× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69fbf4321b8a37ad88351eee4824d91abe1d5a1bb2b8e5db7059384c1691cdb0
File name: 57c470cfaff4349a080580bd95d1b221
Detection ratio: 36 / 57
Analysis date: 2015-09-19 18:30:10 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Zbot.IQO 20150919
Yandex TrojanSpy.Zbot!L5VDDpb88fo 20150917
AhnLab-V3 Trojan/Win32.Miuref 20150919
ALYac Trojan.Zbot.IQO 20150919
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150919
Arcabit Trojan.Zbot.IQO 20150919
Avast Win32:Malware-gen 20150919
AVG Inject3.ELW 20150919
Avira (no cloud) TR/Crypt.Xpack.259377 20150919
AVware Trojan.Win32.Generic!BT 20150919
Baidu-International Trojan.Win32.Zbot.vyst 20150919
BitDefender Trojan.Zbot.IQO 20150919
Bkav HW32.Packed.C76A 20150919
CMC Trojan.Win32.Swizzor.1!O 20150916
DrWeb Trojan.PWS.Panda.8087 20150919
Emsisoft Trojan.Zbot.IQO (B) 20150919
ESET-NOD32 Win32/Spy.Zbot.ACB 20150919
F-Secure Trojan.Zbot.IQO 20150919
Fortinet W32/Zbot.ACB!tr 20150919
GData Trojan.Zbot.IQO 20150919
K7AntiVirus Spyware ( 004a08e61 ) 20150919
K7GW Spyware ( 004a08e61 ) 20150919
Kaspersky Trojan-Spy.Win32.Zbot.vyst 20150919
Malwarebytes Trojan.MalPack 20150919
McAfee GenericR-EMO!57C470CFAFF4 20150919
Microsoft PWS:Win32/Zbot!rfn 20150919
eScan Trojan.Zbot.IQO 20150919
NANO-Antivirus Trojan.Win32.Cryptodef.dwsphi 20150919
nProtect Trojan.Zbot.IQO 20150918
Panda Trj/Injector.AV 20150919
Sophos AV Mal/Zbot-UE 20150919
Symantec Suspicious.Cloud.7.L 20150918
Tencent Win32.Trojan.Crypt.Sxyi 20150919
TrendMicro TSPY_ZBOT.YUYAIF 20150919
TrendMicro-HouseCall TSPY_ZBOT.YUYAIF 20150919
VIPRE Trojan.Win32.Generic!BT 20150919
AegisLab 20150919
Alibaba 20150918
ByteHero 20150919
CAT-QuickHeal 20150919
ClamAV 20150918
Comodo 20150919
Cyren 20150919
F-Prot 20150919
Ikarus 20150919
Jiangmin 20150916
Kingsoft 20150919
McAfee-GW-Edition 20150919
Qihoo-360 20150919
Rising 20150918
SUPERAntiSpyware 20150919
TheHacker 20150916
TotalDefense 20150919
VBA32 20150918
ViRobot 20150919
Zillya 20150919
Zoner 20150919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2010

Publisher
Product BroadcastClient
Original name BroadcastClient.exe
Internal name BroadcastClient
File version 1, 0, 0, 1
Description BroadcastClient
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-07 11:52:54
Entry Point 0x0000192E
Number of sections 4
PE sections
Overlays
MD5 610daff5000cddfbc70657255ccaf91d
File type data
Offset 233472
Size 512
Entropy 7.61
PE imports
CreateFileA
GetModuleFileNameA
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(537)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2546)
Ord(641)
Ord(4155)
Ord(3917)
Ord(1165)
Ord(2388)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(6330)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(4692)
Ord(1196)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2047)
Ord(2504)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(523)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(5476)
Ord(4992)
Ord(4459)
Ord(791)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(5273)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(1131)
Ord(1244)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(861)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(4370)
Ord(860)
_except_handler3
__wgetmainargs
__CxxFrameHandler
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
_exit
__set_app_type
_initterm
_wcmdln
GetSystemMetrics
SetTimer
SendMessageW
EnableWindow
LoadIconW
DrawIcon
GetClientRect
GetSystemMenu
IsIconic
AppendMenuW
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
BroadcastClient

FileVersionNumber
1.0.0.1

LanguageCode
Finnish

FileFlagsMask
0x003f

FileDescription
BroadcastClient

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
BroadcastClient.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2015:09:07 11:52:54+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
BroadcastClient

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
(C) 2010

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x192e

ObjectFileType
Executable application

File identification
MD5 57c470cfaff4349a080580bd95d1b221
SHA1 6324d3684a23102a4a6e1720f5dd3c67ff6ccc27
SHA256 69fbf4321b8a37ad88351eee4824d91abe1d5a1bb2b8e5db7059384c1691cdb0
ssdeep
6144:UfOkqAw0IYtQBrGVoc9tvIQpbD4tvX7na5:oOxYmeoc9Rn4tvLn4

authentihash 219dd3b0613daf042ef9925167d052e9dd9c7e5ee5476db7cdd64c8fb044aa89
imphash ce1e36aca8b59df30cb87fbf77650991
File size 228.5 KB ( 233984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-19 18:30:10 UTC ( 3 years, 6 months ago )
Last submission 2015-09-19 18:30:10 UTC ( 3 years, 6 months ago )
File names BroadcastClient
BroadcastClient.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs