× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61a65f38b41bfba52798592d4bb20add848d7581bae10c610472cc1129d52692
File name: 007038714
Detection ratio: 51 / 56
Analysis date: 2015-07-27 18:15:18 UTC ( 3 days, 23 hours ago )
Antivirus Result Update
ALYac Backdoor.Zbot.Q 20150727
AVG Generic35.ILT 20150727
AVware Trojan.Win32.Zbot.f (v) 20150727
Ad-Aware Backdoor.Zbot.Q 20150727
Agnitum Trojan.Injector!C7ymt9HCFqk 20150727
AhnLab-V3 Trojan/Win32.Zbot 20150727
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150727
Arcabit Backdoor.Zbot.Q 20150727
Avast Win32:Agent-ASEF [Trj] 20150727
Avira TR/Spy.ZBot.xbxf 20150727
Baidu-International Trojan.Win32.Sharik.qgd 20150727
BitDefender Backdoor.Zbot.Q 20150727
Bkav W32.RansomSharik.Trojan 20150727
CAT-QuickHeal TrojanPWS.Zbot.Gen 20150727
Comodo TrojWare.Win32.Injector.AOJ 20150727
Cyren W32/Trojan.ADUQ-0122 20150727
DrWeb Trojan.DownLoader9.22851 20150727
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20150727
Emsisoft Backdoor.Zbot.Q (B) 20150727
F-Prot W32/Trojan2.NXOY 20150727
F-Secure Backdoor.Zbot.Q 20150727
Fortinet W32/Sharik.QGD!tr 20150727
GData Backdoor.Zbot.Q 20150727
Ikarus Trojan.Bublik 20150727
Jiangmin TrojanSpy.Zbot.fnbp 20150726
K7AntiVirus Riskware ( 0040f0f51 ) 20150727
K7GW Riskware ( 0040f0f51 ) 20150727
Kaspersky Trojan.Win32.Sharik.qgd 20150727
Kingsoft Win32.Troj.Undef.(kcloud) 20150727
Malwarebytes Trojan.Ransom.PA 20150727
McAfee Generic.ru 20150727
McAfee-GW-Edition Generic.ru 20150727
MicroWorld-eScan Backdoor.Zbot.Q 20150727
Microsoft VirTool:Win32/CeeInject.gen!KK 20150727
NANO-Antivirus Trojan.Win32.ZBot.cnhgah 20150727
Panda Trj/WLT.A 20150727
Qihoo-360 HEUR/Malware.QVM07.Gen 20150727
Rising PE:Trojan.Win32.Generic.15E3D28A!367252106 20150722
Sophos Troj/Agent-AEEW 20150727
Symantec Trojan Horse 20150727
Tencent Win32.Trojan.Sharik.Wpjg 20150727
TheHacker Trojan/Downloader.Zurgop.bi 20150727
TotalDefense Win32/CInject.XG 20150727
TrendMicro TROJ_ZURGOP.AL 20150727
TrendMicro-HouseCall TROJ_ZURGOP.AL 20150727
VBA32 Trojan.Sharik 20150727
VIPRE Trojan.Win32.Zbot.f (v) 20150727
ViRobot Trojan.Win32.Agent.88277[h] 20150727
Zillya Trojan.Sharik.Win32.141 20150727
Zoner Trojan.Zbot.AAO 20150727
nProtect Trojan/W32.Sharik.88277 20150727
AegisLab 20150727
Alibaba 20150727
ByteHero 20150727
ClamAV 20150727
SUPERAntiSpyware 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 17:01:02
Link date 6:01 PM 10/11/2013
Entry Point 0x00008664
Number of sections 4
PE sections
Overlays
MD5 c758e8e90686fd6c7f7277a477931c9d
File type data
Offset 53248
Size 35029
Entropy 7.93
PE imports
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(4462)
Ord(354)
Ord(2980)
Ord(5099)
Ord(2374)
Ord(1971)
Ord(2486)
Ord(5237)
Ord(665)
Ord(4073)
Ord(1089)
Ord(5996)
Ord(5257)
Ord(3733)
Ord(4422)
Ord(4442)
Ord(5727)
Ord(2093)
Ord(4240)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(2873)
Ord(3917)
Ord(1569)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(4418)
Ord(2506)
Ord(2388)
Ord(6371)
Ord(3737)
Ord(567)
Ord(3076)
Ord(3345)
Ord(4430)
Ord(3142)
Ord(5285)
Ord(6617)
Ord(825)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(2874)
Ord(5095)
Ord(4692)
Ord(2619)
Ord(4431)
Ord(1196)
Ord(1767)
Ord(3054)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(6048)
Ord(2047)
Ord(1851)
Ord(5096)
Ord(2504)
Ord(5006)
Ord(5157)
Ord(5468)
Ord(4147)
Ord(470)
Ord(2875)
Ord(1230)
Ord(755)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(554)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(796)
Ord(1850)
Ord(4665)
Ord(674)
Ord(4831)
Ord(4670)
Ord(2618)
Ord(2715)
Ord(5977)
Ord(3398)
Ord(6618)
Ord(3346)
Ord(529)
Ord(4461)
Ord(4459)
Ord(5280)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(2383)
Ord(2382)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4451)
Ord(976)
Ord(5273)
Ord(402)
Ord(818)
Ord(4347)
Ord(1658)
Ord(324)
Ord(5296)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(4989)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(4298)
Ord(1720)
Ord(4075)
Ord(5250)
Ord(5094)
Ord(3313)
Ord(1131)
Ord(1244)
Ord(4435)
Ord(4452)
Ord(5303)
Ord(2546)
Ord(6051)
Ord(807)
Ord(561)
Ord(5261)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(4270)
Ord(2437)
Ord(4992)
Ord(5286)
Ord(5098)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
SendMessageW
UpdateWindow
EnableWindow
LoadCursorW
LoadAcceleratorsW
LoadMenuW
Number of PE resources by type
RT_STRING 12
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:11 18:01:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x8664

InitializedDataSize
16384

SubsystemVersion
4.512

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d08c957a004becd0a2404db99d334484
SHA1 1b7300dd423c1f684fc6d695e3a2ceef8d13a435
SHA256 61a65f38b41bfba52798592d4bb20add848d7581bae10c610472cc1129d52692
ssdeep
768:fHOaRvR0sBUJ5iOlf06aDT4igIlijD2HuhH7Ko3eERjmj5nh6biZZxGI:vOaRvR6riGOpnijD26Hp505h6biZ9

authentihash 50be2f3bd9e0a03ae554ddb50ad80ab5f3d10614421096d894f560c6c0ccc75d
imphash 4f9747608271af22b7b5c59ea1d28193
File size 86.2 KB ( 88277 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-10-14 09:20:16 UTC ( 1 year, 9 months ago )
Last submission 2015-06-12 11:28:55 UTC ( 1 month, 2 weeks ago )
File names 1B7300DD423C1F684FC6D695E3A2CEEF8D13A435.exe
20131014_006453_jpg_exe
c-aa498-350-1381742404
d08c957a004becd0a2404db99d334484.exe
20131014_006453.jpg.exe
samsung.jpg.exe
20131014_009873_jpg.exe
2871357753d6bccf944cd92357f6177c37e33627
007038714
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!