× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72760a6c5a5b255b0e5b4515ee45c595f84c4813e57c5a4926c2b25c73189a00
File name: b98565860321b96e3c2c3d730ccc6567
Detection ratio: 9 / 53
Analysis date: 2014-06-15 06:00:09 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Avast Win32:Dropper-gen [Drp] 20140615
AVG Zbot.JYN 20140615
Bkav HW32.Laneul.iwyq 20140614
ESET-NOD32 Win32/Spy.Zbot.ABV 20140614
Fortinet W32/Zbot.ABV!tr.spy 20140615
McAfee Artemis!B98565860321 20140615
McAfee-GW-Edition Artemis!B98565860321 20140614
Sophos AV Mal/Generic-S 20140615
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140615
Ad-Aware 20140615
AegisLab 20140615
Yandex 20140614
AhnLab-V3 20140614
AntiVir 20140614
Antiy-AVL 20140611
Baidu-International 20140614
BitDefender 20140615
ByteHero 20140615
CAT-QuickHeal 20140614
ClamAV 20140615
CMC 20140613
Commtouch 20140615
Comodo 20140615
DrWeb 20140615
Emsisoft 20140615
F-Prot 20140615
F-Secure 20140615
GData 20140615
Ikarus 20140615
Jiangmin 20140615
K7AntiVirus 20140613
K7GW 20140613
Kaspersky 20140615
Kingsoft 20140615
Malwarebytes 20140615
Microsoft 20140615
eScan 20140615
NANO-Antivirus 20140615
Norman 20140614
nProtect 20140615
Panda 20140614
Qihoo-360 20140615
Rising 20140614
Symantec 20140615
TheHacker 20140612
TotalDefense 20140614
TrendMicro 20140615
TrendMicro-HouseCall 20140615
VBA32 20140613
VIPRE 20140615
ViRobot 20140615
Zillya 20140614
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-12 15:42:57
Entry Point 0x0000399E
Number of sections 5
PE sections
PE imports
ConvertStringSidToSidW
CreateWellKnownSid
ImageList_Add
GetOpenFileNameA
GetFileTitleW
GetObjectA
SetMapMode
CreateRectRgn
DeleteObject
GetRgnBox
GetStockObject
SetPixel
SelectObject
DeleteDC
Rectangle
BitBlt
SetBkColor
CreateCompatibleDC
GetBitmapBits
SetTextColor
CreateSolidBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
CreateThread
GetStartupInfoW
GetConsoleMode
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
GetModuleFileNameW
RaiseException
GetCPInfo
lstrcmpiA
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
IsDebuggerPresent
TerminateProcess
SearchPathW
ResetEvent
IsValidCodePage
HeapCreate
CreateFileW
GlobalAlloc
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
GetFileSize
WriteConsoleW
InterlockedIncrement
WNetGetUniversalNameA
CreateStdAccessibleObject
Shell_NotifyIconW
SHGetFileInfoW
SetFocus
UpdateWindow
GetScrollInfo
BeginPaint
HideCaret
TrackMouseEvent
ShowWindow
LoadBitmapA
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
EndPaint
SetCapture
MoveWindow
EnumChildWindows
LoadMenuW
MessageBoxA
ScrollDC
SetWindowLongA
SendDlgItemMessageW
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
CreatePopupMenu
SendMessageW
GetWindowLongA
GetKeyNameTextA
RegisterClassW
IsWindowVisible
SendMessageA
CreateWindowExA
DrawTextW
MessageBoxW
ScreenToClient
SetRect
DeleteMenu
CallNextHookEx
InsertMenuA
wsprintfA
FindWindowExA
CreateMenu
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
GetUpdateRgn
ValidateRect
LoadImageA
GetActiveWindow
DestroyWindow
SetWindowTheme
Direct3DCreate9
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:12 16:42:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
62976

LinkerVersion
10.0

FileAccessDate
2014:06:15 07:01:35+01:00

EntryPoint
0x399e

InitializedDataSize
182272

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:06:15 07:01:35+01:00

UninitializedDataSize
0

File identification
MD5 b98565860321b96e3c2c3d730ccc6567
SHA1 89316bcc271958c9ac19f232224afbc8ad4b5898
SHA256 72760a6c5a5b255b0e5b4515ee45c595f84c4813e57c5a4926c2b25c73189a00
ssdeep
6144:D9el1+xCbDXWc7ynPOdCZCMJhAl3bVpHAFc:DUT+xkXxynmdCrhAdbVpgF

imphash e4cddc8b01ebc38a237875ed1fc6e776
File size 240.5 KB ( 246272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-15 06:00:09 UTC ( 4 years, 9 months ago )
Last submission 2014-06-15 06:00:09 UTC ( 4 years, 9 months ago )
File names b98565860321b96e3c2c3d730ccc6567
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests