× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
File name: 46985e1b4690c502d0869ecc4ebca74641e645a8-8a9abe065d473da9527fdf08...
Detection ratio: 43 / 53
Analysis date: 2015-10-27 02:42:16 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
ALYac Trojan.Agent.BANV 20151027
AVG Generic35.EFO 20151026
AVware Trojan.Win32.Zbot.f (v) 20151027
AhnLab-V3 Trojan/Win32.Zbot 20151027
Antiy-AVL Trojan[PSW]/Win32.Fareit 20151027
Arcabit Trojan.Agent.BANV 20151027
Avast Win32:Fareit-ML [Trj] 20151027
Baidu-International Trojan.Win32.Zurgop.BI 20151026
BitDefender Trojan.Agent.BANV 20151027
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151027
Comodo TrojWare.Win32.Injector.ANZG 20151027
Cyren W32/Trojan.CVHW-7492 20151027
DrWeb Trojan.DownLoader9.22851 20151027
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20151027
Emsisoft Trojan.Agent.BANV (B) 20151027
F-Prot W32/Trojan3.GDP 20151027
F-Secure Trojan.Agent.BANV 20151027
Fortinet W32/Sharik.QEY!tr 20151026
GData Trojan.Agent.BANV 20151027
Ikarus Trojan-Spy.Zbot 20151027
Jiangmin Trojan/Sharik.hq 20151026
K7AntiVirus Riskware ( 0040eff71 ) 20151026
K7GW Riskware ( 0040eff71 ) 20151027
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes Trojan.Zbot.FAI 20151026
McAfee PWSZbot-FHW!8A9ABE065D47 20151027
McAfee-GW-Edition BehavesLike.Win32.Downloader.lh 20151027
MicroWorld-eScan Trojan.Agent.BANV 20151027
Microsoft Trojan:Win32/Bagsu!rfn 20151027
NANO-Antivirus Trojan.Win32.Agent.cqzzzh 20151027
Panda Trj/Dtcontx.H 20151026
Rising PE:Malware.Obscure!1.9C59 [F] 20151026
Sophos Troj/Agent-AECY 20151027
Symantec Trojan.Zbot!gen58 20151026
Tencent Trojan.Win32.Qudamah.Gen.24 20151027
TotalDefense Win32/CInject.VU 20151026
TrendMicro TSPY_ZBOT.VBD 20151027
TrendMicro-HouseCall TSPY_ZBOT.VBD 20151027
VBA32 TrojanSpy.Zbot 20151026
VIPRE Trojan.Win32.Zbot.f (v) 20151027
Zillya Trojan.Sharik.Win32.139 20151026
Zoner Trojan.Fareit.A 20151027
nProtect Trojan.Agent.BANV 20151026
AegisLab 20151026
Agnitum 20151026
Alibaba 20151027
Bkav 20151026
ByteHero 20151027
CMC 20151026
ClamAV 20151027
SUPERAntiSpyware 20151027
TheHacker 20151026
ViRobot 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-05 05:24:16
Link date 6:24 AM 10/5/2013
Entry Point 0x00002466
Number of sections 4
PE sections
Overlays
MD5 cb8833303d9d377d25f1800d9e9b21a1
File type data
Offset 40960
Size 35029
Entropy 7.93
PE imports
SetBkColor
UpdateColors
CreateFontA
Rectangle
SetStdHandle
GetLastError
GlobalMemoryStatus
GetModuleFileNameA
GetStringTypeA
GetModuleFileNameW
CreateFileW
GetModuleHandleW
GetEnvironmentVariableW
GetStartupInfoW
GetThreadTimes
GetSystemDirectoryA
GetProcAddress
GetSystemInfo
Ord(3820)
Ord(4525)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(4298)
Ord(5298)
Ord(4880)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(2486)
Ord(5237)
Ord(665)
Ord(2619)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(4435)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5208)
Ord(5727)
Ord(4362)
Ord(3744)
Ord(1822)
Ord(4420)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(2392)
Ord(4852)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(6195)
Ord(4381)
Ord(4932)
Ord(1165)
Ord(617)
Ord(5813)
Ord(4234)
Ord(825)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(4934)
Ord(2874)
Ord(1716)
Ord(4335)
Ord(5273)
Ord(4073)
Ord(1767)
Ord(4891)
Ord(4480)
Ord(4229)
Ord(344)
Ord(823)
Ord(6048)
Ord(4269)
Ord(4537)
Ord(4958)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(1569)
Ord(5468)
Ord(6617)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(3592)
Ord(4609)
Ord(554)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(5247)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4072)
Ord(657)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(5055)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(4692)
Ord(4847)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(324)
Ord(2391)
Ord(5296)
Ord(4158)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5239)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(3313)
Ord(5097)
Ord(520)
Ord(3733)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2717)
Ord(4583)
Ord(6051)
Ord(561)
Ord(3054)
Ord(975)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(5059)
Ord(6211)
Ord(2618)
Ord(4103)
Ord(529)
Ord(4370)
Ord(800)
Ord(296)
Ord(5649)
Ord(4418)
Ord(4885)
Ord(5286)
Ord(4690)
Ord(4580)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
AppendMenuA
UpdateWindow
EnableWindow
SystemParametersInfoW
GetDlgItem
FlashWindow
SetActiveWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 3
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 18
NEUTRAL 2
ENGLISH US 1
CHINESE SIMPLIFIED 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:05 06:24:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x2466

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8a9abe065d473da9527fdf08fb55cb9e
SHA1 46985e1b4690c502d0869ecc4ebca74641e645a8
SHA256 6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
ssdeep
1536:SYEJ/X5kPIPzk2kfP/icEiwjArm6lq5Vil7I+n/h3JgMiJeZqG:QFGPIPzMicEiwjArm6lkQFn/FFiJeZX

authentihash d29e0a6919131455260133e4a2df18674cbeea47678c18db4b0f828903b17500
imphash fcb91aa3fb42b3c477451ddadb145ab1
File size 74.2 KB ( 75989 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-10-07 09:40:19 UTC ( 2 years, 4 months ago )
Last submission 2014-02-01 14:45:12 UTC ( 2 years ago )
File names P7469984985.Print.pdf.exe
8a9abe065d473da9527fdf08fb55cb9e.exe
t-mobile.jpg.exe
46985e1b4690c502d0869ecc4ebca74641e645a8-8a9abe065d473da9527fdf08fb55cb9e.01.exe5122.vir
c-369a3-310-1381138802
0947658985_Pic587690_jpg_exe
vti-rescan
Wire Payment Details.pdf.exe
6769e4686aa701956d90a5e850d1f795a2db5c71f6a94c410d40b6596aee09ad
8a9abe065d473da9527fdf08fb55cb9e
0947658985_Pic587690.jpg.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!