× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69bd7442b715a65574bae846274e3933d2e1075033b560233f4856b752807ff4
File name: 2bea3e578c0e4df9e5f07439c8a67757
Detection ratio: 23 / 46
Analysis date: 2014-04-08 16:35:29 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.88584 20140408
Yandex TrojanSpy.Zbot!Ak0b+vs9hm4 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140408
Avast Win32:Dropper-gen [Drp] 20140408
AVG Zbot.GUM 20140408
Baidu-International Trojan.Win32.Zbot.AAO 20140408
BitDefender Gen:Variant.Zusy.88584 20140408
CAT-QuickHeal NSIS.TrojanPWS.Zbot 20140408
CMC Packed.Win32.Fareit.3!O 20140408
DrWeb Trojan.PWS.Panda.2401 20140408
ESET-NOD32 Win32/Spy.Zbot.AAO 20140408
Fortinet W32/Zbot.AAO!tr 20140408
GData Gen:Variant.Zusy.88584 20140408
Ikarus Virus.Win32.Zbot 20140408
Kaspersky Trojan-Spy.Win32.Zbot.rzfw 20140408
Malwarebytes Spyware.Zbot.VXGen 20140408
McAfee Artemis!2BEA3E578C0E 20140408
McAfee-GW-Edition Artemis!2BEA3E578C0E 20140408
Microsoft PWS:Win32/Zbot 20140408
eScan Gen:Variant.Zusy.88584 20140408
TrendMicro TROJ_GEN.R0CBC0DD814 20140408
TrendMicro-HouseCall TROJ_GEN.R0CBC0DD814 20140408
VIPRE Trojan.Win32.Generic!BT 20140408
AegisLab 20140408
AhnLab-V3 20140408
AntiVir 20140408
ByteHero 20140408
ClamAV 20140408
Commtouch 20140408
Comodo 20140408
Emsisoft 20140408
F-Prot 20140408
F-Secure 20140408
Jiangmin 20140408
K7AntiVirus 20140408
K7GW 20140408
Kingsoft 20130829
NANO-Antivirus 20140408
Norman 20140408
nProtect 20140408
Panda 20140408
Qihoo-360 20140408
Rising 20140408
Sophos AV 20140408
SUPERAntiSpyware 20140408
Symantec 20140408
TheHacker 20140408
TotalDefense 20140408
VBA32 20140408
ViRobot 20140408
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 VersaSoft Dev

Publisher VersaSoft Dev
Product SD? Verification Tool
Original name sdcvertool
Internal name sdc verifier tool
File version 2.3.0.2
Description SD? Verification Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-19 12:50:24
Entry Point 0x00005434
Number of sections 7
PE sections
PE imports
RegEnumKeyExA
InitCommonControlsEx
InitMUILanguage
ImageList_Draw
ImageList_Create
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Add
FindTextW
GetObjectA
DeleteDC
SetBkMode
GetStockObject
SetWindowExtEx
SelectObject
CreateCompatibleDC
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
LeaveCriticalSection
SysAllocString
wglDeleteContext
wglMakeCurrent
ExtractIconExA
StrStrA
DrawEdge
UpdateWindow
EndDialog
LoadBitmapW
ShowWindow
IsWindow
EndPaint
SetMenu
MoveWindow
DialogBoxParamA
GetDC
MapDialogRect
SendMessageW
LoadStringA
SetParent
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
EnableMenuItem
InvalidateRect
LoadCursorA
LoadIconA
DrawTextA
CreateWindowExW
ReleaseDC
DestroyWindow
DialogBoxIndirectParamA
PtInRect
VerQueryValueW
WSAStartup
htons
htonl
socket
WSACleanup
GdiplusShutdown
GdiplusStartup
Number of PE resources by type
RT_STRING 3
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
178176

ImageVersion
0.0

ProductName
SD Verification Tool

FileVersionNumber
2.3.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SD Verification Tool

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
sdcvertool

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.3.0.2

TimeStamp
2014:03:19 13:50:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sdc verifier tool

FileAccessDate
2014:04:08 17:33:08+01:00

ProductVersion
2.3.0.2

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:04:08 17:33:08+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013 VersaSoft Dev

MachineType
Intel 386 or later, and compatibles

CompanyName
VersaSoft Dev

CodeSize
124416

FileSubtype
0

ProductVersionNumber
2.3.0.2

EntryPoint
0x5434

ObjectFileType
Executable application

File identification
MD5 2bea3e578c0e4df9e5f07439c8a67757
SHA1 1b4048a920f73859860defdebd50f22e4746f93f
SHA256 69bd7442b715a65574bae846274e3933d2e1075033b560233f4856b752807ff4
ssdeep
6144:YuRagVFpwiwY8b4pTemjdYXv8+TWeJUEaQhyPGoUsLNjNQdb7:lRagVXoN4wFJUAyPGdsLNj

imphash c0f3a87ccf1a3ce3cdc295b65a8c0e7a
File size 296.5 KB ( 303616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-08 16:35:29 UTC ( 4 years, 7 months ago )
Last submission 2014-04-08 16:35:29 UTC ( 4 years, 7 months ago )
File names 2bea3e578c0e4df9e5f07439c8a67757
sdc verifier tool
sdcvertool
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests