× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69c1aaa381e149d73bb74192a32654340b5814a0fef3676fee77b22067e4fa48
File name: vt-upload-OEtjg
Detection ratio: 27 / 55
Analysis date: 2014-09-25 06:06:21 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.108044 20140925
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140925
Avast Win32:Malware-gen 20140925
AVG Zbot.OGG 20140924
Avira (no cloud) TR/Crypt.ZPACK.95474 20140925
BitDefender Gen:Variant.Zusy.108044 20140925
Comodo UnclassifiedMalware 20140925
DrWeb Trojan.Siggen6.23712 20140925
Emsisoft Gen:Variant.Zusy.108044 (B) 20140925
ESET-NOD32 Win32/Spy.Zbot.ACB 20140925
F-Secure Gen:Variant.Zusy.108044 20140925
Fortinet W32/Zbot.ACB!tr 20140925
GData Gen:Variant.Zusy.108044 20140925
Kaspersky Trojan-Spy.Win32.Zbot.ufmu 20140925
Kingsoft Win32.Troj.Zbot.UF.(kcloud) 20140925
Malwarebytes Backdoor.SolarBot 20140925
McAfee RDN/Generic PWS.y!bbd 20140925
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20140924
Microsoft PWS:Win32/Zbot 20140925
eScan Gen:Variant.Zusy.108044 20140925
NANO-Antivirus Trojan.Win32.Zbot.dfllia 20140925
Panda Trj/Chgt.G 20140924
Qihoo-360 Win32/Trojan.e0d 20140925
Sophos AV Mal/Generic-S 20140925
Symantec WS.Reputation.1 20140925
Tencent Win32.Trojan-spy.Zbot.Ahoi 20140925
TrendMicro-HouseCall TROJ_GEN.R011H07IN14 20140925
AegisLab 20140925
Yandex 20140924
AhnLab-V3 20140924
AVware 20140925
Baidu-International 20140924
Bkav 20140923
ByteHero 20140925
CAT-QuickHeal 20140925
ClamAV 20140925
CMC 20140924
Cyren 20140925
F-Prot 20140925
Ikarus 20140924
Jiangmin 20140924
K7AntiVirus 20140924
K7GW 20140924
Norman 20140925
nProtect 20140924
Rising 20140924
SUPERAntiSpyware 20140925
TheHacker 20140924
TotalDefense 20140924
TrendMicro 20140925
VBA32 20140924
VIPRE 20140925
ViRobot 20140925
Zillya 20140925
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995-2014

Publisher Free Software Foundation
Product Command Bar Express
Original name cmdbar.exe
Internal name barexp
File version 1.0.0.18
Description Command Bar Express
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-22 14:56:50
Entry Point 0x00004FB1
Number of sections 5
PE sections
PE imports
CreateToolbarEx
ImageList_Create
InitCommonControlsEx
ImageList_LoadImageA
ImageList_Add
GetOpenFileNameA
GetDeviceCaps
LineTo
SetROP2
SelectObject
MoveToEx
CreatePen
CreateSolidBrush
TextOutA
EnumFontFamiliesA
ChoosePixelFormat
SetBkColor
GetCharWidth32A
DeleteObject
CreateFontW
SetTextColor
GetTextExtentPointW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObject
RtlUnwind
lstrlenW
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetCurrentDirectoryA
GetConsoleMode
DecodePointer
GetCurrentProcessId
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
lstrcpyA
CreateFileW
CreateEventA
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
InterlockedIncrement
ExitProcess
SetLastError
LeaveCriticalSection
Ord(24)
Ord(75)
Ord(39)
Ord(31)
Ord(7)
Ord(9)
RegisterActiveObject
GetModuleBaseNameA
SHGetSpecialFolderLocation
SHGetMalloc
SetFocus
GetMessageA
GetParent
EnableWindow
UpdateWindow
EndDialog
BeginPaint
HideCaret
TrackMouseEvent
ClipCursor
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
TranslateMessage
IsWindowEnabled
GetSysColor
SetActiveWindow
GetDC
GetKeyState
GetCursorPos
ReleaseDC
CreatePopupMenu
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
IsIconic
ScreenToClient
SetRect
GetMenuItemCount
GetWindowLongA
CreateMenu
LoadCursorA
LoadIconA
FillRect
CallWindowProcA
CreateWindowExW
GetMenuItemInfoA
InsertMenuItemW
RegisterClassExA
closesocket
WTSQuerySessionInformationA
WTSFreeMemory
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
168448

ImageVersion
0.0

ProductName
Command Bar Express

FileVersionNumber
1.0.0.18

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Command Bar Express

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
cmdbar.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.18

TimeStamp
2014:09:22 15:56:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
barexp

FileAccessDate
2014:12:04 13:13:58+01:00

ProductVersion
1.0.0.18

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:12:04 13:13:58+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1995-2014

MachineType
Intel 386 or later, and compatibles

CompanyName
Free Software Foundation

CodeSize
77824

FileSubtype
0

ProductVersionNumber
1.0.0.18

EntryPoint
0x4fb1

ObjectFileType
Executable application

File identification
MD5 75809e4982357f614d8bef2c6b3e33b6
SHA1 8b0030bea25b1ad91947d73a3544dddf670610ca
SHA256 69c1aaa381e149d73bb74192a32654340b5814a0fef3676fee77b22067e4fa48
ssdeep
6144:PqWdtRDF4BfQ+VJWX9swZchZAktOc72tQmJ:P3dtRDFgQ+OBOL1tOS2am

authentihash 6192e2aacc1f9a3242ecdacb6b1134b001dbc9fe317a3e066584198bba62e02c
imphash e46610f97bafaebcbbf97323b374c855
File size 241.5 KB ( 247296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-25 06:06:21 UTC ( 4 years, 5 months ago )
Last submission 2014-09-25 06:06:21 UTC ( 4 years, 5 months ago )
File names 69c1aaa381e149d73bb74192a32654340b5814a0fef3676fee77b22067e4fa48.exe
cmdbar.exe
vt-upload-OEtjg
barexp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications