× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7064b43263e2c5f0f21b89043f950fa757e2ae121369b442f6d527e83e36d022
File name: 3b63c36c123880aeba04161ccb02483c
Detection ratio: 26 / 55
Analysis date: 2015-03-23 14:27:16 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.132993 20150323
ALYac Gen:Variant.Zusy.132993 20150323
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150323
Avast Win32:Malware-gen 20150323
AVG Zbot.ZRO 20150323
AVware Trojan.Win32.Generic!BT 20150323
BitDefender Gen:Variant.Zusy.132993 20150323
CAT-QuickHeal TrojanSpy.Zbot.r6 20150323
Emsisoft Gen:Variant.Zusy.132993 (B) 20150323
ESET-NOD32 Win32/Spy.Zbot.ACB 20150323
F-Secure Gen:Variant.Zusy.132993 20150323
Fortinet W32/Zbot.ACB!tr.spy 20150323
GData Gen:Variant.Zusy.132993 20150323
K7AntiVirus Spyware ( 004a08e61 ) 20150323
K7GW Spyware ( 004a08e61 ) 20150323
Kaspersky Trojan-Spy.Win32.Zbot.venf 20150323
Malwarebytes Trojan.Agent.ED 20150323
McAfee GenericR-DFL!3B63C36C1238 20150323
eScan Gen:Variant.Zusy.132993 20150323
NANO-Antivirus Trojan.Win32.Zbot.dpgmgm 20150323
Panda Trj/Genetic.gen 20150318
Sophos AV Mal/Generic-S 20150323
TrendMicro TROJ_FORUCON.BMC 20150323
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150323
VIPRE Trojan.Win32.Generic!BT 20150323
Zillya Trojan.Zbot.Win32.175694 20150322
AegisLab 20150323
Yandex 20150322
AhnLab-V3 20150323
Alibaba 20150323
Baidu-International 20150323
Bkav 20150323
ByteHero 20150323
ClamAV 20150323
CMC 20150323
Comodo 20150323
Cyren 20150323
DrWeb 20150323
F-Prot 20150323
Ikarus 20150323
Kingsoft 20150323
McAfee-GW-Edition 20150323
Microsoft 20150323
Norman 20150323
nProtect 20150323
Qihoo-360 20150323
Rising 20150323
SUPERAntiSpyware 20150321
Symantec 20150323
Tencent 20150323
TheHacker 20150322
TotalDefense 20150323
VBA32 20150322
ViRobot 20150323
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-16 16:27:27
Entry Point 0x00005D46
Number of sections 6
PE sections
PE imports
LsaQueryInformationPolicy
LsaFreeMemory
LsaNtStatusToWinError
ImageList_ReplaceIcon
Ord(17)
InitCommonControlsEx
FlatSB_SetScrollPos
PolyDraw
SetBrushOrgEx
SelectObject
CreatePen
GetStockObject
TextOutA
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapAlloc
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
CreateDirectoryA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
lstrcpyA
EncodePointer
GetStartupInfoW
SetStdHandle
HeapSetInformation
RaiseException
CompareStringA
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
FindFirstFileA
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetFullPathNameA
FreeLibrary
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
FindClose
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
LocalAlloc
WriteConsoleW
LeaveCriticalSection
GetOleaccVersionInfo
VarDateFromStr
SysAllocString
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileA
GetMessageA
UpdateWindow
EndDialog
BeginPaint
EnumWindows
KillTimer
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
FindWindowA
SendDlgItemMessageA
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
MessageBoxA
SetWindowLongA
TranslateMessage
GetWindow
SetActiveWindow
GetDC
InsertMenuItemA
GetCursorPos
GetWindowThreadProcessId
LoadMenuA
CreatePopupMenu
DefFrameProcA
DestroyIcon
GetWindowLongA
SendMessageA
CreateWindowExA
GetDlgItem
EnableMenuItem
RegisterClassA
LoadAcceleratorsA
GetSubMenu
FindWindowExA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
TranslateAcceleratorA
TranslateMDISysAccel
GetWindowTextW
GetDesktopWindow
LoadImageA
FindWindowExW
GetWindowTextA
IsDialogMessageA
DestroyWindow
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_BITMAP 10
RT_ICON 9
RT_RCDATA 9
RT_DIALOG 7
RT_STRING 6
LOGO 4
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 48
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:16 17:27:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71680

LinkerVersion
10.0

EntryPoint
0x5d46

InitializedDataSize
378368

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 3b63c36c123880aeba04161ccb02483c
SHA1 407ae2402f3130993a770b54d8ebc12558706ee5
SHA256 7064b43263e2c5f0f21b89043f950fa757e2ae121369b442f6d527e83e36d022
ssdeep
12288:GpdxzKI1T/AJ5m63D6GxPhvre+gWaHQzx:cxHTYJEADrhvJjDzx

authentihash 43adb762ef3341e257201677f6daab2f190f13286d3f7bb09f7bf620b5f8b808
imphash ff37f4029eeedea75bde2d1603e27a2e
File size 440.5 KB ( 451072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-23 14:27:16 UTC ( 4 years ago )
Last submission 2015-04-14 06:06:24 UTC ( 3 years, 11 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.