× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5be9ca1bb763b14e916029d1cac2627877ee90289b65d1f9e76d155c09001c0e
File name: 8b4c79b700dc6a47bc501f0359e0d2d4e8d1ee28
Detection ratio: 25 / 51
Analysis date: 2014-05-24 12:40:38 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1691509 20140524
AntiVir TR/Crypt.EPACK.16637 20140524
Avast Win32:Dropper-gen [Drp] 20140524
AVG Crypt3.SBO 20140524
Baidu-International Trojan.Win32.Kryptik.BBYCV 20140524
BitDefender Trojan.GenericKD.1691509 20140524
Emsisoft Trojan.GenericKD.1691509 (B) 20140524
ESET-NOD32 a variant of Win32/Kryptik.BYCV 20140524
F-Secure Trojan.GenericKD.1691509 20140524
Fortinet W32/Zbot.BYCV!tr 20140524
GData Trojan.GenericKD.1691509 20140524
Kaspersky Trojan-Spy.Win32.Zbot.swyh 20140524
Malwarebytes Trojan.PWS.Zbot 20140524
McAfee RDN/Generic PWS.y!zr 20140524
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140523
Microsoft PWS:Win32/Zbot 20140524
eScan Trojan.GenericKD.1691509 20140524
Norman Suspicious_Gen4.GIVYY 20140524
Panda Generic Malware 20140523
Qihoo-360 HEUR/Malware.QVM19.Gen 20140524
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140522
Sophos AV Mal/Generic-S 20140524
Symantec WS.Reputation.1 20140524
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140524
TrendMicro-HouseCall TROJ_GEN.R0CBH01EO14 20140524
Yandex 20140523
AhnLab-V3 20140524
Antiy-AVL 20140524
Bkav 20140523
ByteHero 20140524
CAT-QuickHeal 20140524
ClamAV 20140524
CMC 20140523
Commtouch 20140524
Comodo 20140524
DrWeb 20140524
F-Prot 20140524
Ikarus 20140524
Jiangmin 20140524
K7AntiVirus 20140523
K7GW 20140523
Kingsoft 20140524
NANO-Antivirus 20140524
nProtect 20140523
SUPERAntiSpyware 20140524
TheHacker 20140523
TotalDefense 20140524
TrendMicro 20140524
VBA32 20140523
VIPRE 20140524
ViRobot 20140524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-26 02:59:52
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CallNamedPipeW
GlobalGetAtomNameW
GetSystemInfo
GetEnvironmentStringsA
GetTapeStatus
QueryPerformanceCounter
SetThreadPriorityBoost
GlobalUnlock
FillConsoleOutputCharacterW
EndUpdateResourceA
CreatePipe
Process32First
WritePrivateProfileSectionW
SetCommMask
GetBinaryTypeA
GetProfileStringW
AssignProcessToJobObject
CreateDirectoryExW
GetPrivateProfileSectionA
LocalFlags
FindNextFileW
SetNamedPipeHandleState
GlobalAddAtomA
SetUnhandledExceptionFilter
GetStringTypeExA
SetHandleInformation
SetThreadExecutionState
WriteProfileSectionA
GetProcessShutdownParameters
GetEnvironmentVariableA
SearchPathA
AllocConsole
ReadFileEx
LocalShrink
PrepareTape
Number of PE resources by type
RT_BITMAP 1
Number of PE resources by language
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:04:26 03:59:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
250368

LinkerVersion
1.64

EntryPoint
0x1000

InitializedDataSize
29696

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 9276bf0315a3036256f444604e2cd7d5
SHA1 89506bfaa91751186a4ed70242290bdde28f927d
SHA256 5be9ca1bb763b14e916029d1cac2627877ee90289b65d1f9e76d155c09001c0e
ssdeep
3072:PdaSaQeN1N7bmER8veDT3DLwO9vcni0KuF:Pd7eNPRB3Pw6GXKu

authentihash 7a70647569652617097e599e483e87a7c3829fc873a7b4e2d68aee537cf2ed50
imphash 96fd0af69975f5d899023d1a34f34630
File size 296.0 KB ( 303104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-23 15:49:10 UTC ( 4 years, 10 months ago )
Last submission 2014-05-24 12:40:38 UTC ( 4 years, 10 months ago )
File names 1.exe
9276bf0315a3036256f444604e2cd7d5
5be9ca1bb763b14e916029d1cac2627877ee90289b65d1f9e76d155c09001c0e.exe
8b4c79b700dc6a47bc501f0359e0d2d4e8d1ee28
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.