× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f5e7f163fd9228db3d62c67c030953faf3115f3655b1fc6a84978f6ba6c318b
File name: 3d1d7ea81dbfc614d96d5c4d2a961cc7
Detection ratio: 47 / 55
Analysis date: 2014-09-12 07:55:36 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.38534 20140912
Yandex TrojanSpy.Zbot!UCV0shnJ/8E 20140911
AhnLab-V3 Spyware/Win32.Zbot 20140912
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140912
Avast Win32:Malware-gen 20140912
AVG Generic31.BCIP 20140912
Avira (no cloud) TR/Rogue.kdv.858208 20140912
AVware Trojan.Win32.Zbot.a!ag (v) 20140912
Baidu-International Trojan.Win32.Kryptik.BAUCW 20140912
BitDefender Gen:Variant.Zusy.38534 20140912
Bkav HW32.Paked.A0C8 20140911
CAT-QuickHeal TrojanSpy.Zbot.r4 20140911
Comodo TrojWare.Win32.Trojan.Agent.Gen 20140912
Cyren W32/PWS.PVOY-5441 20140912
DrWeb Trojan.PWS.Panda.547 20140912
Emsisoft Gen:Variant.Zusy.38534 (B) 20140912
ESET-NOD32 a variant of Win32/Kryptik.AUKW 20140912
F-Secure Gen:Variant.Zusy.38534 20140912
Fortinet W32/Kryptik.ATGL!tr 20140912
GData Gen:Variant.Zusy.38534 20140912
Ikarus Trojan-Spy.Win32.Zbot 20140912
Jiangmin TrojanSpy.Zbot.dfoz 20140911
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20140911
K7GW Unwanted-Program ( 004a8e8a1 ) 20140911
Kaspersky Trojan-Spy.Win32.Zbot.ivrg 20140912
Kingsoft Win32.Troj.Zbot.iv.(kcloud) 20140912
Malwarebytes Virus.Expiro 20140912
McAfee RDN/Generic PWS.y!zv 20140912
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20140912
Microsoft PWS:Win32/Zbot.gen!Y 20140912
eScan Gen:Variant.Zusy.38534 20140912
NANO-Antivirus Trojan.Win32.Zbot.dbihbm 20140912
Norman ZBot.UFLS 20140912
nProtect Trojan/W32.Agent.169472.OU 20140911
Panda Generic Malware 20140911
Qihoo-360 HEUR/Malware.QVM07.Gen 20140912
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140911
Sophos Mal/Generic-S 20140912
SUPERAntiSpyware Trojan.Agent/Gen-Festo 20140912
Symantec WS.Reputation.1 20140912
Tencent Win32.Trojan-spy.Zbot.Lkef 20140912
TotalDefense Win32/Zbot.HNBEIfC 20140911
TrendMicro TROJ_GEN.R028C0DF914 20140912
TrendMicro-HouseCall TROJ_GEN.R028C0DF914 20140912
VBA32 TrojanSpy.Zbot 20140911
VIPRE Trojan.Win32.Zbot.a!ag (v) 20140912
Zillya Trojan.Zbot.Win32.160840 20140910
AegisLab 20140912
ByteHero 20140912
ClamAV 20140912
CMC 20140908
F-Prot 20140912
TheHacker 20140912
ViRobot 20140912
Zoner 20140912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-08 14:28:44
Entry Point 0x00022DB6
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
LCMapStringA
CopyFileA
ExitProcess
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
HeapDestroy
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
OemToCharBuffA
IsCharUpperA
PostMessageA
CharNextA
ChangeMenuW
SetProcessWindowStation
MonitorFromRect
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:08 15:28:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
148992

LinkerVersion
6.0

FileAccessDate
2014:07:16 16:49:07+01:00

EntryPoint
0x22db6

InitializedDataSize
169984

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:07:16 16:49:07+01:00

UninitializedDataSize
0

File identification
MD5 3d1d7ea81dbfc614d96d5c4d2a961cc7
SHA1 0293ec4753c0917964643cb02894e7b76928e69a
SHA256 6f5e7f163fd9228db3d62c67c030953faf3115f3655b1fc6a84978f6ba6c318b
ssdeep
3072:LnUnSDbaYZh/3LAvrYdLDkZlHQ75ws+L0JivSm/xILjHSS6U6bt6YUfqoJtqkxI:z0kxbAvrQ4lHQ7+aJil/iHUy1I

imphash 30fc54e217abbb940084d1dae9ef213d
File size 165.5 KB ( 169472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-16 15:45:13 UTC ( 2 years, 11 months ago )
Last submission 2014-07-30 07:08:31 UTC ( 2 years, 10 months ago )
File names 3d1d7ea81dbfc614d96d5c4d2a961cc7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections