× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f41235d0db8c89759076f4c44565a5c9ecbe89a523bb8a857fde0ef48d47471
File name: 1BEAD4908FA6BE6188EB672F7A02ED89
Detection ratio: 35 / 54
Analysis date: 2014-11-01 19:47:15 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Zboter.1 20141101
AegisLab Troj.W32.Gen 20141101
Yandex TrojanSpy.Zbot!+takqNDKRhA 20141101
AhnLab-V3 Spyware/Win32.Zbot 20141101
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141101
Avast Win32:Crypt-QRV [Trj] 20141101
AVG Generic35.CEVH 20141101
Avira (no cloud) TR/Spy.ZBot.rtnyy 20141101
BitDefender Gen:Trojan.Zboter.1 20141101
ClamAV Win.Trojan.Zbot-37085 20141101
Comodo TrojWare.Win32.Injector.AYUO 20141101
DrWeb Trojan.DownLoad3.32895 20141101
Emsisoft Gen:Trojan.Zboter.1 (B) 20141101
ESET-NOD32 a variant of Win32/Injector.AZLS 20141101
F-Secure Gen:Trojan.Zboter.1 20141101
Fortinet W32/Kryptik.WIF!tr 20141101
GData Gen:Trojan.Zboter.1 20141101
Ikarus Trojan-Downloader.Win32.Upatre 20141101
Jiangmin TrojanSpy.Zbot.hbvm 20141031
K7AntiVirus Trojan ( 004968971 ) 20141031
K7GW Trojan ( 004968971 ) 20141031
Kaspersky HEUR:Trojan.Win32.Generic 20141101
Kingsoft Win32.Troj.Zbot.rs.(kcloud) 20141101
Malwarebytes Trojan.Agent.ED 20141101
McAfee Downloader-FYH!1BEAD4908FA6 20141101
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20141101
Microsoft VirTool:Win32/CeeInject 20141101
eScan Gen:Trojan.Zboter.1 20141101
NANO-Antivirus Trojan.Win32.Zbot.cukbla 20141101
Norman Injector.GTKL 20141101
Qihoo-360 Malware.QVM20.Gen 20141101
Sophos Troj/HkMain-AH 20141031
Symantec Trojan.Cidox!gm 20141101
VBA32 TrojanSpy.Zbot 20141031
Zillya Trojan.Zbot.Win32.149768 20141101
AVware 20141031
Baidu-International 20141031
Bkav 20141027
ByteHero 20141101
CAT-QuickHeal 20141101
CMC 20141031
Cyren 20141101
F-Prot 20141031
nProtect 20141031
Rising 20141101
SUPERAntiSpyware 20141101
Tencent 20141101
TheHacker 20141031
TotalDefense 20141101
TrendMicro 20141101
TrendMicro-HouseCall 20141101
VIPRE 20141101
ViRobot 20141101
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-02 15:40:40
Entry Point 0x000077AA
Number of sections 4
PE sections
PE imports
CreatePen
CreateCompatibleBitmap
CreateSolidBrush
SetPixelV
CreateCompatibleDC
StretchBlt
Rectangle
GetModuleFileNameA
GetStartupInfoA
ExitProcess
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(4635)
Ord(1641)
Ord(3136)
Ord(6383)
Ord(665)
Ord(5440)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(4297)
Ord(1979)
Ord(4852)
Ord(815)
Ord(641)
Ord(5788)
Ord(1175)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4750)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(4716)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(5442)
Ord(5067)
Ord(4375)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4229)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1834)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4608)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(2405)
Ord(4607)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(6394)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(3571)
Ord(4622)
Ord(561)
Ord(355)
Ord(1640)
Ord(4133)
Ord(5016)
Ord(2841)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(3452)
Ord(4834)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
malloc
_acmdln
_ftol
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
__getmainargs
_controlfp
_setmbcp
_initterm
_exit
_CIacos
__set_app_type
DrawDibClose
DrawDibOpen
GetSystemMetrics
IsIconic
LoadCursorA
LoadIconA
EnableWindow
DrawIcon
SendMessageA
CheckRadioButton
GetClientRect
GetSystemMenu
AppendMenuA
WindowFromDC
FrameRect
GetDC
SetCursor
Number of PE resources by type
RT_DIALOG 3
RT_STRING 1
Number of PE resources by language
CHINESE SIMPLIFIED 3
CHINESE *unknown* 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:02 16:40:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
0.0

FileAccessDate
2014:11:01 20:48:21+01:00

EntryPoint
0x77aa

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:11:01 20:48:21+01:00

UninitializedDataSize
0

File identification
MD5 1bead4908fa6be6188eb672f7a02ed89
SHA1 34b40b9c1dbfb1de35c71d6aead1476347bf749f
SHA256 5f41235d0db8c89759076f4c44565a5c9ecbe89a523bb8a857fde0ef48d47471
ssdeep
6144:fl4Dp+fjRRKK3tEtb9elATd5bec7Xa7Sg/+ovBi3imXY9VwhlBHekwz:46zT3KtEG7Fa5jvarXY9ehty

authentihash 7187c578df5273666ac7bbdc9f60d4fda2ba13c68477eaadfde5710d1ccd92f0
imphash 55cc33ecd1165d9fce961bd16ec85340
File size 292.9 KB ( 299880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-01 19:47:15 UTC ( 2 years, 7 months ago )
Last submission 2014-11-01 19:47:15 UTC ( 2 years, 7 months ago )
File names 1BEAD4908FA6BE6188EB672F7A02ED89
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!