× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
File name: 46985e1b4690c502d0869ecc4ebca74641e645a8-8a9abe065d473da9527fdf08...
Detection ratio: 46 / 54
Analysis date: 2014-07-04 06:52:56 UTC ( 10 months, 3 weeks ago )
Antivirus Result Update
AVG Generic35.EFO 20140704
Ad-Aware Trojan.Agent.BANV 20140704
AhnLab-V3 Trojan/Win32.Zbot 20140703
AntiVir TR/Injector.anemw 20140704
Antiy-AVL Trojan[PSW]/Win32.Fareit 20140703
Avast Win32:Malware-gen 20140704
Baidu-International Trojan.Win32.Sharik.AUrD 20140703
BitDefender Trojan.Agent.BANV 20140704
Bkav W32.FataboxG.Trojan 20140702
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140704
Commtouch W32/Trojan.CVHW-7492 20140704
Comodo TrojWare.Win32.Injector.ANZG 20140703
DrWeb Trojan.DownLoader9.22851 20140704
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20140704
Emsisoft Trojan.Agent.BANV (B) 20140704
F-Prot W32/Trojan3.GDP 20140704
F-Secure Trojan.Agent.BANV 20140704
Fortinet W32/Sharik.QEY!tr 20140704
GData Trojan.Agent.BANV 20140704
Ikarus Trojan-Spy.Zbot 20140704
Jiangmin Trojan/Sharik.hq 20140704
K7AntiVirus Riskware ( 0040eff71 ) 20140703
K7GW Riskware ( 0040eff71 ) 20140703
Kaspersky HEUR:Trojan.Win32.Generic 20140704
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140704
Malwarebytes Trojan.Zbot.FAI 20140704
McAfee PWSZbot-FHW!8A9ABE065D47 20140704
McAfee-GW-Edition PWSZbot-FHW!8A9ABE065D47 20140704
MicroWorld-eScan Trojan.Agent.BANV 20140704
Microsoft VirTool:Win32/CeeInject.gen!KK 20140704
NANO-Antivirus Trojan.Win32.Agent.cqzzzh 20140704
Norman Troj_Generic.QDXPC 20140704
Panda Trj/Dtcontx.H 20140703
Qihoo-360 HEUR/Malware.QVM07.Gen 20140704
Rising PE:Malware.Obscure!1.9C59 20140703
Sophos Troj/Agent-AECY 20140704
Symantec Trojan.Zbot!gen58 20140704
Tencent Win32.Trojan.Generic.Ecuk 20140704
TotalDefense Win32/CInject.VU 20140703
TrendMicro TSPY_ZBOT.VBD 20140704
TrendMicro-HouseCall TSPY_ZBOT.VBD 20140704
VBA32 TrojanSpy.Zbot 20140702
VIPRE Trojan.Win32.Zbot.f (v) 20140704
Zillya Trojan.Sharik.Win32.139 20140703
Zoner Trojan.Fareit.A 20140703
nProtect Trojan.GenericKD.1322673 20140703
AegisLab 20140704
Agnitum 20140703
ByteHero 20140704
CMC 20140702
ClamAV 20140704
SUPERAntiSpyware 20140704
TheHacker 20140703
ViRobot 20140704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-05 05:24:16
Link date 6:24 AM 10/5/2013
Entry Point 0x00002466
Number of sections 4
PE sections
PE imports
SetBkColor
UpdateColors
CreateFontA
Rectangle
SetStdHandle
GetLastError
GlobalMemoryStatus
GetModuleFileNameA
GetStringTypeA
GetModuleFileNameW
CreateFileW
GetModuleHandleW
GetEnvironmentVariableW
GetStartupInfoW
GetThreadTimes
GetSystemDirectoryA
GetProcAddress
GetSystemInfo
Ord(3820)
Ord(4525)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(4298)
Ord(5298)
Ord(4880)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(2486)
Ord(5237)
Ord(665)
Ord(2619)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(4435)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5208)
Ord(5727)
Ord(4362)
Ord(3744)
Ord(1822)
Ord(4420)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(2392)
Ord(4852)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(6195)
Ord(4381)
Ord(4932)
Ord(1165)
Ord(617)
Ord(5813)
Ord(4234)
Ord(825)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(4934)
Ord(2874)
Ord(1716)
Ord(4335)
Ord(5273)
Ord(4073)
Ord(1767)
Ord(4891)
Ord(4480)
Ord(4229)
Ord(344)
Ord(823)
Ord(6048)
Ord(4269)
Ord(4537)
Ord(4958)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(1569)
Ord(5468)
Ord(6617)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(3592)
Ord(4609)
Ord(554)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(5247)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4072)
Ord(657)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(5055)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(4692)
Ord(4847)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(324)
Ord(2391)
Ord(5296)
Ord(4158)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5239)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(3313)
Ord(5097)
Ord(520)
Ord(3733)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2717)
Ord(4583)
Ord(6051)
Ord(561)
Ord(3054)
Ord(975)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(5059)
Ord(6211)
Ord(2618)
Ord(4103)
Ord(529)
Ord(4370)
Ord(800)
Ord(296)
Ord(5649)
Ord(4418)
Ord(4885)
Ord(5286)
Ord(4690)
Ord(4580)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
AppendMenuA
UpdateWindow
EnableWindow
SystemParametersInfoW
GetDlgItem
FlashWindow
SetActiveWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 3
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 18
NEUTRAL 2
ENGLISH US 1
CHINESE SIMPLIFIED 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:05 06:24:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

FileAccessDate
2014:07:04 07:53:25+01:00

EntryPoint
0x2466

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:07:04 07:53:25+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8a9abe065d473da9527fdf08fb55cb9e
SHA1 46985e1b4690c502d0869ecc4ebca74641e645a8
SHA256 6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
ssdeep
1536:SYEJ/X5kPIPzk2kfP/icEiwjArm6lq5Vil7I+n/h3JgMiJeZqG:QFGPIPzMicEiwjArm6lkQFn/FFiJeZX

imphash fcb91aa3fb42b3c477451ddadb145ab1
File size 74.2 KB ( 75989 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-07 09:40:19 UTC ( 1 year, 7 months ago )
Last submission 2014-02-01 14:45:12 UTC ( 1 year, 3 months ago )
File names P7469984985.Print.pdf.exe
8a9abe065d473da9527fdf08fb55cb9e.exe
t-mobile.jpg.exe
46985e1b4690c502d0869ecc4ebca74641e645a8-8a9abe065d473da9527fdf08fb55cb9e.01.exe5122.vir
c-369a3-310-1381138802
0947658985_Pic587690_jpg_exe
vti-rescan
Wire Payment Details.pdf.exe
6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
8a9abe065d473da9527fdf08fb55cb9e
0947658985_Pic587690.jpg.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!