× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a330086942b7cf7bd291ff50fb7d5cff3f288604ec7efe07e613b629627a9dc
File name: 072d2e71ae1f2d21567b3cca613bc42812fd7d36
Detection ratio: 19 / 56
Analysis date: 2014-12-27 00:44:40 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Bot.80153 20141227
Avast Win32:Malware-gen 20141227
AVG PSW.Generic12.BCTW 20141226
Avira (no cloud) TR/Zbot.A.1544 20141226
BitDefender Backdoor.Bot.80153 20141227
Bkav HW32.Packed.6DA5 20141226
CMC Trojan.Win32.Swizzor.3!O 20141218
Emsisoft Backdoor.Bot.80153 (B) 20141227
ESET-NOD32 Win32/Spy.Zbot.ACB 20141226
F-Secure Backdoor.Bot.80153 20141227
GData Win32.Trojan.Agent.SREQDJ 20141226
Kaspersky Trojan-Spy.Win32.Zbot.utsq 20141226
Malwarebytes Trojan.Agent.ED 20141227
McAfee Artemis!B899D9704361 20141227
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20141227
Microsoft PWS:Win32/Zbot.gen!VM 20141226
eScan Backdoor.Bot.80153 20141227
Panda Trj/CI.A 20141226
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141225
AegisLab 20141227
Yandex 20141225
AhnLab-V3 20141226
ALYac 20141227
Antiy-AVL 20141227
AVware 20141227
Baidu-International 20141226
ByteHero 20141227
CAT-QuickHeal 20141226
ClamAV 20141227
Comodo 20141226
Cyren 20141227
DrWeb 20141227
F-Prot 20141226
Fortinet 20141226
Ikarus 20141226
Jiangmin 20141226
K7AntiVirus 20141226
K7GW 20141226
Kingsoft 20141227
NANO-Antivirus 20141226
Norman 20141226
nProtect 20141226
Qihoo-360 20141227
Sophos AV 20141226
SUPERAntiSpyware 20141226
Symantec 20141227
Tencent 20141227
TheHacker 20141227
TotalDefense 20141226
TrendMicro 20141226
TrendMicro-HouseCall 20141227
VBA32 20141226
VIPRE 20141226
ViRobot 20141226
Zillya 20141226
Zoner 20141226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2013, Thycotic Software Sprea

Product Quiet To
Internal name Quiet To
File version 2.7.8564.9246
Description Quiet To
Comments led Sayexcept Catch appledone choosecotton
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-24 18:12:03
Entry Point 0x000023A0
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
IsDebuggerPresent
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
GetFileTime
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
FreeLibrary
MoveFileExA
CreateProcessA
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
OleLoadPicture
OleIconToCursor
ScriptPlace
ScriptStringGetOrder
ScriptStringOut
ScriptString_pSize
ScriptCacheGetHeight
ScriptJustify
ScriptItemize
ScriptGetProperties
ScriptGetCMap
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptFreeCache
ScriptLayout
ScriptGetGlyphABCWidth
ScriptGetFontProperties
ScriptCPtoX
ScriptGetLogicalWidths
ScriptString_pcOutChars
ScriptString_pLogAttr
ScriptStringFree
ScriptXtoCP
ScriptStringValidate
ScriptStringXtoCP
ScriptBreak
ScriptIsComplex
ScriptTextOut
ScriptRecordDigitSubstitution
ScriptStringGetLogicalWidths
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Quiet To stillplanet

SubsystemVersion
4.0

Comments
led Sayexcept Catch appledone choosecotton

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.7.8564.9246

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Quiet To

CharacterSet
Unicode

InitializedDataSize
1195520

EntryPoint
0x23a0

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013, Thycotic Software Sprea

FileVersion
2.7.8564.9246

TimeStamp
2014:12:24 19:12:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Quiet To

ProductVersion
2.7.8564.9246

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Thycotic Software

CodeSize
173568

ProductName
Quiet To

ProductVersionNumber
2.7.8564.9246

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b899d97043612cb9f94032395cca7676
SHA1 072d2e71ae1f2d21567b3cca613bc42812fd7d36
SHA256 6a330086942b7cf7bd291ff50fb7d5cff3f288604ec7efe07e613b629627a9dc
ssdeep
6144:TKiTIm7FUFG7lZ4vImT3n1f+dFFNXdELof0g:TbTI6EMlZ4LWfF8

authentihash 965fbb6fa79b835fa09ccdd332ab849cf723afc16d45d9d76026ff6d81aa7fb1
imphash 029bf8fe36d7136e2a3d6a4eb5904e43
File size 237.0 KB ( 242688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-27 00:44:40 UTC ( 4 years, 2 months ago )
Last submission 2014-12-27 00:44:40 UTC ( 4 years, 2 months ago )
File names Quiet To
072d2e71ae1f2d21567b3cca613bc42812fd7d36
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs