× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bf51d707011653bd70dcb029232d27d8cb630591431fb833707d4e8d1179d99
File name: vt-upload-htpfx
Detection ratio: 37 / 55
Analysis date: 2014-10-13 14:28:55 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Zbot.8735 20141013
AegisLab Troj.Spy.W32.Zbot 20141013
Yandex Trojan.Packed!2oWjhiv3Dls 20141012
AhnLab-V3 Trojan/Win32.ZBot 20141013
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141013
Avast Win32:Malware-gen 20141013
AVG PSW.Generic12.AVQM 20141013
Avira (no cloud) TR/Dropper.Gen 20141013
AVware Trojan.Win32.Generic!BT 20141013
BitDefender Trojan.Zbot.8735 20141013
Bkav HW32.Paked.7F25 20141011
CAT-QuickHeal TrojanPWS.Zbot.LB13 20141013
Cyren W32/Trojan.XBAA-8800 20141013
DrWeb Trojan.Packed.21635 20141013
Emsisoft Trojan.Zbot.8735 (B) 20141013
ESET-NOD32 Win32/Spy.Zbot.AAO 20141013
F-Secure Trojan.Zbot.8735 20141013
Fortinet W32/Zbot.AAO!tr 20141013
GData Trojan.Zbot.8735 20141013
Ikarus Trojan-Spy.Zbot 20141013
Kaspersky Trojan-Spy.Win32.Zbot.udsl 20141013
Malwarebytes Trojan.Zbot 20141013
McAfee RDN/Generic PWS.y!bbj 20141013
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20141013
Microsoft PWS:Win32/Zbot 20141013
eScan Trojan.Zbot.8735 20141013
NANO-Antivirus Trojan.Win32.Zbot.dfhzxa 20141013
nProtect Trojan.Zbot.8735 20141013
Panda Trj/Chgt.H 20141013
Qihoo-360 HEUR/Malware.QVM01.Gen 20141013
Rising PE:Trojan.Win32.Generic.1767259D!392635805 20141013
Sophos Mal/Generic-S 20141013
Symantec Trojan.Zbot 20141013
TrendMicro TROJ_GEN.R0C1C0DIP14 20141013
TrendMicro-HouseCall TROJ_GEN.R0C1C0DIP14 20141013
VBA32 TrojanSpy.Zbot 20141013
VIPRE Trojan.Win32.Generic!BT 20141013
Baidu-International 20141013
ByteHero 20141013
ClamAV 20141013
CMC 20141013
Comodo 20141013
F-Prot 20141013
Jiangmin 20141012
K7AntiVirus 20141013
K7GW 20141013
Kingsoft 20141013
Norman 20141013
SUPERAntiSpyware 20141013
Tencent 20141013
TheHacker 20141010
TotalDefense 20141013
ViRobot 20141013
Zillya 20141013
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-12 03:36:18
Entry Point 0x00001284
Number of sections 21
PE sections
PE imports
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLastError
VirtualQuery
SetUnhandledExceptionFilter
TlsGetValue
ExitProcess
VirtualProtect
GetProcAddress
LeaveCriticalSection
_cexit
__p__fmode
fopen
puts
__p__environ
fwrite
signal
fread
fclose
free
_onexit
atexit
abort
_setmode
sprintf
vfprintf
__getmainargs
calloc
_iob
__set_app_type
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:12 04:36:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
2.22

FileAccessDate
2014:10:13 15:31:41+01:00

EntryPoint
0x1284

InitializedDataSize
54272

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:10:13 15:31:41+01:00

UninitializedDataSize
3584

File identification
MD5 920ab56c309b093a56be8bbfa3040666
SHA1 4990ac730029feb1cf5d22441717ee1f08547e6c
SHA256 6bf51d707011653bd70dcb029232d27d8cb630591431fb833707d4e8d1179d99
ssdeep
6144:1yFHYqwOHRuMoMQMa7EdtfsGtHA6Hlirt8R6IEMlAUL:bqwkIMolbcJ2exRBvaUL

authentihash 2cc4bc2dcba63fd9ec5bc96986063bcaff321956590c3e51e24de7a1b04b941e
imphash 7e38baedf6ac741ad993c47eb226dcf6
File size 267.0 KB ( 273408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-13 14:28:55 UTC ( 2 years, 7 months ago )
Last submission 2014-10-13 14:28:55 UTC ( 2 years, 7 months ago )
File names 6bf51d707011653bd70dcb029232d27d8cb630591431fb833707d4e8d1179d99.exe
vt-upload-htpfx
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs