× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 621a0a4f95b4d0fbe942f9bc27ba1efb16281f36db4a402e7dfb568494ac6e22
File name: 9e7c92c59f3cf095249ec9506c5bd43df9c363db
Detection ratio: 8 / 56
Analysis date: 2014-12-01 00:36:43 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20141201
AVG Zbot.VPE 20141130
ESET-NOD32 Win32/Spy.Zbot.ACB 20141130
Kaspersky Trojan-Spy.Win32.Zbot.uqha 20141201
McAfee PWSZbot-FABK!CECAC4C2D040 20141201
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gz 20141201
Microsoft PWS:Win32/Zbot.gen!VM 20141201
Qihoo-360 Malware.QVM19.Gen 20141201
Ad-Aware 20141201
AegisLab 20141201
Yandex 20141129
AhnLab-V3 20141130
ALYac 20141130
Antiy-AVL 20141130
Avira (no cloud) 20141130
AVware 20141121
Baidu-International 20141130
BitDefender 20141130
Bkav 20141127
ByteHero 20141201
CAT-QuickHeal 20141129
ClamAV 20141201
CMC 20141127
Comodo 20141130
Cyren 20141201
DrWeb 20141130
Emsisoft 20141201
F-Prot 20141201
F-Secure 20141130
Fortinet 20141129
GData 20141201
Ikarus 20141130
Jiangmin 20141129
K7AntiVirus 20141128
K7GW 20141129
Kingsoft 20141201
Malwarebytes 20141201
eScan 20141201
NANO-Antivirus 20141130
Norman 20141130
nProtect 20141128
Panda 20141130
Rising 20141129
Sophos AV 20141130
SUPERAntiSpyware 20141130
Symantec 20141201
Tencent 20141201
TheHacker 20141130
TotalDefense 20141130
TrendMicro 20141201
TrendMicro-HouseCall 20141201
VBA32 20141128
VIPRE 20141201
ViRobot 20141130
Zillya 20141130
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-29 05:26:01
Entry Point 0x00001000
Number of sections 13
PE sections
PE imports
CallNamedPipeW
CreatePipe
Toolhelp32ReadProcessMemory
GetProcessShutdownParameters
LocalFlags
GetTapeStatus
GetDriveTypeA
SearchPathA
GetTickCount
MulDiv
lstrcmpA
GetCurrentThreadId
GetProcAddress
GetClipboardFormatNameA
GetParent
GetWindowRect
LoadCursorA
PostQuitMessage
GetDlgItem
mouse_event
FindWindowA
IsIconic
ChangeMenuA
GetKeyState
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:05:29 06:26:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
371712

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
74752

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cecac4c2d0401e4056d4fefd934310d6
SHA1 9e7c92c59f3cf095249ec9506c5bd43df9c363db
SHA256 621a0a4f95b4d0fbe942f9bc27ba1efb16281f36db4a402e7dfb568494ac6e22
ssdeep
1536:hY9PudfF5E2El0nwRHIfd+F+lADgAxM2eXm4HGELAL2U:iPud7A0+HIfO+lzAe2eXm4HGgAL2U

authentihash 48d088e135b4fe657905233072801505b49bb0bd3fd30a746af206021df480b4
imphash e4d770e6e71777153ce213bb9604d530
File size 459.5 KB ( 470528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-01 00:36:43 UTC ( 4 years, 3 months ago )
Last submission 2016-01-02 00:04:33 UTC ( 3 years, 2 months ago )
File names 621a0a4f95b4d0fbe942f9bc27ba1efb16281f36db4a402e7dfb568494ac6e22.exe
621a0a4f95b4d0fbe942f9bc27ba1efb16281f36db4a402e7dfb568494ac6e22.exe
9e7c92c59f3cf095249ec9506c5bd43df9c363db
621a0a4f95b4d0fbe942f9bc27ba1efb16281f36db4a402e7dfb568494ac6e22.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.