20151217
F-Prot 20151217
SUPERAntiSpyware 20151217
Symantec 20151217
TheHacker 20151215
TotalDefense 20151217
TrendMicro 20151217
TrendMicro-HouseCall 20151217
VBA32 20151217
Zillya 20151217
Zoner 20151217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Supersoft
File version 0.0.0.0
Signature verification Signed file, verified signature
Signing date 9:57 PM 4/30/2014
Signers
[+] Supersoft
Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Issuer None
Valid from 9:26 AM 9/30/2012
Valid to 12:59 AM 1/1/2040
Valid usage Code Signing
Algorithm SHA1
Thumbprint D9AD4E74FE2CD095ABE00FB8893CE200CAC74F0A
Serial number 6B 50 25 4A 40 C7 CF B1 4A 40 50 56 B8 F0 42 72
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-29 01:39:05
Entry Point 0x08000000
Number of sections 7
PE sections
Overlays
MD5 9439f0c5962a014f811735a64421ece9
File type data
Offset 344576
Size 4840
Entropy 7.57
Number of PE resources by type
RT_ICON 3
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Process default

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
342016

EntryPoint
0x8000000

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2014:04:29 02:39:05+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1536

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a20207cf0b4f679f6be549d1797f289f
SHA1 b23079fe7118af433e8b16ae1c07c87d3eed45e3
SHA256 5a5328f1b17edffaf7f12ebf759ab43c67363799e8e84a2df7596774f252914d
ssdeep
6144:XsytjSgK8c2ZaX0KXs9ocrla9FwU2cXxq1IeljHmvTMS:dnK8Dkhs9oyE9FTSjIMS

authentihash 9b699e0b0c5a4ad91449220e9ffa006127f87358cf4da9d11a9831c84a20f1af
File size 341.2 KB ( 349416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-05-03 07:44:24 UTC ( 3 years, 1 month ago )
Last submission 2015-12-17 19:38:41 UTC ( 1 year, 6 months ago )
File names 5a5328f1b17edffaf7f12ebf759ab43c67363799e8e84a2df7596774f252914d.vir
Crypted.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!