× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72a57be53c752e5754757d289f25f5f8b369c22ebdc8137c0ef61843961d4e92
File name: d466eb98527a5cf258f554ad4bc2200d
Detection ratio: 12 / 52
Analysis date: 2014-05-30 04:35:32 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir TR/Spy.ZBot.abs.6 20140530
AVG Zbot.JIB 20140530
ESET-NOD32 Win32/Spy.Zbot.ABS 20140529
Fortinet W32/Zbot.ABS!tr.spy 20140530
Kaspersky Trojan.Win32.Yakes.eyyx 20140530
McAfee Artemis!D466EB98527A 20140530
McAfee-GW-Edition Artemis!D466EB98527A 20140530
Panda Trj/Dtcontx.M 20140529
Sophos AV Mal/Generic-S 20140530
Symantec WS.Reputation.1 20140530
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140530
VIPRE Trojan.Win32.Generic!BT 20140530
Ad-Aware 20140530
AegisLab 20140530
Yandex 20140529
AhnLab-V3 20140529
Antiy-AVL 20140530
Avast 20140530
Baidu-International 20140529
BitDefender 20140530
Bkav 20140529
ByteHero 20140530
CAT-QuickHeal 20140529
ClamAV 20140530
CMC 20140530
Commtouch 20140530
Comodo 20140530
DrWeb 20140530
Emsisoft 20140530
F-Prot 20140530
F-Secure 20140530
GData 20140530
Ikarus 20140530
Jiangmin 20140529
K7AntiVirus 20140529
K7GW 20140529
Kingsoft 20140530
Malwarebytes 20140530
Microsoft 20140530
eScan 20140530
NANO-Antivirus 20140530
Norman 20140529
nProtect 20140529
Qihoo-360 20140521
Rising 20140529
SUPERAntiSpyware 20140530
TheHacker 20140529
TotalDefense 20140529
TrendMicro 20140530
TrendMicro-HouseCall 20140530
VBA32 20140529
ViRobot 20140530
Zillya 20140529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1992 - 2008

Publisher Memeo Inc.
Product PYtiz06k4040
Original name a1mj238H52.exe
Internal name a1mj238H52.exe
File version 3.7.8.4
Description w0gNm59dS85
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-22 21:29:25
Entry Point 0x00008B80
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegOpenKeyExA
RegUnLoadKeyW
RegSetValueExW
GetOpenFileNameW
EndPage
DeleteDC
EnumFontsW
GetStockObject
GetObjectW
StartDocW
GetUserDefaultUILanguage
CreateFileMappingW
LocalFree
GetStartupInfoA
lstrcpyW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WideCharToMultiByte
GetCurrentProcess
GetDateFormatW
CreateFileW
SetUnhandledExceptionFilter
QueryPerformanceCounter
FindClose
IsDebuggerPresent
CloseHandle
FoldStringW
FlushFileBuffers
GetCurrentThreadId
SetLastError
LZClose
DragQueryFileW
DragFinish
ShellAboutW
GetParent
DrawTextExW
GetMessageW
MessageBeep
GetMenuState
SetWindowLongW
SetWindowPlacement
CharLowerW
GetDC
ReleaseDC
GetMenu
GetWindowPlacement
SetScrollPos
ScreenToClient
IsClipboardFormatAvailable
UnhookWinEvent
GetDesktopWindow
LoadCursorW
GetFocus
CreateWindowExW
LoadAcceleratorsW
OpenClipboard
Number of PE resources by type
RT_STRING 17
Z80F32V 1
I95T8RI 1
H3C7OZ95 1
DAA6VT976 1
GQF0NG 1
C2S2VC258F 1
WV0Z24O2L 1
X81ZG400 1
LS150U7HL9 1
RT_ACCELERATOR 1
KI95M0GC 1
R3KANEEC62 1
RT_VERSION 1
I6Q0K9 1
E1P40IEM0A 1
V8YL5U 1
EH86EJO480 1
XS3ZL 1
A1TYOFW 1
I1307GT 1
A75M726 1
MZ9HZ 1
KN80N05 1
X0MH8QAF58 1
WHIS4P3O 1
Z6T32NE4 1
QB3XXIK8J6 1
R88GCX 1
O5V9D213BB 1
DAW622 1
RN840903 1
RT_BITMAP 1
LWC419U 1
Number of PE resources by language
ENGLISH US 50
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:22 22:29:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
244736

LinkerVersion
10.0

FileAccessDate
2014:06:16 19:50:53+01:00

EntryPoint
0x8b80

InitializedDataSize
1425920

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:06:16 19:50:53+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d466eb98527a5cf258f554ad4bc2200d
SHA1 66821f02c750d2795b240e7eba85b06faba16e46
SHA256 72a57be53c752e5754757d289f25f5f8b369c22ebdc8137c0ef61843961d4e92
ssdeep
6144:20jSrEfIe7vB5knq6iLVyfnXNYFPUNOPZuy5dH76Jdjx4/vjZLr6tt8v:hdnx6ffnXiFMQJnejx4zNot

imphash 8e3a90a724b1163bf74aa8873fe800c9
File size 387.0 KB ( 396288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-30 04:35:32 UTC ( 4 years, 9 months ago )
Last submission 2014-06-16 18:58:24 UTC ( 4 years, 9 months ago )
File names d466eb98527a5cf258f554ad4bc2200d
a1mj238H52.exe
D466EB98527A5CF258F554AD4BC2200D
72a57be53c752e5754757d289f25f5f8b369c22ebdc8137c0ef61843961d4e92
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.