× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23
File name: bot32.exe
Detection ratio: 26 / 56
Analysis date: 2016-11-08 15:14:50 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Boigy.1 20161108
ALYac Gen:Variant.Boigy.1 20161108
Arcabit Trojan.Boigy.1 20161108
Avast Sf:Crypt-BT [Trj] 20161108
Avira (no cloud) TR/Kazy.MK 20161108
AVware Trojan.Win32.Zbot.n (v) 20161108
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161107
BitDefender Gen:Variant.Boigy.1 20161108
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Emsisoft Gen:Variant.Boigy.1 (B) 20161108
ESET-NOD32 a variant of Win32/Spy.Zbot.YW 20161108
F-Secure Gen:Variant.Boigy.1 20161108
GData Gen:Variant.Boigy.1 20161108
Ikarus Trojan-Spy.Win32.Zbot 20161108
Sophos ML backdoor.win32.tofsee.f 20161018
Kaspersky HEUR:Trojan.Win32.Generic 20161108
McAfee PWS-Zbot.gen.aov 20161108
McAfee-GW-Edition BehavesLike.Win32.ZBot.ct 20161108
Microsoft PWS:Win32/Zbot.gen!Y 20161108
eScan Gen:Variant.Boigy.1 20161108
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161108
SUPERAntiSpyware Trojan.Agent/Gen-MalPE 20161108
Symantec Heur.AdvML.B 20161108
TrendMicro Cryp_Xin1 20161108
TrendMicro-HouseCall Cryp_Xin1 20161108
VIPRE Trojan.Win32.Zbot.n (v) 20161108
AegisLab 20161108
AhnLab-V3 20161108
Alibaba 20161108
Antiy-AVL 20161108
AVG 20161108
Bkav 20161108
CAT-QuickHeal 20161108
ClamAV 20161108
CMC 20161108
Comodo 20161108
Cyren 20161108
DrWeb 20161108
F-Prot 20161108
Fortinet 20161108
Jiangmin 20161108
K7AntiVirus 20161108
K7GW 20161108
Kingsoft 20161108
Malwarebytes 20161108
NANO-Antivirus 20161108
nProtect 20161108
Panda 20161108
Rising 20161108
Sophos AV 20161108
Tencent 20161108
TheHacker 20161106
VBA32 20161108
ViRobot 20161108
Yandex 20161107
Zillya 20161108
Zoner 20161108
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-05 10:19:17
Entry Point 0x00013674
Number of sections 3
PE sections
Overlays
MD5 a06d2590c6f58fe7887eae20d11ea8b8
File type ASCII text
Offset 116224
Size 73238
Entropy 0.00
PE imports
SetSecurityDescriptorDacl
OpenThreadToken
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
CryptGetHashParam
SetNamedSecurityInfoW
CryptAcquireContextW
AdjustTokenPrivileges
CryptReleaseContext
LookupPrivilegeValueW
GetSidSubAuthorityCount
CryptHashData
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
CryptDestroyHash
CryptCreateHash
CertCloseStore
GetNativeSystemInfo
HeapFree
FileTimeToDosDateTime
UnmapViewOfFile
RemoveDirectoryW
FreeLibrary
HeapDestroy
HeapAlloc
SystemTimeToFileTime
LoadLibraryA
GetCurrentProcess
FileTimeToLocalFileTime
SetFilePointerEx
GetFileInformationByHandle
WaitForMultipleObjects
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
GetTempPathW
GetVolumeNameForVolumeMountPointW
GetModuleHandleW
GetTimeZoneInformation
HeapCreate
Sleep
IsBadReadPtr
SetEndOfFile
OutputDebugStringA
GetProcAddress
SHGetFolderPathW
PathMatchSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsURLW
StrCmpNIA
PathAddExtensionW
PathSkipRootW
UrlUnescapeA
PathCombineW
PathRemoveBackslashW
wsprintfA
MessageBoxA
LoadImageW
CharUpperW
DispatchMessageW
getaddrinfo
WSAEventSelect
recvfrom
freeaddrinfo
getsockname
sendto
getpeername
recv
select
CLSIDFromString
CoCreateInstance
CoInitialize
StringFromGUID2
File identification
MD5 e54d28a24c976348c438f45281d68c54
SHA1 3cd014e2ebdb8dd679deb70cd1005b0a2b8283e7
SHA256 5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23
ssdeep
3072:ptvcXB6KQz5V5d9S6AjENWV3SFM5w5WC:pBXKQzj5ddAGWby5WC

authentihash 5a2467f7bb55214b5fe6097b51965c6368f21120032f2fd048306b9beefb0168
imphash d1725cb90f5a8c53782cd2b010db093e
File size 185.0 KB ( 189462 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (38.8%)
DOS Executable Borland Pascal 7.0x (17.5%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Music Craft Score (8.6%)
Tags
mz overlay

VirusTotal metadata
First submission 2016-11-08 15:14:50 UTC ( 2 years, 6 months ago )
Last submission 2016-11-08 15:14:50 UTC ( 2 years, 6 months ago )
File names bot32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications