× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61a65f38b41bfba52798592d4bb20add848d7581bae10c610472cc1129d52692
File name: 007038714
Detection ratio: 51 / 57
Analysis date: 2015-06-12 11:28:55 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
ALYac Backdoor.Zbot.Q 20150612
AVG Generic35.ILT 20150612
AVware Trojan.Win32.Zbot.f (v) 20150612
Ad-Aware Backdoor.Zbot.Q 20150612
Agnitum Trojan.Injector!C7ymt9HCFqk 20150611
AhnLab-V3 Trojan/Win32.Zbot 20150612
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150612
Arcabit Backdoor.Zbot.Q 20150612
Avast Win32:Agent-ASEF [Trj] 20150612
Avira TR/Spy.ZBot.xbxf 20150612
Baidu-International Trojan.Win32.Sharik.qgd 20150612
BitDefender Backdoor.Zbot.Q 20150612
Bkav W32.RansomSharik.Trojan 20150612
CAT-QuickHeal TrojanPWS.Zbot.Gen 20150612
Comodo TrojWare.Win32.Injector.AOJ 20150612
Cyren W32/Trojan.ADUQ-0122 20150612
DrWeb Trojan.DownLoader9.22851 20150612
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20150612
Emsisoft Backdoor.Zbot.Q (B) 20150612
F-Prot W32/Trojan2.NXOY 20150612
F-Secure Backdoor.Zbot.Q 20150612
Fortinet W32/Sharik.QGD!tr 20150612
GData Backdoor.Zbot.Q 20150612
Ikarus Trojan.Bublik 20150612
Jiangmin TrojanSpy.Zbot.fnbp 20150610
K7AntiVirus Riskware ( 0040f0f51 ) 20150612
K7GW Riskware ( 0040f0f51 ) 20150612
Kaspersky Trojan.Win32.Sharik.qgd 20150612
Kingsoft Win32.Troj.Undef.(kcloud) 20150612
Malwarebytes Trojan.Ransom.PA 20150612
McAfee Generic.ru 20150612
McAfee-GW-Edition Generic.ru 20150612
MicroWorld-eScan Backdoor.Zbot.Q 20150612
Microsoft VirTool:Win32/CeeInject.gen!KK 20150612
NANO-Antivirus Trojan.Win32.ZBot.cnhgah 20150612
Panda Trj/WLT.A 20150612
Qihoo-360 HEUR/Malware.QVM07.Gen 20150612
Rising PE:Trojan.Win32.Generic.15E3D28A!367252106 20150612
Sophos Troj/Agent-AEEW 20150612
Symantec Trojan Horse 20150612
Tencent Trojan.Win32.Qudamah.Gen.24 20150612
TheHacker Trojan/Downloader.Zurgop.bi 20150611
TotalDefense Win32/CInject.XG 20150612
TrendMicro TROJ_ZURGOP.AL 20150612
TrendMicro-HouseCall TROJ_ZURGOP.AL 20150612
VBA32 Trojan.Sharik 20150612
VIPRE Trojan.Win32.Zbot.f (v) 20150612
ViRobot Trojan.Win32.Agent.88277[h] 20150612
Zillya Trojan.Sharik.Win32.141 20150611
Zoner Trojan.Zbot.AAO 20150612
nProtect Trojan/W32.Sharik.88277 20150612
AegisLab 20150612
Alibaba 20150611
ByteHero 20150612
CMC 20150610
ClamAV 20150611
SUPERAntiSpyware 20150612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 17:01:02
Link date 6:01 PM 10/11/2013
Entry Point 0x00008664
Number of sections 4
PE sections
Overlays
MD5 c758e8e90686fd6c7f7277a477931c9d
File type data
Offset 53248
Size 35029
Entropy 7.93
PE imports
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(4462)
Ord(354)
Ord(2980)
Ord(5099)
Ord(2374)
Ord(1971)
Ord(2486)
Ord(5237)
Ord(665)
Ord(4073)
Ord(1089)
Ord(5996)
Ord(5257)
Ord(3733)
Ord(4422)
Ord(4442)
Ord(5727)
Ord(2093)
Ord(4240)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(2873)
Ord(3917)
Ord(1569)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(4418)
Ord(2506)
Ord(2388)
Ord(6371)
Ord(3737)
Ord(567)
Ord(3076)
Ord(3345)
Ord(4430)
Ord(3142)
Ord(5285)
Ord(6617)
Ord(825)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(2874)
Ord(5095)
Ord(4692)
Ord(2619)
Ord(4431)
Ord(1196)
Ord(1767)
Ord(3054)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(6048)
Ord(2047)
Ord(1851)
Ord(5096)
Ord(2504)
Ord(5006)
Ord(5157)
Ord(5468)
Ord(4147)
Ord(470)
Ord(2875)
Ord(1230)
Ord(755)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(554)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(796)
Ord(1850)
Ord(4665)
Ord(674)
Ord(4831)
Ord(4670)
Ord(2618)
Ord(2715)
Ord(5977)
Ord(3398)
Ord(6618)
Ord(3346)
Ord(529)
Ord(4461)
Ord(4459)
Ord(5280)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(2383)
Ord(2382)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4451)
Ord(976)
Ord(5273)
Ord(402)
Ord(818)
Ord(4347)
Ord(1658)
Ord(324)
Ord(5296)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(4989)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(4298)
Ord(1720)
Ord(4075)
Ord(5250)
Ord(5094)
Ord(3313)
Ord(1131)
Ord(1244)
Ord(4435)
Ord(4452)
Ord(5303)
Ord(2546)
Ord(6051)
Ord(807)
Ord(561)
Ord(5261)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(4270)
Ord(2437)
Ord(4992)
Ord(5286)
Ord(5098)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
SendMessageW
UpdateWindow
EnableWindow
LoadCursorW
LoadAcceleratorsW
LoadMenuW
Number of PE resources by type
RT_STRING 12
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:11 18:01:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x8664

InitializedDataSize
16384

SubsystemVersion
4.512

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d08c957a004becd0a2404db99d334484
SHA1 1b7300dd423c1f684fc6d695e3a2ceef8d13a435
SHA256 61a65f38b41bfba52798592d4bb20add848d7581bae10c610472cc1129d52692
ssdeep
768:fHOaRvR0sBUJ5iOlf06aDT4igIlijD2HuhH7Ko3eERjmj5nh6biZZxGI:vOaRvR6riGOpnijD26Hp505h6biZ9

authentihash 50be2f3bd9e0a03ae554ddb50ad80ab5f3d10614421096d894f560c6c0ccc75d
imphash 4f9747608271af22b7b5c59ea1d28193
File size 86.2 KB ( 88277 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-10-14 09:20:16 UTC ( 1 year, 8 months ago )
Last submission 2015-06-12 11:28:55 UTC ( 2 weeks, 3 days ago )
File names 1B7300DD423C1F684FC6D695E3A2CEEF8D13A435.exe
20131014_006453_jpg_exe
c-aa498-350-1381742404
d08c957a004becd0a2404db99d334484.exe
20131014_006453.jpg.exe
samsung.jpg.exe
20131014_009873_jpg.exe
2871357753d6bccf944cd92357f6177c37e33627
007038714
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!