× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e63d1ba9e3a0c1cac1630c529190a437c39a1e2c28492635a14384f6f90fcb3
File name: MINIPAD.EXE
Detection ratio: 48 / 55
Analysis date: 2014-12-07 17:35:29 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zbot.34 20141207
Yandex Trojan.Zbot!lRkshRP/pf0 20141205
AhnLab-V3 Packed/Win32.Katusha 20141207
ALYac Gen:Variant.Zbot.34 20141207
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141207
Avast Win32:Spyware-gen [Spy] 20141207
AVG Win32/Heri 20141207
Avira (no cloud) TR/Crypt.ZPACK.Gen 20141207
AVware Trojan.Win32.Skintrim.c (v) 20141207
Baidu-International Trojan.Win32.Zbot.AFqV 20141207
BitDefender Gen:Variant.Zbot.34 20141207
CAT-QuickHeal TrojanPWS.Zbot.Y4 20141206
ClamAV Trojan.Zbot-19973 20141207
Comodo TrojWare.Win32.Agent.~geg 20141207
Cyren W32/Zbot.VTFX-3217 20141207
DrWeb Trojan.PWS.Panda.655 20141207
ESET-NOD32 Win32/Spy.Zbot.YW 20141207
F-Prot W32/Zbot.BEV 20141207
F-Secure Gen:Variant.Zbot.34 20141207
Fortinet W32/Kryptik.EW!tr 20141207
GData Gen:Variant.Zbot.34 20141207
Ikarus Trojan-PWS.Win32.Zbot 20141207
Jiangmin TrojanSpy.Zbot.amov 20141206
K7AntiVirus Spyware ( 00009b291 ) 20141205
K7GW Spyware ( 00009b291 ) 20141205
Kaspersky Trojan-Spy.Win32.Zbot.cpup 20141207
Kingsoft Win32.Troj.Zbot.(kcloud) 20141207
Malwarebytes Trojan.Downloader 20141207
McAfee PWS-Spyeye.eo 20141207
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20141207
Microsoft PWS:Win32/Zbot.gen!CI 20141207
eScan Gen:Variant.Zbot.34 20141207
NANO-Antivirus Trojan.Win32.Zbot.bqobmj 20141207
Norman Agent.VDMO 20141207
nProtect Trojan-Spy/W32.ZBot.130048.FE 20141205
Panda Trj/Genetic.gen 20141207
Qihoo-360 HEUR/Malware.QVM07.Gen 20141207
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141207
Sophos Troj/Zbot-BEN 20141207
Symantec Infostealer 20141207
Tencent Win32.Trojan-spy.Zbot.Ebzu 20141207
TheHacker Trojan/Spy.Zbot.cpup 20141205
TrendMicro TSPY_SPYEYE.SMKD 20141207
TrendMicro-HouseCall TSPY_SPYEYE.SMKD 20141207
VBA32 Trojan.WPM.61215 20141205
VIPRE Trojan.Win32.Skintrim.c (v) 20141207
ViRobot Trojan.Win32.A.Zbot.130048.CR 20141207
Zillya Trojan.Zbot.Win32.46689 20141206
AegisLab 20141207
Bkav 20141206
ByteHero 20141207
CMC 20141206
SUPERAntiSpyware 20141207
TotalDefense 20141207
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
No rights reserved.

Original name MINIPAD.EXE
File version 1.0
Description MiniPad - example program
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-14 17:41:23
Entry Point 0x0000D5C0
Number of sections 4
PE sections
PE imports
SetBkColor
EndPage
SaveDC
VirtualFree
GetStartupInfoA
VirtualAlloc
GetModuleHandleA
_except_handler3
__p__fmode
_adjust_fdiv
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
memcpy
__set_app_type
ReleaseDC
GetSystemMetrics
DrawEdge
SetPropA
GetMenuItemCount
EndDialog
DrawIconEx
IntersectRect
LoadCursorW
DrawMenuBar
MsgWaitForMultipleObjects
EnableWindow
SetClassLongA
GetPropA
SetCapture
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
No rights reserved.

FileVersion
1.0

TimeStamp
2010:10:14 18:41:23+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:12:07 18:35:44+01:00

ProductVersion
1.0

FileDescription
MiniPad - example program

OSVersion
1.0

FileCreateDate
2014:12:07 18:35:44+01:00

OriginalFilename
MINIPAD.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
51200

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xd5c0

ObjectFileType
Executable application

File identification
MD5 f552900cd20d94a4ba745ea5a5e7d598
SHA1 7e17c1048649e53ec14fdeda4060bd174100987a
SHA256 6e63d1ba9e3a0c1cac1630c529190a437c39a1e2c28492635a14384f6f90fcb3
ssdeep
3072:PaAHUHtZj5LnyIQNLbXNZbvtNmmMzU2AfposYpz:Paj/qXNZbRM43fCF

authentihash f41c5d17fdeb47349229263349b397c173ff397c02e57d2fbf2bd0b4739a64eb
imphash efb7c3a427e411c00cd30611d8e9b03b
File size 127.0 KB ( 130048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-11-23 15:50:41 UTC ( 5 years, 5 months ago )
Last submission 2014-06-18 17:32:21 UTC ( 2 years, 10 months ago )
File names MINIPAD.EXE
f552900cd20d94a4ba745ea5a5e7d598
7e17c1048649e53ec14fdeda4060bd174100987a.bin
ff.ex#
6e63d1ba9e3a0c1cac1630c529190a437c39a1e2c28492635a14384f6f90fcb3.bin
file-3165500_exe
1103559
f552900cd20d94a4ba745ea5a5e7d598.exe
smona132220334626473385491
_ff_.ex#
887816AB000FCC91FCE10196B9DD34003197F337.exe
1103680
1102980
smona132236123151400382514
_ff.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!