× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61a65f38b41bfba52798592d4bb20add848d7581bae10c610472cc1129d52692
File name: d08c957a004becd0a2404db99d334484.exe
Detection ratio: 46 / 50
Analysis date: 2014-03-06 10:15:35 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AVG Generic35.ILT 20140305
Ad-Aware Backdoor.Zbot.Q 20140306
Agnitum Trojan.Injector!C7ymt9HCFqk 20140305
AhnLab-V3 Trojan/Win32.Zbot 20140305
AntiVir TR/Spy.ZBot.xbxf 20140306
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140306
Avast Win32:Agent-ASEF [Trj] 20140306
Baidu-International Trojan.Win32.Sharik.Amm 20140306
BitDefender Backdoor.Zbot.Q 20140306
Bkav W32.RansomSharik.Trojan 20140305
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140306
CMC Trojan.Win32.Sharik!O 20140228
Commtouch W32/Trojan.ADUQ-0122 20140306
Comodo TrojWare.Win32.Injector.AOJ 20140306
DrWeb Trojan.DownLoader9.22851 20140306
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20140306
Emsisoft Trojan.Win32.Agent (A) 20140306
F-Prot W32/Trojan2.NXOY 20140306
F-Secure Backdoor.Zbot.Q 20140306
Fortinet W32/Sharik.QGD!tr 20140306
GData Backdoor.Zbot.Q 20140306
Ikarus Trojan.Bublik 20140306
Jiangmin TrojanSpy.Zbot.fnbp 20140306
K7AntiVirus Trojan ( 0048c8d61 ) 20140305
K7GW Trojan ( 0048c8d61 ) 20140305
Kaspersky Trojan.Win32.Sharik.qgd 20140306
Kingsoft Win32.Troj.Undef.(kcloud) 20140306
Malwarebytes Trojan.Ransom.PA 20140306
McAfee Generic.ru 20140306
McAfee-GW-Edition Generic.ru 20140306
MicroWorld-eScan Backdoor.Zbot.Q 20140306
Microsoft VirTool:Win32/CeeInject.gen!KK 20140306
NANO-Antivirus Trojan.Win32.ZBot.cnhgah 20140306
Norman Suspicious_Gen4.FCZOY 20140306
Panda Trj/WLT.A 20140306
Qihoo-360 HEUR/Malware.QVM07.Gen 20140306
Sophos Troj/Agent-AEEW 20140306
Symantec Trojan Horse 20140306
TheHacker Trojan/Downloader.Zurgop.bi 20140305
TotalDefense Win32/CInject.XG 20140306
TrendMicro TROJ_ZURGOP.AL 20140306
TrendMicro-HouseCall TROJ_ZURGOP.AL 20140306
VBA32 Trojan.Sharik 20140305
VIPRE Trojan.Win32.Zbot.f (v) 20140306
ViRobot Trojan.Win32.Agent.88277 20140306
nProtect Trojan/W32.Sharik.88277 20140306
ByteHero 20140306
ClamAV 20140305
Rising 20140306
SUPERAntiSpyware 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 17:01:02
Link date 6:01 PM 10/11/2013
Entry Point 0x00008664
Number of sections 4
PE sections
PE imports
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(4462)
Ord(354)
Ord(2980)
Ord(5099)
Ord(2374)
Ord(1971)
Ord(2486)
Ord(5237)
Ord(665)
Ord(4073)
Ord(1089)
Ord(5996)
Ord(5257)
Ord(3733)
Ord(4422)
Ord(4442)
Ord(5727)
Ord(2093)
Ord(4240)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(2873)
Ord(3917)
Ord(1569)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(4418)
Ord(2506)
Ord(2388)
Ord(6371)
Ord(3737)
Ord(567)
Ord(3076)
Ord(3345)
Ord(4430)
Ord(3142)
Ord(5285)
Ord(6617)
Ord(825)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(2874)
Ord(5095)
Ord(4692)
Ord(2619)
Ord(4431)
Ord(1196)
Ord(1767)
Ord(3054)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(6048)
Ord(2047)
Ord(1851)
Ord(5096)
Ord(2504)
Ord(5006)
Ord(5157)
Ord(5468)
Ord(4147)
Ord(470)
Ord(2875)
Ord(1230)
Ord(755)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(554)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(796)
Ord(1850)
Ord(4665)
Ord(674)
Ord(4831)
Ord(4670)
Ord(2618)
Ord(2715)
Ord(5977)
Ord(3398)
Ord(6618)
Ord(3346)
Ord(529)
Ord(4461)
Ord(4459)
Ord(5280)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(2383)
Ord(2382)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4451)
Ord(976)
Ord(5273)
Ord(402)
Ord(818)
Ord(4347)
Ord(1658)
Ord(324)
Ord(5296)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(4989)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(4298)
Ord(1720)
Ord(4075)
Ord(5250)
Ord(5094)
Ord(3313)
Ord(1131)
Ord(1244)
Ord(4435)
Ord(4452)
Ord(5303)
Ord(2546)
Ord(6051)
Ord(807)
Ord(561)
Ord(5261)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(4270)
Ord(2437)
Ord(4992)
Ord(5286)
Ord(5098)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
SendMessageW
UpdateWindow
EnableWindow
LoadCursorW
LoadAcceleratorsW
LoadMenuW
Number of PE resources by type
RT_STRING 12
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:11 18:01:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

FileAccessDate
2014:03:06 11:17:46+01:00

EntryPoint
0x8664

InitializedDataSize
16384

SubsystemVersion
4.512

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:06 11:17:46+01:00

UninitializedDataSize
0

File identification
MD5 d08c957a004becd0a2404db99d334484
SHA1 1b7300dd423c1f684fc6d695e3a2ceef8d13a435
SHA256 61a65f38b41bfba52798592d4bb20add848d7581bae10c610472cc1129d52692
ssdeep
768:fHOaRvR0sBUJ5iOlf06aDT4igIlijD2HuhH7Ko3eERjmj5nh6biZZxGI:vOaRvR6riGOpnijD26Hp505h6biZ9

imphash 4f9747608271af22b7b5c59ea1d28193
File size 86.2 KB ( 88277 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-14 09:20:16 UTC ( 6 months, 1 week ago )
Last submission 2013-11-28 23:30:19 UTC ( 4 months, 3 weeks ago )
File names 1B7300DD423C1F684FC6D695E3A2CEEF8D13A435.exe
20131014_006453_jpg_exe
c-aa498-350-1381742404
d08c957a004becd0a2404db99d334484.exe
20131014_006453.jpg.exe
samsung.jpg.exe
20131014_009873_jpg.exe
2871357753d6bccf944cd92357f6177c37e33627
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!