× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d3a617c3c1e11821c6cb4c941f615259bcfbb9009fc84c5466e592360280e48
File name: dab9eaf78a2de4e62ac797fb2115eb50.exe
Detection ratio: 40 / 57
Analysis date: 2016-11-03 21:05:55 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.10246400 20161103
AegisLab Troj.Spy.W32.Zbot.qwwu!c 20161103
AhnLab-V3 Spyware/Win32.Zbot.C239426 20161103
ALYac Trojan.Generic.10246400 20161103
Antiy-AVL Trojan[Spy]/Win32.Zbot 20161103
Arcabit Trojan.Generic.D9C5900 20161103
AVG PSW.Generic12.ROE 20161103
Avira (no cloud) DR/Delphi.Gen 20161103
AVware Trojan.Win32.Generic!BT 20161103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20161103
BitDefender Trojan.Generic.10246400 20161103
CMC Trojan-Spy.Win32.Zbot!O 20161103
Comodo UnclassifiedMalware 20161103
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.PWS.Panda.655 20161103
Emsisoft Trojan-Spy.Win32.Zbot (A) 20161103
ESET-NOD32 a variant of Win32/Injector.ATZK 20161103
F-Secure Trojan.Generic.10246400 20161103
Fortinet W32/Injector.fam!tr 20161103
GData Trojan.Generic.10246400 20161103
Ikarus Trojan-Spy.Win32.Zbot 20161103
Invincea backdoor.win32.ircbot.dl 20161018
K7AntiVirus Trojan ( 004916091 ) 20161103
K7GW Trojan ( 004916091 ) 20161103
Kaspersky HEUR:Trojan.Win32.Generic 20161103
Malwarebytes Trojan.Zbot 20161103
McAfee Artemis!DAB9EAF78A2D 20161103
McAfee-GW-Edition BehavesLike.Win32.PWSGamania.cc 20161103
Microsoft PWS:Win32/Zbot 20161103
eScan Trojan.Generic.10246400 20161103
NANO-Antivirus Trojan.Win32.Zbot.creurk 20161103
Panda Generic Suspicious 20161103
Qihoo-360 Win32/Trojan.a48 20161103
Rising Malware.Generic!RmvF2MfhCd@1 (thunder) 20161103
Sophos Mal/Generic-S 20161103
Symantec Heur.AdvML.B 20161103
Tencent Win32.Trojan-spy.Zbot.Wuhd 20161103
VIPRE Trojan.Win32.Generic!BT 20161103
Yandex TrojanSpy.Zbot!HKJGBRCggdE 20161103
Zillya Trojan.Inject.Win32.67763 20161103
Alibaba 20161103
Avast 20161103
Bkav 20161103
CAT-QuickHeal 20161103
ClamAV 20161103
Cyren 20161103
F-Prot 20161103
Jiangmin 20161103
Kingsoft 20161103
nProtect 20161103
SUPERAntiSpyware 20161103
TheHacker 20161101
TotalDefense 20161028
TrendMicro 20161103
TrendMicro-HouseCall 20161103
VBA32 20161103
ViRobot 20161103
Zoner 20161103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000145AC
Number of sections 9
PE sections
Overlays
MD5 3e1629e499fc51037c2da017eedd8de6
File type data
Offset 183808
Size 512
Entropy 7.61
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetDeviceCaps
CreateFontIndirectA
GetLastError
GetStdHandle
EnterCriticalSection
lstrlenA
GlobalFree
WaitForSingleObject
FreeLibrary
MulDiv
ExitProcess
GetThreadLocale
GetVersionExA
GlobalUnlock
GetModuleFileNameA
GlobalHandle
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
GlobalReAlloc
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetDiskFreeSpaceA
GetModuleHandleA
FindFirstFileA
WriteFile
EnumCalendarInfoA
ReadFile
ResetEvent
lstrcpynA
GetACP
GlobalLock
GetCurrentThreadId
GlobalAlloc
GetFullPathNameA
SetEvent
LocalFree
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
SetFocus
GetMessageA
GetSystemMetrics
CreateWindowExA
LoadCursorA
LoadStringA
DispatchMessageA
RegisterClassA
PostQuitMessage
CharNextA
SendMessageA
DefWindowProcA
MessageBoxA
TranslateMessage
GetWindowTextA
ShowWindow
CharToOemA
GetKeyboardType
GetDC
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
79872

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
12288

SubsystemVersion
4.0

EntryPoint
0x145ac

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 dab9eaf78a2de4e62ac797fb2115eb50
SHA1 b68df22d3fe9867bc9d26e166f6a00dbd249c447
SHA256 5d3a617c3c1e11821c6cb4c941f615259bcfbb9009fc84c5466e592360280e48
ssdeep
3072:jQhnKC7Nm3ZqRhiRLxfLFLqTkeGJkm4G4614EyOzRqZVVb4ZNbT+EeIVcYB/Psxh:jiKbkrixF6CUt6T8IP9KxvPkswlC

authentihash 4e23a32c2a421f7f9912d08453aad740a0b667360ca38080d9bd8462babaaa27
imphash c835c1ac2c624a64235b5855358ee492
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (45.2%)
Win32 Dynamic Link Library (generic) (20.9%)
Win32 Executable (generic) (14.3%)
Win16/32 Executable Delphi generic (6.6%)
Generic Win/DOS Executable (6.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-12-12 11:38:15 UTC ( 3 years, 3 months ago )
Last submission 2016-11-03 21:05:55 UTC ( 4 months, 3 weeks ago )
File names dab9eaf78a2de4e62ac797fb2115eb50.exe
file-6331795_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications