× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5aa266ba218f49a858d9c01e6399717c8f7029febf9ac09b3748728e3a956140
File name: 66ba218f49a858d9c01e6399717c8f7029febf9ac09b3748728e3a956140.bin
Detection ratio: 2 / 57
Analysis date: 2015-03-24 11:05:44 UTC ( 2 years ago ) View latest
Antivirus Result Update
Microsoft PWS:Win32/Zbot.gen!VM 20150324
Tencent Trojan.Win32.Qudamah.Gen.1 20150324
Ad-Aware 20150324
AegisLab 20150324
Yandex 20150322
AhnLab-V3 20150324
Alibaba 20150324
ALYac 20150324
Antiy-AVL 20150324
Avast 20150324
AVG 20150324
Avira (no cloud) 20150327
AVware 20150324
Baidu-International 20150324
BitDefender 20150324
Bkav 20150323
ByteHero 20150324
CAT-QuickHeal 20150324
ClamAV 20150324
CMC 20150324
Comodo 20150324
Cyren 20150324
DrWeb 20150324
Emsisoft 20150324
ESET-NOD32 20150324
F-Prot 20150324
F-Secure 20150324
Fortinet 20150324
GData 20150324
Ikarus 20150324
Jiangmin 20150323
K7AntiVirus 20150324
K7GW 20150324
Kaspersky 20150324
Kingsoft 20150324
Malwarebytes 20150324
McAfee 20150324
McAfee-GW-Edition 20150323
eScan 20150324
NANO-Antivirus 20150324
Norman 20150324
nProtect 20150324
Panda 20150324
Qihoo-360 20150324
Rising 20150324
Sophos 20150324
SUPERAntiSpyware 20150323
Symantec 20150324
TheHacker 20150323
TotalDefense 20150324
TrendMicro 20150324
TrendMicro-HouseCall 20150324
VBA32 20150322
VIPRE 20150324
ViRobot 20150324
Zillya 20150323
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-23 17:48:45
Entry Point 0x00002A00
Number of sections 4
PE sections
PE imports
TextOutA
LineTo
SetMapMode
EnumFontFamiliesA
SetBkMode
MoveToEx
CreatePen
SaveDC
SetWindowExtEx
BeginPath
StrokePath
EndPath
SelectObject
CreateBitmapIndirect
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetCurrentProcessId
HeapQueryInformation
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
CompareStringW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
LeaveCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
HeapValidate
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
DecodePointer
InterlockedDecrement
GetFileType
GetTickCount
TlsSetValue
ExitProcess
OutputDebugStringA
IsBadReadPtr
WriteConsoleW
InterlockedIncrement
NetShareGetInfo
MapVirtualKeyA
SetWindowTextA
GetKeyState
GetKeyboardState
GetKeyboardLayout
EndPaint
BeginPaint
GetDesktopWindow
CreateDialogParamA
GetWindowTextA
GetWindow
ToAsciiEx
EnableMenuItem
GetAncestor
GetSysColor
GetDC
DestroyWindow
GetUrlCacheEntryInfoA
waveOutPrepareHeader
waveOutWrite
waveOutOpen
waveOutClose
CoCreateGuid
Number of PE resources by type
RT_ICON 3
RT_BITMAP 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:23 18:48:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
140288

LinkerVersion
10.0

EntryPoint
0x2a00

InitializedDataSize
295936

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 7e3b8c6062f7f11fef7cd66d068539c7
SHA1 7714457c441cf6e173f96c477fde08f7f8aceb9c
SHA256 5aa266ba218f49a858d9c01e6399717c8f7029febf9ac09b3748728e3a956140
ssdeep
12288:BEyfwhCIvWLalbcCEbBameSFPFfdQTt1Vi:8hCIuOxEbcmrFot1w

authentihash 501e7ff89524549d930058258e4d0f576308ff20c7360b5dffe46c328efa710e
imphash f462fa38a350fcc01489864ec0356565
File size 427.0 KB ( 437248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-24 11:05:44 UTC ( 2 years ago )
Last submission 2016-12-21 11:44:24 UTC ( 3 months ago )
File names 5aa266ba218f49a858d9c01e6399717c8f7029febf9ac09b3748728e3a956140.EXE
7E3B8C6062F7F11FEF7CD66D068539C7
66ba218f49a858d9c01e6399717c8f7029febf9ac09b3748728e3a956140.bin
5aa266ba218f49a858d9c01e6399717c8f7029febf9ac09b3748728e3a956140
7E3B8C6062F7F11FEF7CD66D068539C7.exe
ZeuS_binary_7e3b8c6062f7f11fef7cd66d068539c7.exe
03.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.