× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 602a68fbf9845f3f74f85335c90cd562bd484614d4768d69fa9870aad8a5afb6
File name: c-5a831-1-1415832301
Detection ratio: 41 / 56
Analysis date: 2014-11-27 14:29:04 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.42230 20141127
ALYac Gen:Variant.Symmi.42230 20141127
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141127
Avast Win32:Vobfus-Q [Wrm] 20141127
AVG Inject2.BDWZ 20141127
Avira (no cloud) TR/Buzus.213572 20141127
AVware Trojan.Win32.Generic!BT 20141121
Baidu-International Trojan.Win32.Injector.BBPIC 20141127
BitDefender Gen:Variant.Symmi.42230 20141127
Bkav HW32.Packed.2755 20141127
CAT-QuickHeal TrojanDownloader.Upatre.A4 20141127
ClamAV Win.Trojan.Agent-820197 20141127
Comodo UnclassifiedMalware 20141127
Cyren W32/Trojan.DCHQ-6794 20141127
DrWeb BackDoor.Andromeda.404 20141127
Emsisoft Gen:Variant.Symmi.42230 (B) 20141127
ESET-NOD32 a variant of Win32/Injector.BPIC 20141127
F-Prot W32/Trojan3.MAZ 20141126
F-Secure Gen:Variant.Symmi.42230 20141127
Fortinet W32/BPIC!tr 20141127
GData Gen:Variant.Symmi.42230 20141127
Ikarus Trojan.Win32.Inject 20141127
K7AntiVirus Trojan ( 004b0a5a1 ) 20141127
K7GW Trojan ( 050000001 ) 20141126
Kaspersky Trojan-Spy.Win32.Zbot.uofy 20141127
Malwarebytes Trojan.Zbot 20141127
McAfee Generic-FAUT!D1C6D258651B 20141127
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20141127
Microsoft VirTool:Win32/CeeInject.gen!KK 20141127
eScan Gen:Variant.Symmi.42230 20141127
NANO-Antivirus Trojan.Win32.ARZS.dioiph 20141127
Norman Troj_Generic.XFGXE 20141127
Panda Trj/Genetic.gen 20141126
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20141127
Sophos AV Troj/Fondu-CE 20141127
Symantec Trojan.Zbot 20141127
Tencent Win32.Trojan.Inject.Auto 20141127
TrendMicro TROJ_GEN.R0E9C0PKC14 20141127
TrendMicro-HouseCall TROJ_GEN.R0E9C0PKC14 20141127
VBA32 TrojanSpy.Zbot 20141127
VIPRE Trojan.Win32.Generic!BT 20141127
AegisLab 20141127
Yandex 20141126
AhnLab-V3 20141126
ByteHero 20141127
CMC 20141127
Jiangmin 20141126
Kingsoft 20141127
nProtect 20141127
Rising 20141126
SUPERAntiSpyware 20141127
TheHacker 20141124
TotalDefense 20141127
ViRobot 20141127
Zillya 20141126
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-10 12:50:21
Entry Point 0x00004BF0
Number of sections 4
PE sections
PE imports
GetDeviceCaps
PatBlt
SetStretchBltMode
CreatePalette
SelectPalette
SetDIBitsToDevice
RealizePalette
StretchDIBits
GlobalSize
LocalFree
LocalLock
GetCurrentProcessId
OpenProcess
GlobalFree
GlobalAlloc
GetStartupInfoW
GlobalUnlock
LocalUnlock
GlobalLock
GetModuleHandleW
LocalAlloc
Ord(3820)
Ord(2406)
Ord(5647)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(402)
Ord(4298)
Ord(5298)
Ord(1634)
Ord(354)
Ord(2980)
Ord(6371)
Ord(2374)
Ord(1971)
Ord(6113)
Ord(5237)
Ord(665)
Ord(4073)
Ord(6048)
Ord(4607)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(4422)
Ord(5236)
Ord(4523)
Ord(5208)
Ord(5727)
Ord(2093)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(517)
Ord(4717)
Ord(3313)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(6325)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2546)
Ord(2119)
Ord(641)
Ord(3917)
Ord(4583)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(2285)
Ord(289)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(1912)
Ord(3193)
Ord(6127)
Ord(5285)
Ord(4617)
Ord(4462)
Ord(4381)
Ord(3611)
Ord(1165)
Ord(2486)
Ord(617)
Ord(825)
Ord(2644)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4957)
Ord(4335)
Ord(5273)
Ord(5649)
Ord(4431)
Ord(1767)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(4240)
Ord(529)
Ord(4269)
Ord(4537)
Ord(1560)
Ord(1851)
Ord(6372)
Ord(2504)
Ord(5006)
Ord(268)
Ord(3060)
Ord(800)
Ord(5157)
Ord(2375)
Ord(5468)
Ord(5250)
Ord(2875)
Ord(6617)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(350)
Ord(554)
Ord(2047)
Ord(2109)
Ord(2619)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(283)
Ord(3864)
Ord(3053)
Ord(796)
Ord(1850)
Ord(3687)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4954)
Ord(4072)
Ord(5996)
Ord(4606)
Ord(1257)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(4461)
Ord(3346)
Ord(858)
Ord(5783)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(5180)
Ord(4421)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(4257)
Ord(4451)
Ord(4692)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(1658)
Ord(324)
Ord(5095)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(1662)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5239)
Ord(5096)
Ord(1720)
Ord(4075)
Ord(4147)
Ord(3122)
Ord(652)
Ord(5094)
Ord(4420)
Ord(958)
Ord(1131)
Ord(4435)
Ord(6212)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2717)
Ord(861)
Ord(5280)
Ord(5098)
Ord(6051)
Ord(807)
Ord(561)
Ord(411)
Ord(5787)
Ord(3054)
Ord(3658)
Ord(2286)
Ord(3131)
Ord(5099)
Ord(4154)
Ord(5059)
Ord(6211)
Ord(2618)
Ord(4103)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(613)
Ord(976)
Ord(2437)
Ord(296)
Ord(2356)
Ord(4418)
Ord(4158)
Ord(5286)
Ord(4690)
Ord(3621)
Ord(6076)
__p__fmode
__wgetmainargs
??1type_info@@UAE@XZ
memset
__dllonexit
_except_handler3
fabs
_onexit
exit
_XcptFilter
_ftol
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
_CxxThrowException
__p__commode
_wfopen
memcpy
cos
sin
_initterm
_exit
__set_app_type
GetModuleFileNameExW
EmptyClipboard
IsClipboardFormatAvailable
UpdateWindow
EnableWindow
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard
Number of PE resources by type
RT_STRING 14
RT_DIALOG 5
RT_MENU 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
Number of PE resources by language
CHINESE SIMPLIFIED 23
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:10 13:50:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileAccessDate
2014:11:27 15:30:51+01:00

EntryPoint
0x4bf0

InitializedDataSize
188416

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:11:27 15:30:51+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d1c6d258651bfac40a84669135784ef6
SHA1 9c6984be18fd753e981f99238aa4c75a321961a0
SHA256 602a68fbf9845f3f74f85335c90cd562bd484614d4768d69fa9870aad8a5afb6
ssdeep
6144:cHQVAIO1BguWHLmNInEVpu62evORF/vWeg0:sQVjhrmNf4622eF/v/

authentihash 55836e5ceb82b372fb1a8c6160a2f50cb8916313e656c102b1d534965838c14e
imphash 5a70da92bba534d75d8f8fc0ff7eec16
File size 208.6 KB ( 213572 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-12 21:15:22 UTC ( 4 years, 2 months ago )
Last submission 2014-11-12 22:45:02 UTC ( 4 years, 2 months ago )
File names c-ceda4-3-1415826905
602a68fbf9845f3f74f85335c90cd562bd484614d4768d69fa9870aad8a5afb6.exe
c-5a831-1-1415832301
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.