× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67e537afbd21945e256280adf632aa9bee5ab926b082c9858be86692a115b8ba
File name: a
Detection ratio: 48 / 57
Analysis date: 2016-05-21 02:21:48 UTC ( 1 week, 2 days ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.36225 20160521
AVG Win32/VBCrypt 20160521
AVware Trojan.Win32.Generic.pak!cobra 20160520
Ad-Aware Gen:Variant.Zusy.36225 20160521
AegisLab Troj.W32.Gen.lpS8 20160520
AhnLab-V3 Win-Trojan/Zbot.291840.B 20160520
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160521
Arcabit Trojan.Zusy.D8D81 20160521
Avira (no cloud) TR/Beebone.2914587 20160521
Baidu Win32.Trojan.WisdomEyes.151026.9950.9991 20160520
Baidu-International Trojan.Win32.Zbot.AAO 20160520
BitDefender Gen:Variant.Zusy.36225 20160521
CAT-QuickHeal VirTool.VBInject 20160518
ClamAV Win.Trojan.Zbot-42740 20160520
Comodo TrojWare.Win32.Zbot.A 20160521
Cyren W32/VBcrypt.AP.gen!Eldorado 20160521
DrWeb Trojan.PWS.Panda.3035 20160521
ESET-NOD32 Win32/Spy.Zbot.AAO 20160520
Emsisoft Gen:Variant.Zusy.36225 (B) 20160521
F-Prot W32/VBcrypt.AP.gen!Eldorado 20160521
F-Secure Gen:Variant.Zusy.36225 20160520
Fortinet W32/Zbot.AAO!tr 20160521
GData Gen:Variant.Zusy.36225 20160521
Ikarus Trojan-Spy.Win32.Zbot 20160520
Jiangmin TrojanSpy.Zbot.cveu 20160521
K7AntiVirus Spyware ( 0042e1f21 ) 20160520
K7GW Spyware ( 0042e1f21 ) 20160521
Kaspersky HEUR:Trojan.Win32.Generic 20160520
Malwarebytes Trojan.Agent.SZ 20160521
McAfee PWS-Zbot.gen.oj 20160521
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20160520
eScan Gen:Variant.Zusy.36225 20160521
Microsoft PWS:Win32/Zbot 20160520
NANO-Antivirus Trojan.Win32.Zbot.biajlq 20160521
Panda Trj/Genetic.gen 20160520
Qihoo-360 HEUR/Malware.QVM03.Gen 20160521
Rising Trjoan.Generic-mvVXoSa51mO (Cloud) 20160521
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20160521
Sophos Troj/Zbot-DYC 20160521
Symantec Trojan.Zbot 20160521
Tencent Win32.Trojan.Generic.Ectn 20160521
TrendMicro TSPY_ZBOT.DTS 20160521
TrendMicro-HouseCall TSPY_ZBOT.DTS 20160521
VBA32 TrojanSpy.Zbot 20160520
VIPRE Trojan.Win32.Generic.pak!cobra 20160521
Yandex TrojanSpy.Zbot!IOIt6TUvWGw 20160520
Zillya Trojan.Zbot.Win32.105798 20160520
nProtect Trojan-Spy/W32.ZBot.291840.AA 20160520
Alibaba 20160520
Avast 20160521
Bkav 20160520
CMC 20160520
Kingsoft 20160521
TheHacker 20160520
TotalDefense 20160521
ViRobot 20160520
Zoner 20160521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Can anyone test

Product Unread 0
Original name a.exe
Internal name a
File version 1.01.0443
Comments I m in computer class now
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-13 16:22:29
Entry Point 0x000012F8
Number of sections 3
PE sections
Overlays
MD5 8afdfa0c05c8db74b9ce3d4ad8bf3f08
File type data
Offset 290816
Size 1024
Entropy 7.80
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaCyI2
_CIcos
EVENT_SINK_QueryInterface
__vbaI4Cy
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaAryMove
_adj_fpatan
EVENT_SINK_AddRef
__vbaRefVarAry
Ord(629)
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaStrToUnicode
_adj_fdivr_m16i
__vbaUbound
EVENT_SINK_Release
_adj_fdiv_r
Ord(100)
_CItan
__vbaFreeVar
__vbaI2Str
__vbaObjSetAddref
__vbaFixstrConstruct
__vbaAryConstruct2
__vbaInStr
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_allmul
__vbaAryLock
__vbaLsetFixstr
Ord(713)
_adj_fptan
__vbaVarDup
__vbaAryUnlock
__vbaVar2Vec
_CIatan
__vbaNew2
__vbaVarCat
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_BITMAP 1
RT_GROUP_ICON 1
JK 1
Number of PE resources by language
NEUTRAL 7
CHINESE TRADITIONAL 1
ExifTool file metadata
UninitializedDataSize
0

Comments
I m in computer class now

InitializedDataSize
262144

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.443

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x12f8

OriginalFileName
a.exe

MIMEType
application/octet-stream

LegalCopyright
Can anyone test

FileVersion
1.01.0443

TimeStamp
2013:02:13 17:22:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
a

ProductVersion
1.01.0443

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
you have a pm

CodeSize
28672

ProductName
Unread 0

ProductVersionNumber
1.1.0.443

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f66358bf351e6038b9a75b2f0f01860d
SHA1 a6f07f47addff4167ad66f79888261a9b21e5150
SHA256 67e537afbd21945e256280adf632aa9bee5ab926b082c9858be86692a115b8ba
ssdeep
6144:eLyjZTQtGx14Tl/+omoYox53/Hn8BDxkqw:Vp2TlGJoBxNvnj

authentihash 9f563acf5065183408461b268510b79c18f88d3df2f7ce1d756ba0d51221cc43
imphash e1fd7fde4a9d8ca25cdd35f120112543
File size 285.0 KB ( 291840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-02-18 14:31:13 UTC ( 3 years, 3 months ago )
Last submission 2016-05-21 02:21:48 UTC ( 1 week, 2 days ago )
File names a
virus.scr
test.scr
f66358bf351e6038b9a75b2f0f01860d
bomba_atomica_sinistra.exe
file-5163040_
a.exe
pdf_delta_ticket.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications