× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ae5a42afd0409210d0e95c1c55a53e34aefa5e0dde960548d527b335a246976
File name: 3o79JYz
Detection ratio: 44 / 57
Analysis date: 2016-05-13 10:48:59 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.FakeAlert.28 20160513
ALYac Gen:Variant.FakeAlert.28 20160513
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160513
Arcabit Trojan.FakeAlert.28 20160513
AVG PSW.Generic11.RCU 20160513
Avira (no cloud) TR/Crypt.ZPACK.Gen 20160513
AVware Packer.Win32.Mystic.a (v) 20160511
Baidu Win32.Trojan.WisdomEyes.151026.9950.10000 20160513
Baidu-International Trojan.Win32.Zbot.YW 20160513
BitDefender Gen:Variant.FakeAlert.28 20160513
Bkav HW32.Packed.D9F4 20160512
CAT-QuickHeal TrojanSpy.Zbot.r3 20160512
Comodo TrojWare.Win32.Kryptik.AOBO 20160513
Cyren W32/Troj_Obfusc.BD.gen!Eldorado 20160513
DrWeb Trojan.PWS.Panda.786 20160513
Emsisoft Gen:Variant.FakeAlert.28 (B) 20160513
ESET-NOD32 Win32/Spy.Zbot.YW 20160513
F-Prot W32/Troj_Obfusc.BD.gen!Eldorado 20160513
F-Secure Gen:Variant.FakeAlert.28 20160513
Fortinet W32/Kryptik.XUW!tr 20160513
GData Gen:Variant.FakeAlert.28 20160513
Ikarus Trojan-PWS.Win32.Zbot 20160513
Jiangmin TrojanSpy.Zbot.dcqt 20160513
K7AntiVirus Riskware ( 0040eff71 ) 20160513
K7GW Riskware ( 0040eff71 ) 20160513
Kaspersky HEUR:Trojan.Win32.Generic 20160513
Malwarebytes Trojan.Zbot.Gen 20160513
McAfee PWS-Zbot-FBAJ!437716E7324E 20160513
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160513
Microsoft PWS:Win32/Zbot!ZA 20160513
eScan Gen:Variant.FakeAlert.28 20160513
NANO-Antivirus Trojan.Win32.Panda.briybs 20160513
Panda Trj/Genetic.gen 20160512
Qihoo-360 Win32/Trojan.da0 20160513
Rising Malware.XPACK-HIE/Heur!1.9C48 20160513
Sophos Troj/Zbot-FDD 20160513
Symantec Infostealer.Limitail 20160513
Tencent Win32.Trojan-spy.Zbot.Pbpf 20160513
TotalDefense Win32/Zbot.HCD 20160512
TrendMicro TROJ_SPNR.35FE13 20160513
TrendMicro-HouseCall TROJ_SPNR.15FE13 20160513
VIPRE Packer.Win32.Mystic.a (v) 20160513
Yandex TrojanSpy.Zbot!WWcJ+XrJdts 20160510
Zillya Trojan.Zbot.Win32.126007 20160513
AegisLab 20160513
AhnLab-V3 20160513
Alibaba 20160513
Avast 20160513
ClamAV 20160513
CMC 20160510
Kingsoft 20160513
nProtect 20160513
SUPERAntiSpyware 20160513
TheHacker 20160513
VBA32 20160512
ViRobot 20160513
Zoner 20160513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
xdrFjE8

Product U2N8d1MKRPx
Original name NyKQNg
Internal name 3o79JYz
File version 230.42.32481.14486
Description 19I64jrtEDH
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-03-10 19:37:16
Entry Point 0x0000761C
Number of sections 3
PE sections
Overlays
MD5 ede3b144847ef850b7775e39dcc9138d
File type data
Offset 135680
Size 705
Entropy 7.72
PE imports
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgSelectCA
CryptUIWizExport
RetrievePKCS7FromCA
CryptUIDlgSelectStoreW
CryptUIDlgSelectCertificateA
CryptUIWizImport
CryptUIWizFreeCertRequestNoDS
ACUIProviderInvokeUI
CryptUIGetCertificatePropertiesPagesA
I_CryptUIProtect
CryptUIDlgViewCertificateW
CryptUIWizDigitalSign
CryptUIWizCreateCertRequestNoDS
I_CryptUIProtectFailure
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgSelectCertificateFromStore
CryptUIDlgFreeCAContext
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewCTLW
CryptUIDlgViewCertificatePropertiesW
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewCRLA
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewContext
SetDIBits
GdiFixUpHandle
GetWindowExtEx
CreateHalftonePalette
GetGlyphOutlineW
EngStretchBlt
SetDCBrushColor
GdiGetSpoolMessage
GdiIsMetaFileDC
GetObjectType
CreateEllipticRgn
SetDCPenColor
GetEnhMetaFileDescriptionA
GetBitmapDimensionEx
AngleArc
RemoveFontResourceExW
RectVisible
GdiTransparentBlt
GetETM
MirrorRgn
GetStockObject
GetAspectRatioFilterEx
RemoveFontResourceTracking
ExtSelectClipRgn
EngStretchBltROP
EngComputeGlyphSet
EndPage
ArcTo
DdEntry46
GdiQueryTable
EnableEUDC
CreateColorSpaceW
SetWindowOrgEx
BeginPath
CreateFontIndirectExW
GetSystemTime
AttachConsole
CreateJobObjectA
RequestDeviceWakeup
DeleteFiber
GetSystemWindowsDirectoryW
SetVolumeMountPointA
WriteConsoleInputVDMW
LoadLibraryA
ConvertFiberToThread
FatalAppExitW
CreateActCtxW
SetTapePosition
RegisterConsoleIME
GetConsoleInputExeNameA
RequestWakeupLatency
GetConsoleTitleA
GetLogicalDrives
CreateProcessInternalA
GetModuleHandleA
RtlCaptureStackBackTrace
FindFirstFileExA
EnumSystemLanguageGroupsA
FindResourceExW
GetStartupInfoA
CreateHardLinkW
EnumResourceLanguagesA
FindFirstFileW
GetACP
GetDiskFreeSpaceA
IsValidLanguageGroup
LocalSize
SetHandleContext
GlobalAlloc
FindClose
GetConsoleAliasExesLengthW
BaseCheckAppcompatCache
GlobalGetAtomNameA
VirtualAlloc
SetLastError
ZwSetEvent
ZwQueryTimerResolution
RtlAppendPathElement
ZwReleaseMutant
RtlLargeIntegerArithmeticShift
wcstol
NtSetLowEventPair
RtlSetTimeZoneInformation
NtSetInformationThread
ZwWaitHighEventPair
_alldiv
NtQueryDefaultUILanguage
RtlUniform
RtlEqualUnicodeString
NtReplyWaitReceivePort
NtWaitHighEventPair
ZwSaveMergedKeys
NtQueryInformationThread
NtQueryTimerResolution
RtlApplyRXactNoFlush
NtNotifyChangeKey
_vsnprintf
RtlIpv4AddressToStringW
ZwAreMappedFilesTheSame
ZwOpenProcessTokenEx
RtlReleaseResource
NtCreateToken
ZwQueryIntervalProfile
RtlUnlockHeap
Number of PE resources by type
RT_STRING 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
GREEK NEUTRAL 1
ENGLISH CAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
0.0.18879.38099

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
133120

EntryPoint
0x761c

OriginalFileName
NyKQNg

MIMEType
application/octet-stream

LegalCopyright
xdrFjE8

FileVersion
230.42.32481.14486

TimeStamp
2006:03:10 20:37:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
3o79JYz

ProductVersion
6.63.35918.16993

FileDescription
19I64jrtEDH

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ecvfVyv

CodeSize
63488

ProductName
U2N8d1MKRPx

ProductVersionNumber
0.0.18879.38099

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 437716e7324ea86c99474e305df0b210
SHA1 42e7ca2b21c859c39666e2c5e8e333b0247ab602
SHA256 5ae5a42afd0409210d0e95c1c55a53e34aefa5e0dde960548d527b335a246976
ssdeep
3072:eVXhzCj7ZotEgFQcOT5vM6+DiUlMcf3NX9qC4Gk:SXQZot3FBuM6WlMcfPYL

authentihash 8ff7397ff17ed75ebab2aadf5078350a671f67195a502d172c1554d96d124cd0
imphash bb79c21364f6fb2fe610916f4af5edeb
File size 133.2 KB ( 136385 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-05-18 09:26:48 UTC ( 3 years, 10 months ago )
Last submission 2014-05-16 08:52:11 UTC ( 2 years, 10 months ago )
File names 437716e7324ea86c99474e305df0b210
csrss.exe
3o79JYz
ZeuS_binary_437716e7324ea86c99474e305df0b210.exe
NyKQNg
output.11154999.txt
11154999
437716e7324ea86c99474e305df0b210.exe
csrss10.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!