× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e714d80a2ba084f08c8fa9227d50b3a23d5d8bb0017347a4259a90f4021c602
File name: 5e714d80a2ba084f08c8fa9227d50b3a23d5d8bb0017347a4259a90f4021c602.bin
Detection ratio: 50 / 56
Analysis date: 2015-08-08 19:32:08 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.165 20150808
Yandex TrojanSpy.Zbot!NnHgntcZaqY 20150808
AhnLab-V3 Trojan/Win32.Zbot 20150808
ALYac Gen:Variant.Kazy.165 20150808
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150808
Arcabit Trojan.Kazy.165 20150808
Avast Win32:GenMalicious-HMV [Trj] 20150808
AVG Generic_s.BI 20150808
Avira (no cloud) TR/Kazy.MK 20150808
AVware Trojan-PWS.Win32.Zbot.aac (v) 20150808
BitDefender Gen:Variant.Kazy.165 20150808
Bkav W32.OnGamesLTEMQFLL.Trojan 20150807
CAT-QuickHeal TrojanPWS.Zbot.Y3 20150808
ClamAV Trojan.Spy.Zbot-142 20150808
Comodo TrojWare.Win32.Kazy.MKD 20150808
Cyren W32/Zbot.BR.gen!Eldorado 20150808
DrWeb BackDoor.Qbot.81 20150808
Emsisoft Gen:Variant.Kazy.165 (B) 20150808
ESET-NOD32 a variant of Win32/Spy.Zbot.YW 20150808
F-Prot W32/Zbot.BR.gen!Eldorado 20150808
F-Secure Trojan-Spy:W32/Zbot.AVTH 20150807
Fortinet W32/Zbot.AT!tr 20150808
GData Gen:Variant.Kazy.165 20150808
Ikarus Trojan-Spy.Win32.Zbot 20150808
Jiangmin Trojan/Generic.qzlo 20150807
K7AntiVirus Spyware ( 002891031 ) 20150808
K7GW Spyware ( 002891031 ) 20150808
Kaspersky HEUR:Trojan.Win32.Generic 20150808
Kingsoft Win32.Troj.Zbot.(kcloud) 20150808
Malwarebytes Spyware.Zbot 20150808
McAfee PWS-Zbot.gen.ds 20150808
McAfee-GW-Edition BehavesLike.Win32.ZBot.ch 20150808
Microsoft Trojan:Win32/Dorv.B!rfn 20150808
eScan Gen:Variant.Kazy.165 20150808
NANO-Antivirus Trojan.Win32.Zbot.rilgh 20150808
nProtect Trojan-Spy/W32.ZBot.141824.AK 20150807
Panda Trj/Genetic.gen 20150808
Qihoo-360 Malware.Radar02.Gen 20150808
Rising PE:Trojan.Win32.Generic.12A2D240!312660544 20150807
Sophos Troj/PWS-BSF 20150808
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20150808
Symantec Trojan.Zbot!gen19 20150808
Tencent Win32.Trojan-Spy.Zbot.xbi 20150808
TheHacker Trojan/Spy.Zbot.diej 20150807
TotalDefense Win32/Zbot.CXZ 20150808
TrendMicro TSPY_ZBOT.SMIG 20150808
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20150808
VBA32 SScope.Trojan.FakeAV.01110 20150807
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20150808
Zillya Trojan.Zbot.Win32.47668 20150808
AegisLab 20150808
Alibaba 20150803
Baidu-International 20150808
ByteHero 20150808
ViRobot 20150808
Zoner 20150808
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-13 19:26:48
Entry Point 0x00015184
Number of sections 3
PE sections
Overlays
MD5 b294d2550e266e87fb0d1ac67f7716cc
File type data
Offset 141312
Size 512
Entropy 7.60
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
CreateCompatibleBitmap
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
GetTempPathW
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
WriteFile
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
WaitForMultipleObjects
GlobalLock
GetTimeZoneInformation
CreateFileW
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
GetMenuItemID
GetCursorPos
ReleaseDC
SendMessageW
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
DrawEdge
GetUserObjectInformationW
GetParent
EqualRect
DefMDIChildProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
GetMessageA
SwitchDesktop
BeginPaint
DefMDIChildProcW
ReleaseCapture
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
SetKeyboardState
GetClassLongW
CreateWindowStationW
PostMessageW
CloseWindowStation
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
DispatchMessageW
GetProcessWindowStation
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
CallWindowProcA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
GetDC
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
DefDlgProcW
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
WSASend
shutdown
getpeername
select
recv
send
WSAGetLastError
listen
WSAEventSelect
WSASetLastError
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
connect
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
File identification
MD5 3cdec9b8c2d8337ed88617249a9800ee
SHA1 e14d30a48805c3ac22020b4d340ee7d77a4648c5
SHA256 5e714d80a2ba084f08c8fa9227d50b3a23d5d8bb0017347a4259a90f4021c602
ssdeep
3072:7tsaTXr2uH0N/BDzh/5jrCIHer7Zmv3HSruNyLamWjMAKdWrc:7Garr2uH0NfYJmaiNyVWPdrc

authentihash 5f5f44448c3543de45aea60894d7ea6700285ba2a8c59c459435bbbc13b5cf2d
imphash 90fb8039802dcd9312961c1119ffea1e
File size 138.5 KB ( 141824 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.4%)
DOS Executable Borland Pascal 7.0x (19.1%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2015-08-08 19:28:15 UTC ( 1 year, 8 months ago )
Last submission 2015-08-08 19:32:08 UTC ( 1 year, 8 months ago )
File names 5e714d80a2ba084f08c8fa9227d50b3a23d5d8bb0017347a4259a90f4021c602.bin
5e714d80a2ba084f08c8fa9227d50b3a23d5d8bb0017347a4259a90f4021c602.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections