× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c2c5f08512100e74841d873108dda6ad1ff95bd99c9ff25f190dcabba5c42ee
File name: c30825c55ddd1b3d93ee6141d44c78ef
Detection ratio: 51 / 54
Analysis date: 2014-06-13 05:33:45 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Neshta.C 20140613
Yandex Win32.Masha.B 20140612
AhnLab-V3 Win32/Neshta 20140612
AntiVir W32/Delf.I 20140612
Antiy-AVL Virus/Win32.Neshta 20140611
Avast Win32:Apanas [Trj] 20140613
AVG Win32/Selges.D 20140613
Baidu-International Virus.Win32.Neshta.$a 20140612
BitDefender Win32.Neshta.C 20140613
Bkav W32.HanGu.PE 20140612
CAT-QuickHeal W32.Neshta.B 20140613
ClamAV Neshta.B 20140613
CMC Virus.Win32.Neshta!O 20140613
Commtouch W32/HLLP.EPJG-6217 20140613
Comodo Win32.Neshta.B 20140613
DrWeb Win32.HLLP.Neshta 20140613
Emsisoft Win32.Neshta.C (B) 20140613
ESET-NOD32 Win32/Neshta.B 20140613
F-Prot W32/HLLP.41472 20140613
F-Secure Win32.Neshta.C 20140613
Fortinet W32/Delf.L 20140613
GData Win32.Neshta.C 20140613
Ikarus Virus.Win32.Neshta 20140613
Jiangmin Virus.Neshta.b 20140613
K7AntiVirus Virus ( 700000131 ) 20140612
K7GW Virus ( 700000131 ) 20140612
Kaspersky Virus.Win32.Neshta.b 20140613
Kingsoft Win32.Neshta.a.41472 20140613
Malwarebytes Virus.Neshta 20140613
McAfee W32/HLLP.41472 20140613
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20140613
Microsoft Virus:Win32/Neshta.B 20140613
eScan Win32.Neshta.C 20140613
NANO-Antivirus Virus.Win32.Neshta.flln 20140613
Norman Neshta.C 20140612
nProtect Win32.Neshta.C 20140612
Panda W32/Neshta.C 20140612
Qihoo-360 Virus.Win32.Neshta.B 20140613
Rising PE:Win32.Agent.dc!1442607 20140612
Sophos W32/Bloat-A 20140613
Symantec W32.Neshuta 20140613
Tencent Virus.Win32.Neshta.a 20140613
TheHacker W32/Netshta.gen 20140612
TotalDefense Win32/Neshta.C 20140612
TrendMicro PE_NESHTA.A 20140613
TrendMicro-HouseCall PE_NESHTA.A 20140613
VBA32 Virus.Win32.Neshta.b 20140612
VIPRE Virus.Win32.Neshta.a (v) 20140613
ViRobot Win32.Neshta.C 20140613
Zillya Virus.Neshta.Win32.2 20140612
Zoner Win32.Neshta.A 20140611
AegisLab 20140613
ByteHero 20140613
SUPERAntiSpyware 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00008178
Number of sections 8
PE sections
Overlays
MD5 82cab9e4fb95f2cdf9cfc0b68a96d7b5
File type data
Offset 41472
Size 379251
Entropy 6.85
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetDIBits
GetObjectA
DeleteDC
SelectObject
CreateSolidBrush
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
StretchDIBits
GetLastError
GetStdHandle
EnterCriticalSection
ReleaseMutex
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
GetFileSize
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
CloseHandle
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
FindNextFileA
GetCurrentThreadId
SetFileAttributesA
GetDriveTypeA
LocalFree
GetLogicalDriveStringsA
GetLocalTime
InitializeCriticalSection
VirtualFree
FindClose
TlsGetValue
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
ExtractIconA
ShellExecuteA
ReleaseDC
GetIconInfo
DestroyIcon
FillRect
MessageBoxA
CharLowerBuffA
GetSysColor
GetKeyboardType
GetDC
CopyImage
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

EntryPoint
0x8178

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c30825c55ddd1b3d93ee6141d44c78ef
SHA1 f4e17c0cdc0deabee067dbdccbaa2bef982efda2
SHA256 5c2c5f08512100e74841d873108dda6ad1ff95bd99c9ff25f190dcabba5c42ee
ssdeep
6144:PuXr1lglQzHAxiMN5ILpCQhX7Gt1GcIuVxnDZAJEa+A9:KBlgly6ILD5GacJfDta+A9

authentihash 621f28a03c8850d1f918cd7cbac58e62b573aba93a465c514ff7aaf2e9270db3
imphash 9f4693fc0c511135129493f2161d1e86
File size 410.9 KB ( 420723 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-06-13 05:33:10 UTC ( 2 years, 9 months ago )
Last submission 2016-10-14 03:48:46 UTC ( 5 months, 1 week ago )
File names c30825c55ddd1b3d93ee6141d44c78ef.exe
1860034
c30825c55ddd1b3d93ee6141d44c78ef
bot.exe
ZeuS_binary_c30825c55ddd1b3d93ee6141d44c78ef.exe
file-7414081_exe
0696639a5809b57d4eccaddd8d9801e4fa4f4c4e
ZeuS_binary_c30825c55ddd1b3d93ee6141d44c78ef_HIGH.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.