× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 657a66b2709fe3d2cc441be73c9e774ad8a7a73610d8c8d3abb4e60f517a44f8
File name: 657a66b2709fe3d2cc441be73c9e774ad8a7a73610d8c8d3abb4e60f517a44f8.vir
Detection ratio: 46 / 52
Analysis date: 2016-01-13 00:55:55 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.78751 20160112
Yandex TrojanSpy.Zbot!M6aZ9bY6Hrw 20160111
AhnLab-V3 Trojan/Win32.Zbot 20160112
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160113
Avast Win32:Susn-AJ [Trj] 20160113
AVG PSW.Generic9.CNXF 20160113
AVware Trojan.Win32.Zbot.aan (v) 20160111
Baidu-International Trojan.Win32.Zbot.eamw 20160112
BitDefender Gen:Variant.Kazy.78751 20160113
Bkav W32.FareitKrapA.Trojan 20160112
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160112
CMC Trojan-Spy.Win32.Zbot!O 20160111
Comodo TrojWare.Win32.TrojanSpy.Zbot.EAMW 20160112
Cyren W32/Zbot.FL.gen!Eldorado 20160113
DrWeb Trojan.PWS.Panda.2363 20160113
Emsisoft Gen:Variant.Kazy.78751 (B) 20160113
ESET-NOD32 Win32/Spy.Zbot.AAN 20160113
F-Prot W32/Zbot.FL.gen!Eldorado 20160111
F-Secure Trojan-Spy:W32/Zbot.BBGJ 20160112
Fortinet W32/ZBOT.HL!tr 20160113
GData Gen:Variant.Kazy.78751 20160113
Ikarus Packer.Win32.Krap 20160112
Jiangmin Trojan/PSW.Tepfer.cpq 20160112
K7AntiVirus Spyware ( 003919791 ) 20160112
K7GW Spyware ( 003919791 ) 20160112
Kaspersky Trojan-Spy.Win32.Zbot.eamw 20160112
Malwarebytes Trojan.Zbot.DTGen 20160113
McAfee PWS-Zbot.gen.uh 20160113
McAfee-GW-Edition PWS-Zbot.gen.uh 20160113
Microsoft Trojan:Win32/Bulta!rfn 20160113
eScan Gen:Variant.Kazy.78751 20160113
NANO-Antivirus Trojan.Win32.Zbot.tnnxd 20160112
nProtect Trojan-Spy/W32.ZBot.347112 20160112
Panda Generic Malware 20160112
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160112
Sophos AV Mal/ZAccess-CG 20160113
SUPERAntiSpyware Trojan.Agent/Gen-KD 20160113
Symantec Packed.Generic.459 20160112
TheHacker Trojan/Spy.Zbot.aan 20160107
TotalDefense Win32/Zbot.AK!generic 20160112
TrendMicro TSPY_ZBOT.SMNA 20160113
TrendMicro-HouseCall TSPY_ZBOT.SMNA 20160113
VBA32 BScope.Malware-Cryptor.SB.01798 20160112
VIPRE Trojan.Win32.Zbot.aan (v) 20160113
ViRobot Trojan.Win32.A.Zbot.347112.AQ[h] 20160112
Zillya Trojan.Zbot.Win32.62401 20160112
AegisLab 20160112
Alibaba 20160112
Arcabit 20160113
ByteHero 20160113
ClamAV 20160113
Zoner 20160113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher SMCh
Signature verification Signed file, verified signature
Signers
[+] SMCh
Status
Issuer None
Valid from 6:35 AM 6/22/2012
Valid to 12:59 AM 1/1/2040
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 24B3F0C5E91C87545205A0EAAC58B65BBA73F329
Serial number 5C 91 0A E6 1D E2 3C A3 4F 37 D3 8F E5 01 C3 D7
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-23 13:46:05
Entry Point 0x000010C0
Number of sections 4
PE sections
Overlays
MD5 60bd23851dba554f24a206fd6d4fba83
File type data
Offset 346112
Size 1000
Entropy 7.02
PE imports
RegCloseKey
RegOpenKeyW
GetWindowsDirectoryW
VirtualAllocEx
GetModuleHandleA
CreateFileW
GetCommandLineW
CloseHandle
GetCommandLineA
lstrcatW
GetProcAddress
CreateWindowExA
LoadCursorA
LoadIconA
RegisterClassExA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:23 14:46:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33280

LinkerVersion
2.5

FileTypeExtension
exe

InitializedDataSize
312320

SubsystemVersion
4.0

EntryPoint
0x10c0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 35821add0197338191211b6cd73b674d
SHA1 78fc5ade7ca2e1f062f5a051021d6f0392d9f8fc
SHA256 657a66b2709fe3d2cc441be73c9e774ad8a7a73610d8c8d3abb4e60f517a44f8
ssdeep
6144:TMzQ9Sbr2I6jlZNp0H8vIz3YX5Sze2wpchpkUJ1HYBh4kHIl:9S56jNQTKk9h1HYAl

authentihash 3c87a8739f0c01c42818d3d2213c0351f1ba9ff0b467b06b5e96de6fd22abaf4
imphash 70d8fea638a777868ed479b89ebde76d
File size 339.0 KB ( 347112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-06-23 14:09:40 UTC ( 5 years, 1 month ago )
Last submission 2016-01-13 00:55:55 UTC ( 1 year, 6 months ago )
File names 657a66b2709fe3d2cc441be73c9e774ad8a7a73610d8c8d3abb4e60f517a44f8.vir
35821add0197338191211b6cd73b674d
35821add0197338191211b6cd73
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications