× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a955c40d95b45dc5905ae93bdc89575e0ef8396a1183b0b40d2030afa821af7
File name: b9cd23b5375bd232b5b6ebcae946d6bb
Detection ratio: 32 / 56
Analysis date: 2015-04-30 03:59:52 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.13110681 20150430
Yandex TrojanSpy.Zbot!oyD95qQf1EE 20150428
ALYac Trojan.Generic.13110681 20150430
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150430
Avast Win32:Malware-gen 20150430
AVG Zbot.AAJF 20150429
AVware Trojan.Win32.Generic.pak!cobra 20150430
Baidu-International Trojan.Win32.Zbot.vgzu 20150426
BitDefender Trojan.Generic.13110681 20150430
CAT-QuickHeal TrojanPWS.Zbot.A5 20150429
Emsisoft Trojan.Generic.13110681 (B) 20150430
ESET-NOD32 Win32/Spy.Zbot.ACB 20150430
F-Secure Trojan.Generic.13110681 20150430
Fortinet W32/Zbot.ACB!tr 20150430
GData Trojan.Generic.13110681 20150430
K7AntiVirus Spyware ( 004b89a11 ) 20150429
K7GW Spyware ( 004b89a11 ) 20150429
Kaspersky Trojan-Spy.Win32.Zbot.vgzu 20150429
McAfee RDN/Generic PWS.y!bdn 20150430
McAfee-GW-Edition BehavesLike.Win32.Spyware.fh 20150430
Microsoft VirTool:Win32/Obfuscator.ALX 20150429
eScan Trojan.Generic.13110681 20150430
NANO-Antivirus Trojan.Win32.Zbot.dqaaho 20150430
nProtect Trojan.Generic.13110681 20150429
Panda Trj/Genetic.gen 20150429
Sophos AV Mal/Generic-S 20150430
Symantec Trojan.Gen.2 20150430
Tencent Trojan.Win32.Qudamah.Gen.6 20150430
TrendMicro TROJ_FORUCON.BMC 20150430
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150430
VIPRE Trojan.Win32.Generic.pak!cobra 20150430
Zillya Trojan.Zbot.Win32.177349 20150429
AegisLab 20150430
AhnLab-V3 20150429
Alibaba 20150430
Bkav 20150425
ByteHero 20150430
ClamAV 20150430
CMC 20150423
Comodo 20150430
Cyren 20150430
DrWeb 20150430
F-Prot 20150429
Ikarus 20150430
Jiangmin 20150429
Kingsoft 20150430
Malwarebytes 20150430
Norman 20150429
Qihoo-360 20150430
Rising 20150429
SUPERAntiSpyware 20150430
TheHacker 20150429
TotalDefense 20150429
VBA32 20150429
ViRobot 20150430
Zoner 20150429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014 Hippo Studios. All rights reserved.

Product Hippo Locale Changer
Original name Locale.exe
Internal name Locale Changer
File version 20.28.2014.5
Description Hippo Locale Changer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-31 16:34:02
Entry Point 0x00003BD0
Number of sections 6
PE sections
PE imports
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextA
PatBlt
CreatePen
TextOutA
GetTextMetricsA
MaskBlt
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetDCPenColor
SetBkMode
SetPixel
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateBitmap
MoveToEx
GetStockObject
SetPixelFormat
SetTextAlign
CreateCompatibleDC
SelectObject
CreateSolidBrush
DeleteObject
Ellipse
CreatePenIndirect
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetConsoleMode
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetHandleCount
UnhandledExceptionFilter
HeapQueryInformation
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
LeaveCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
Thread32Next
Thread32First
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
InterlockedDecrement
GetFileType
EnumDateFormatsA
TlsSetValue
HeapAlloc
OutputDebugStringA
IsBadReadPtr
HeapCreate
WriteConsoleW
InterlockedIncrement
StrChrA
SetFocus
GetParent
LoadMenuA
GetDlgCtrlID
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
GetSystemMetrics
AppendMenuA
GetWindowRect
EndPaint
MoveWindow
GetWindowDC
SetWindowLongA
GetDC
GetCursorPos
ReleaseDC
BeginPaint
SetWindowTextA
GetWindowLongA
IsWindowVisible
SendMessageA
GetClientRect
CreateMenu
GetDlgItem
RegisterClassA
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
FillRect
AttachThreadInput
CopyRect
GetDesktopWindow
LoadImageA
Number of PE resources by type
RT_DIALOG 7
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
20.28.2014.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
216064

EntryPoint
0x3bd0

OriginalFileName
Locale.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 Hippo Studios. All rights reserved.

FileVersion
20.28.2014.5

TimeStamp
2015:03:31 17:34:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Locale Changer

ProductVersion
20.28.2014.5

FileDescription
Hippo Locale Changer

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hippo Studios

CodeSize
185344

ProductName
Hippo Locale Changer

ProductVersionNumber
20.28.2014.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b9cd23b5375bd232b5b6ebcae946d6bb
SHA1 74c0640106d6db0c4b4c8d9766312139a42be700
SHA256 5a955c40d95b45dc5905ae93bdc89575e0ef8396a1183b0b40d2030afa821af7
ssdeep
12288:RGMXEa1FiZqihVzDjlr2EOgZKVkQM1PxCT:RGk1GrpjEwZKVR0xCT

authentihash 788b1339d4accbfb65be799d4ba8ce3935c631469b85092f2476c7b6aebd4e5e
imphash f473fbaf46349842d0bbb42cf7e7aa9e
File size 393.0 KB ( 402432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-30 03:59:52 UTC ( 3 years, 10 months ago )
Last submission 2015-04-30 03:59:52 UTC ( 3 years, 10 months ago )
File names Locale.exe
Locale Changer
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications