× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69464d9db06f3f61aafa44f20e62ef834ebc09224b25522cbd2291c609ad6410
File name: fe26629addc6bee08cbc532b5065ed0c
Detection ratio: 31 / 54
Analysis date: 2014-10-26 16:07:13 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1933169 20141026
Yandex TrojanSpy.Zbot!OjrtsXRk/AY 20141025
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141026
Avast Win32:Malware-gen 20141026
AVG Zbot.QKX 20141026
Avira (no cloud) TR/Zbot.A.1263 20141026
AVware Trojan.Win32.Generic.pak!cobra 20141026
Baidu-International Trojan.Win32.Zbot.Ag 20141026
BitDefender Trojan.GenericKD.1933169 20141026
Cyren W32/Trojan.XFVU-1155 20141026
Emsisoft Trojan.GenericKD.1933169 (B) 20141026
ESET-NOD32 Win32/Spy.Zbot.ACB 20141026
F-Secure Trojan.GenericKD.1933169 20141026
Fortinet W32/Zbot.ACB!tr.spy 20141026
GData Trojan.GenericKD.1933169 20141026
Ikarus Trojan-Spy.Zbot 20141026
K7AntiVirus Spyware ( 004a08e61 ) 20141025
K7GW Spyware ( 004a08e61 ) 20141025
Kaspersky Trojan-Spy.Win32.Zbot.ukpd 20141026
Malwarebytes Trojan.Zbot 20141026
McAfee RDN/Generic PWS.y!bbn 20141026
McAfee-GW-Edition BehavesLike.Win32.Downloader.fc 20141026
eScan Trojan.GenericKD.1933169 20141025
NANO-Antivirus Trojan.Win32.Zbot.dgwnyg 20141026
Norman ZBot.WPLY 20141026
nProtect Trojan.GenericKD.1933169 20141026
Qihoo-360 Win32/Trojan.BO.814 20141026
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141026
Sophos AV Mal/Generic-S 20141026
TrendMicro-HouseCall TROJ_GEN.R02KH07JK14 20141026
VIPRE Trojan.Win32.Generic.pak!cobra 20141026
AegisLab 20141026
AhnLab-V3 20141026
Bkav 20141024
ByteHero 20141026
CAT-QuickHeal 20141025
ClamAV 20141026
CMC 20141026
Comodo 20141026
DrWeb 20141026
F-Prot 20141026
Jiangmin 20141025
Kingsoft 20141026
Microsoft 20141026
SUPERAntiSpyware 20141025
Symantec 20141026
Tencent 20141026
TheHacker 20141022
TotalDefense 20141026
TrendMicro 20141026
VBA32 20141023
ViRobot 20141026
Zillya 20141025
Zoner 20141024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 FlashPeak Inc. All rights reserved.

Publisher FlashPeak Inc.
Product Slimjet
Original name chrome.exe
Internal name chrome_exe
File version 1.2.5.0
Description Slimjet
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-18 09:15:48
Entry Point 0x00007E28
Number of sections 4
PE sections
PE imports
LsaQueryInformationPolicy
LsaFreeMemory
RegCloseKey
LsaNtStatusToWinError
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
ConvertSidToStringSidA
GetOpenFileNameW
CommDlgExtendedError
CreateICA
SetMapMode
PatBlt
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
GetObjectA
DeleteDC
GetMapMode
DeleteObject
BitBlt
SetTextColor
GetTextExtentPointW
GetTextExtentPoint32W
SelectPalette
GdiFlush
CreateCompatibleDC
StretchDIBits
SelectObject
CreateSolidBrush
DPtoLP
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileA
InterlockedIncrement
FindNextFileA
IsValidLocale
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
FindResourceA
NetLocalGroupEnum
NetUserEnum
NetApiBufferFree
OleCreateFontIndirect
RegisterActiveObject
DragAcceptFiles
DragFinish
DragQueryFileA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
GetParent
UpdateWindow
EndDialog
LoadMenuA
OffsetRect
SetMenuItemInfoA
IsMenu
DestroyMenu
PostQuitMessage
DefMDIChildProcA
ShowWindow
DrawStateW
DrawFrameControl
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
RedrawWindow
IsWindow
TranslateMDISysAccel
DispatchMessageA
EndPaint
GetWindowLongA
PostMessageA
SetRectEmpty
EnumChildWindows
GetDlgItemTextA
WindowFromPoint
GetClassNameA
SetWindowLongA
TranslateMessage
GetWindow
GetSysColor
GetDlgItemInt
GetMenuItemID
ChangeClipboardChain
GetCursorPos
SystemParametersInfoA
BeginPaint
SetWindowTextA
CheckMenuItem
GetMenu
wsprintfA
SendMessageA
GetClientRect
GetDCEx
GetDlgItem
DrawMenuBar
CreateIconIndirect
ClientToScreen
InvalidateRect
GetSubMenu
IsClipboardFormatAvailable
CreateWindowExA
OemToCharA
AttachThreadInput
GetDesktopWindow
GetCursor
GetFocus
GetDC
ReleaseDC
DefFrameProcA
htons
connect
shutdown
GdipGraphicsClear
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipFree
GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 4
RT_DIALOG 1
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
80384

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 FlashPeak Inc. All rights reserved.

FileVersion
1.2.5.0

TimeStamp
2014:10:18 10:15:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chrome_exe

FileAccessDate
2014:10:26 17:07:32+01:00

ProductVersion
1.2.5.0

FileDescription
Slimjet

OSVersion
5.1

FileCreateDate
2014:10:26 17:07:32+01:00

OriginalFilename
chrome.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FlashPeak Inc.

CodeSize
235008

ProductName
Slimjet

ProductVersionNumber
1.2.5.0

EntryPoint
0x7e28

ObjectFileType
Executable application

File identification
MD5 fe26629addc6bee08cbc532b5065ed0c
SHA1 664784dc3eb11d00a9f1d164537294591abdfbe2
SHA256 69464d9db06f3f61aafa44f20e62ef834ebc09224b25522cbd2291c609ad6410
ssdeep
6144:mEbyVDRldwMz1NgFyTYtOshtk0T7HWIF0/:wVDRTwMpmFyTYtOMkqu

authentihash b4e5c28846a3340e283673bb634a93a2a56f0e7929a6387cf2fbfca6ab115432
imphash 26aa2544bc94a2824159aa0c47c1a0d7
File size 309.0 KB ( 316416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-19 16:01:59 UTC ( 4 years, 5 months ago )
Last submission 2014-10-19 16:01:59 UTC ( 4 years, 5 months ago )
File names 69464d9db06f3f61aafa44f20e62ef834ebc09224b25522cbd2291c609ad6410.exe
fe26629addc6bee08cbc532b5065ed0c
chrome_exe
chrome.exe
69464d9db06f3f61aafa44f20e62ef834ebc09224b25522cbd2291c609ad6410.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.