× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
File name: 46985e1b4690c502d0869ecc4ebca74641e645a8-8a9abe065d473da9527fdf08...
Detection ratio: 42 / 50
Analysis date: 2014-03-06 09:26:29 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AVG Generic35.EFO 20140305
Ad-Aware Trojan.GenericKD.1322673 20140306
AhnLab-V3 Trojan/Win32.Zbot 20140305
AntiVir TR/Injector.anemw 20140306
Antiy-AVL Trojan[PSW]/Win32.Fareit 20140306
Avast Win32:Malware-gen 20140306
Baidu-International Trojan.Win32.Sharik.AUrD 20140306
BitDefender Trojan.GenericKD.1322673 20140306
Bkav W32.FataboxG.Trojan 20140305
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140306
Commtouch W32/Trojan.CVHW-7492 20140306
Comodo TrojWare.Win32.Injector.ANZG 20140306
DrWeb Trojan.DownLoader9.22851 20140306
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20140306
Emsisoft Trojan.GenericKD.1322673 (B) 20140306
F-Prot W32/Trojan3.GDP 20140306
F-Secure Trojan.GenericKD.1322673 20140306
Fortinet W32/Sharik.QEY!tr 20140306
GData Trojan.GenericKD.1322673 20140306
Ikarus Trojan-Spy.Zbot 20140306
Jiangmin Trojan/Sharik.hq 20140306
K7AntiVirus Riskware ( 0040eff71 ) 20140305
K7GW Riskware ( 0040eff71 ) 20140305
Kaspersky HEUR:Trojan.Win32.Generic 20140306
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140306
Malwarebytes Trojan.Zbot.FAI 20140306
McAfee PWSZbot-FHW!8A9ABE065D47 20140306
McAfee-GW-Edition PWSZbot-FHW!8A9ABE065D47 20140306
MicroWorld-eScan Trojan.GenericKD.1322673 20140306
Microsoft VirTool:Win32/CeeInject.gen!KK 20140306
NANO-Antivirus Trojan.Win32.Sharik.cqkduw 20140306
Norman Troj_Generic.QDXPC 20140306
Panda Trj/Dtcontx.H 20140306
Qihoo-360 HEUR/Malware.QVM07.Gen 20140306
Rising PE:Malware.Obscure!1.9C59 20140305
Sophos Troj/Agent-AECY 20140306
Symantec Trojan.Zbot!gen58 20140306
TotalDefense Win32/CInject.VU 20140306
TrendMicro TSPY_ZBOT.VBD 20140306
VBA32 Trojan.Sharik 20140305
VIPRE Trojan.Win32.Zbot.f (v) 20140306
nProtect Trojan.GenericKD.1322673 20140305
Agnitum 20140305
ByteHero 20140306
CMC 20140228
ClamAV 20140305
SUPERAntiSpyware 20140306
TheHacker 20140305
TrendMicro-HouseCall 20140306
ViRobot 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-05 05:24:16
Link date 6:24 AM 10/5/2013
Entry Point 0x00002466
Number of sections 4
PE sections
PE imports
SetBkColor
UpdateColors
CreateFontA
Rectangle
SetStdHandle
GetLastError
GlobalMemoryStatus
GetModuleFileNameA
GetStringTypeA
GetModuleFileNameW
CreateFileW
GetModuleHandleW
GetEnvironmentVariableW
GetStartupInfoW
GetThreadTimes
GetSystemDirectoryA
GetProcAddress
GetSystemInfo
Ord(3820)
Ord(4525)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(4298)
Ord(5298)
Ord(4880)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(2486)
Ord(5237)
Ord(665)
Ord(2619)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(4435)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5208)
Ord(5727)
Ord(4362)
Ord(3744)
Ord(1822)
Ord(4420)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(2392)
Ord(4852)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(6195)
Ord(4381)
Ord(4932)
Ord(1165)
Ord(617)
Ord(5813)
Ord(4234)
Ord(825)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(4934)
Ord(2874)
Ord(1716)
Ord(4335)
Ord(5273)
Ord(4073)
Ord(1767)
Ord(4891)
Ord(4480)
Ord(4229)
Ord(344)
Ord(823)
Ord(6048)
Ord(4269)
Ord(4537)
Ord(4958)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(1569)
Ord(5468)
Ord(6617)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(3592)
Ord(4609)
Ord(554)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(5247)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4072)
Ord(657)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(5055)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(4692)
Ord(4847)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(324)
Ord(2391)
Ord(5296)
Ord(4158)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5239)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(3313)
Ord(5097)
Ord(520)
Ord(3733)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2717)
Ord(4583)
Ord(6051)
Ord(561)
Ord(3054)
Ord(975)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(5059)
Ord(6211)
Ord(2618)
Ord(4103)
Ord(529)
Ord(4370)
Ord(800)
Ord(296)
Ord(5649)
Ord(4418)
Ord(4885)
Ord(5286)
Ord(4690)
Ord(4580)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
AppendMenuA
UpdateWindow
EnableWindow
SystemParametersInfoW
GetDlgItem
FlashWindow
SetActiveWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 3
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 18
NEUTRAL 2
ENGLISH US 1
CHINESE SIMPLIFIED 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:05 06:24:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

FileAccessDate
2014:03:06 10:25:19+01:00

EntryPoint
0x2466

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:06 10:25:19+01:00

UninitializedDataSize
0

File identification
MD5 8a9abe065d473da9527fdf08fb55cb9e
SHA1 46985e1b4690c502d0869ecc4ebca74641e645a8
SHA256 6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
ssdeep
1536:SYEJ/X5kPIPzk2kfP/icEiwjArm6lq5Vil7I+n/h3JgMiJeZqG:QFGPIPzMicEiwjArm6lkQFn/FFiJeZX

imphash fcb91aa3fb42b3c477451ddadb145ab1
File size 74.2 KB ( 75989 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-07 09:40:19 UTC ( 6 months, 2 weeks ago )
Last submission 2014-02-01 14:45:12 UTC ( 2 months, 2 weeks ago )
File names P7469984985.Print.pdf.exe
8a9abe065d473da9527fdf08fb55cb9e.exe
t-mobile.jpg.exe
46985e1b4690c502d0869ecc4ebca74641e645a8-8a9abe065d473da9527fdf08fb55cb9e.01.exe5122.vir
c-369a3-310-1381138802
0947658985_Pic587690_jpg_exe
vti-rescan
Wire Payment Details.pdf.exe
6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
8a9abe065d473da9527fdf08fb55cb9e
0947658985_Pic587690.jpg.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!