× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 736486d237fede0eddf2e1e3bdfe578cc56b23a178d15fcba55829c1cd65d2a4
File name: 64EDD69E69A798D7DEF07FA3FD871AF2
Detection ratio: 39 / 43
Analysis date: 2011-07-15 20:58:40 UTC ( 7 years, 3 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Zbot.88576 20110715
AntiVir TR/Crypt.ZPACK.Gen 20110715
Avast Win32:Zbot-MYU [Trj] 20110715
Avast5 Win32:Zbot-MYU [Trj] 20110715
AVG unknown virus Win32/DH.CAFF8402A2 20110715
BitDefender Gen:Trojan.Heur.Zbot.fmW@cWtzK0f 20110715
CAT-QuickHeal TrojanSpy.Zbot.gen 20110715
ClamAV Trojan.Spy.Zbot-435 20110715
Commtouch W32/Zbot.V.gen!Eldorado 20110715
Comodo TrojWare.Win32.Spy.Zbot.AAJ 20110715
DrWeb Trojan.PWS.Panda.171 20110715
Emsisoft Trojan-Spy.Win32.Zbot!IK 20110715
eTrust-Vet Win32/Zbot.B!generic 20110715
F-Prot W32/Zbot.V.gen!Eldorado 20110715
F-Secure Gen:Trojan.Heur.Zbot.fmW@cWtzK0f 20110715
Fortinet W32/Zbot.gen!tr 20110715
GData Gen:Trojan.Heur.Zbot.fmW@cWtzK0f 20110715
Ikarus Trojan-Spy.Win32.Zbot 20110715
Jiangmin TrojanSpy.Zbot.gek 20110714
K7AntiVirus Riskware 20110715
Kaspersky Trojan-Spy.Win32.Zbot.gen 20110715
McAfee PWS-Zbot.gen.dl 20110715
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20110715
Microsoft PWS:Win32/Zbot.gen!W 20110715
NOD32 Win32/Spy.Zbot.JF 20110715
Norman W32/Zbot.QSZ 20110715
nProtect Trojan-Spy/W32.ZBot.88576.EZ 20110715
Panda Trj/Sinowal.XGV 20110715
PCTools HeurEngine.MaliciousPacker 20110713
Sophos AV Mal/Behav-353 20110715
SUPERAntiSpyware Trojan.Agent/Gen 20110715
Symantec Packed.Generic.232 20110715
TheHacker Trojan/Spy.Zbot.gen 20110715
TrendMicro TSPY_ZBOT.SMO 20110715
TrendMicro-HouseCall TSPY_ZBOT.SMO 20110715
VBA32 Malware-Cryptor.Win32.Vals.21 20110715
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20110715
ViRobot Spyware.Zbot.88576.AH 20110715
VirusBuster TrojanSpy.Zbot!aizuD//r+QE 20110715
Antiy-AVL 20110715
eSafe 20110714
Prevx 20110715
Rising 20110715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 3
PE sections
PE imports
ImpersonateLoggedOnUser
LookupPrivilegeDisplayNameA
GetMultipleTrusteeW
GetSecurityDescriptorDacl
RegDeleteKeyA
AbortSystemShutdownA
SetEntriesInAccessListW
RegCreateKeyW
StartServiceA
GetSecurityInfoExA
OpenBackupEventLogA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
BuildTrusteeWithNameW
CopySid
GetNamedSecurityInfoExA
InitiateSystemShutdownW
EnumDependentServicesW
AreAllAccessesGranted
FreeSid
LookupPrivilegeValueW
ConvertSecurityDescriptorToAccessNamedW
OpenProcessToken
CryptSetKeyParam
LookupPrivilegeDisplayNameW
ImpersonateNamedPipeClient
RegUnLoadKeyW
GetTrusteeNameW
BuildExplicitAccessWithNameA
QueryServiceLockStatusW
ReportEventA
RegRestoreKeyW
GetOldestEventLogRecord
CloseServiceHandle
GetTrusteeNameA
RegisterServiceCtrlHandlerA
CreatePrivateObjectSecurity
GetNumberOfEventLogRecords
RegFlushKey
SetFileSecurityW
GetCurrentHwProfileA
EnumDependentServicesA
BuildImpersonateExplicitAccessWithNameW
GetServiceKeyNameW
ObjectOpenAuditAlarmW
SetSecurityDescriptorOwner
AddAce
GetAccessPermissionsForObjectA
IsTextUnicode
CryptReleaseContext
IsValidSecurityDescriptor
ClearEventLogW
AllocateAndInitializeSid
RegSaveKeyW
ConvertSecurityDescriptorToAccessW
SetSecurityDescriptorSacl
CreateProcessAsUserW
BuildImpersonateTrusteeA
InitializeSid
RegQueryValueExW
GetSecurityDescriptorGroup
InitializeSecurityDescriptor
CryptHashData
RegSetKeySecurity
OpenSCManagerA
GetSecurityDescriptorOwner
ImpersonateSelf
RegDeleteValueW
OpenSCManagerW
MakeAbsoluteSD
AdjustTokenPrivileges
RevertToSelf
TrusteeAccessToObjectA
CreateProcessAsUserA
ObjectCloseAuditAlarmA
GetExplicitEntriesFromAclA
LookupPrivilegeNameA
BuildTrusteeWithNameA
SetKernelObjectSecurity
GetUserNameW
StartServiceCtrlDispatcherW
CryptSetProviderW
CryptGetDefaultProviderW
ObjectDeleteAuditAlarmA
LogonUserW
OpenEventLogW
CryptExportKey
GetEffectiveRightsFromAclA
DeregisterEventSource
RegEnumKeyW
GetSecurityInfo
RegSetValueA
LookupAccountSidW
RegDeleteValueA
CryptEncrypt
CryptVerifySignatureA
SetFileSecurityA
ObjectPrivilegeAuditAlarmW
RegCreateKeyA
CryptEnumProvidersW
SetEntriesInAclA
SetPrivateObjectSecurity
GetAce
AddAuditAccessAce
RegSaveKeyA
SetNamedSecurityInfoW
GetNamedSecurityInfoExW
RtlFillMemory
RaiseException
SetThreadContext
GetEnvironmentStringsW
GetPrivateProfileIntW
GetFileSize
UpdateResourceA
GetShortPathNameA
GetTimeFormatW
EnumDateFormatsExA
GetProfileSectionW
GetProfileIntW
LockResource
GetCommModemStatus
WaitNamedPipeW
IsBadStringPtrW
WriteProfileSectionW
RemoveDirectoryW
CancelWaitableTimer
CreateWaitableTimerW
WritePrivateProfileStructW
GetStartupInfoA
Heap32Next
lstrcatA
EnumResourceTypesW
FreeEnvironmentStringsW
CreateMutexA
GetModuleHandleA
DefineDosDeviceW
UnmapViewOfFile
GetFileAttributesW
GetDefaultCommConfigA
GetProcessShutdownParameters
IsProcessorFeaturePresent
LCMapStringA
CreateRemoteThread
PulseEvent
SuspendThread
SetStdHandle
ExpandEnvironmentStringsA
WaitForSingleObject
Heap32First
lstrcat
GetWriteWatch
SetThreadLocale
GetCurrentProcessId
OpenFileMappingW
SetSystemTimeAdjustment
GetCommConfig
GetDriveTypeA
FileTimeToLocalFileTime
TlsGetValue
GetFileAttributesExW
ReadConsoleInputA
SetFileAttributesW
BuildCommDCBA
SetCommMask
GetVersionExW
UpdateResourceW
GlobalFix
EnumSystemLocalesA
LockFileEx
FreeConsole
ResumeThread
GetCommandLineW
ScrollConsoleScreenBufferW
SetConsoleTitleW
GetSystemTimeAsFileTime
WritePrivateProfileStructA
GetMailslotInfo
CreateFileW
SetThreadIdealProcessor
CreateNamedPipeW
FileTimeToSystemTime
CopyFileExA
lstrcpy
GetConsoleCursorInfo
ReadProcessMemory
CommConfigDialogA
SetCalendarInfoW
GetThreadContext
SetTapePosition
GetModuleFileNameA
GetSystemTimeAdjustment
CreateSemaphoreW
HeapValidate
GetPrivateProfileStructW
lstrlen
SizeofResource
SetEnvironmentVariableA
SetTapeParameters
FindFirstFileW
ReadConsoleOutputA
FreeLibraryAndExitThread
PeekNamedPipe
EndUpdateResourceW
SetLocaleInfoA
SetCurrentDirectoryW
FindCloseChangeNotification
WriteFileGather
MoveFileExW
VirtualProtect
LocalLock
GetCurrentThreadId
GetCommTimeouts
GetProcAddress
EnumCalendarInfoA
BuildCommDCBW
RequestWakeupLatency
lstrcpyn
WinExec
ConnectNamedPipe
SetCurrentDirectoryA
lstrlenA
BackupSeek
SetProcessPriorityBoost
ResetEvent
lstrcpynA
GetModuleFileNameW
EnumCalendarInfoW
HeapCreate
SetLocalTime
CreatePipe
GetFullPathNameA
WritePrivateProfileStringW
BeginUpdateResourceW
ReadConsoleOutputW
VirtualAlloc
GetProcessHeaps
WaitForMultipleObjectsEx
GetCurrencyFormatA
GetCompressedFileSizeW
SHRegDeleteUSValueA
ChrCmpIW
SHGetValueA
SHRegSetUSValueA
SHQueryInfoKeyA
PathCanonicalizeW
UrlCombineA
UrlHashW
UrlGetLocationA
PathFindSuffixArrayA
SHQueryInfoKeyW
IntlStrEqWorkerA
PathBuildRootA
SHCopyKeyW
SHRegEnumUSValueW
StrDupW
PathFindExtensionA
PathFileExistsA
PathIsFileSpecA
UrlApplySchemeA
StrCmpNIA
PathUnquoteSpacesA
StrStrIA
StrCSpnW
SHRegDuplicateHKey
UrlUnescapeA
SHIsLowMemoryMachine
StrChrW
PathIsLFNFileSpecA
SHDeleteEmptyKeyW
StrRStrIW
StrCmpW
SHDeleteValueW
StrCmpNW
PathSkipRootA
PathIsRelativeA
SHRegSetUSValueW
PathIsSystemFolderA
PathRemoveBlanksW
PathStripPathA
UrlIsOpaqueA
SHSetValueW
StrCSpnIW
SHRegDeleteUSValueW
PathCombineA
UrlIsA
StrCpyNW
StrToIntExA
UrlGetPartW
StrCSpnIA
SHQueryValueExA
SHRegQueryUSValueW
PathCommonPrefixW
PathMatchSpecW
PathUndecorateA
PathCreateFromUrlA
UrlUnescapeW
PathGetDriveNumberW
PathAddBackslashW
PathCompactPathExA
SHGetValueW
StrChrA
SHRegEnumUSValueA
PathRemoveArgsA
SHRegQueryInfoUSKeyW
PathGetCharTypeW
UrlCreateFromPathA
PathGetCharTypeA
UrlCombineW
PathRemoveExtensionA
PathAddBackslashA
PathCompactPathA
SHCopyKeyA
StrRetToBufA
StrSpnW
wnsprintfW
ColorAdjustLuma
PathFindOnPathW
StrRetToStrA
PathIsPrefixA
PathIsDirectoryW
SHDeleteKeyW
StrFormatKBSizeA
PathIsLFNFileSpecW
PathFindNextComponentA
PathIsURLA
StrCpyW
SHRegCloseUSKey
SHEnumValueA
ColorHLSToRGB
StrSpnA
SHDeleteKeyA
StrToIntExW
SHRegDeleteEmptyUSKeyW
StrDupA
PathRemoveExtensionW
SHEnumKeyExW
StrTrimW
StrCatW
StrChrIA
wvnsprintfW
AssocQueryKeyW
StrCmpNA
StrRetToBufW
PathCompactPathExW
SHEnumValueW
PathRemoveBackslashA
StrPBrkA
SHSkipJunction
StrIsIntlEqualA
StrNCatW
StrToIntW
CheckRadioButton
PtInRect
CharNextA
DispatchMessageA
DefFrameProcW
EnumDisplaySettingsA
MessageBoxW
SetThreadDesktop
MonitorFromRect
GetSubMenu
GetMessagePos
DragObject
CharToOemW
GetWindowContextHelpId
DestroyWindow
DefWindowProcW
SetDlgItemTextA
GetDlgItemInt
CascadeChildWindows
GetProcessWindowStation
GetTitleBarInfo
SetDlgItemInt
EqualRect
SetPropW
ChangeDisplaySettingsW
DlgDirSelectExW
GetDlgItemTextA
TranslateMessage
WindowFromDC
IsWindowVisible
DdeGetLastError
InvalidateRect
GetWindowModuleFileNameA
GetTabbedTextExtentW
SetDebugErrorLevel
GetDC
GetGUIThreadInfo
DlgDirListW
ClipCursor
GetCursorPos
GetMenu
EnumDisplayMonitors
InflateRect
MessageBoxIndirectW
SetClassLongA
WindowFromPoint
GetDesktopWindow
ExitWindowsEx
DdeAccessData
DestroyCursor
EnumThreadWindows
DdeCreateDataHandle
CreateWindowExW
InSendMessageEx
DdeUninitialize
EnumPropsExA
DestroyCaret
SwitchDesktop
EnumDisplaySettingsExW
SendDlgItemMessageW
TabbedTextOutA
IsZoomed
SubtractRect
CharToOemBuffA
UnregisterDeviceNotification
DlgDirSelectComboBoxExA
SetCursorPos
DrawIcon
GetMenuStringW
CharPrevA
CheckDlgButton
UpdateWindow
SystemParametersInfoA
LoadCursorA
IsWindow
GetMenuItemID
SetClassLongW
CallMsgFilterA
GetKeyboardState
GetKeyNameTextW
CreateMDIWindowA
IsRectEmpty
CallNextHookEx
LoadStringW
ClientToScreen
FindWindowA
GetMenuItemRect
UnregisterClassA
FrameRect
CharPrevW
VkKeyScanExA
SendDlgItemMessageA
SetWindowsHookExW
AnyPopup
PeekMessageA
RegisterHotKey
TranslateAcceleratorW
DefDlgProcA
CheckMenuRadioItem
SendMessageW
LoadIconW
IsCharAlphaNumericW
SendMessageCallbackW
GetScrollBarInfo
LoadImageW
ReleaseDC
WINNLSGetEnableStatus
GetWindowTextA
IsIconic
DrawCaption
PostMessageW
GetKBCodePage
ScrollWindowEx
WaitForInputIdle
DefFrameProcA
ToAscii
EnumClipboardFormats
SetSysColors
ImpersonateDdeClientWindow
DrawFocusRect
WaitMessage
GetAsyncKeyState
IsClipboardFormatAvailable
IsCharAlphaA
GetFocus
RealGetWindowClass
DdeConnectList
ScrollWindow
DdeQueryConvInfo
DrawTextExW
SendMessageCallbackA
SendMessageTimeoutA
OleSaveToStream
CreateGenericComposite
OleLockRunning
StgGetIFillLockBytesOnILockBytes
StringFromGUID2
WriteClassStm
OleGetAutoConvert
CoRegisterSurrogate
StringFromIID
UtConvertDvtd32toDvtd16
CoInitializeEx
WriteOleStg
DoDragDrop
RevokeDragDrop
CoCreateInstanceEx
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc
CoIsHandlerConnected
CreatePointerMoniker
ReadOleStg
CoMarshalInterface
CreateClassMoniker
StgCreateStorageEx
OleSetClipboard
StgCreateDocfileOnILockBytes
OleMetafilePictFromIconAndLabel
CoResumeClassObjects
RegisterDragDrop
CreateDataCache
OleQueryCreateFromData
CreateDataAdviseHolder
StgSetTimes
GetHGlobalFromStream
CoDisconnectObject
DllDebugObjectRPCHook
CoFreeUnusedLibraries
StgGetIFillLockBytesOnFile
OleCreateLinkToFile
CoQueryReleaseObject
CoRevokeMallocSpy
OleDestroyMenuDescriptor
OleBuildVersion
CoFileTimeToDosDateTime
CoFileTimeNow
OleGetIconOfFile
IsEqualGUID
CreateObjrefMoniker
OleCreateLinkEx
CoTaskMemFree
OleSave
ReadFmtUserTypeStg
EnableHookObject
OleCreateFromFile
ReadStringStream
CoLockObjectExternal
CoQueryAuthenticationServices
CoTaskMemAlloc
MkParseDisplayName
StgOpenStorage
OleRegEnumFormatEtc
CoReleaseServerProcess
CoLoadLibrary
CoGetInstanceFromIStorage
OleRegEnumVerbs
OleCreateLinkToFileEx
CoUnmarshalInterface
CoUninitialize
OleDraw
OleRegGetMiscStatus
OleCreateFromDataEx
SetConvertStg
CoGetCallerTID
CoTreatAsClass
CoInitialize
OleGetIconOfClass
OleConvertOLESTREAMToIStorage
StgIsStorageFile
UpdateDCOMSettings
GetConvertStg
CoGetStandardMarshal
OleCreateEx
OleUninitialize
WriteStringStream
OleSetAutoConvert
CoRegisterMallocSpy
IIDFromString
CreateBindCtx
BindMoniker
OleCreateLinkFromData
MonikerCommonPrefixWith
CreateILockBytesOnHGlobal
CoGetCurrentProcess
GetClassFile
WriteFmtUserTypeStg
CoRevertToSelf
StringFromCLSID
CoDosDateTimeToFileTime
WriteClassStg
OleLoad
OleConvertIStorageToOLESTREAMEx
OleQueryLinkFromData
OleInitialize
File identification
MD5 64edd69e69a798d7def07fa3fd871af2
SHA1 d137255574bbbd4c50a6cf9c8b53e9e0bbce600c
SHA256 736486d237fede0eddf2e1e3bdfe578cc56b23a178d15fcba55829c1cd65d2a4
ssdeep
1536:WIyDf/ojacopSmKzEupbGgAOsszU52m38Anly90Qz3x6U6xzbwBf7MX+2:WIyDHojacoGzEuh6asRbly9uh2BjMd

File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2010-05-16 12:04:23 UTC ( 8 years, 5 months ago )
Last submission 2011-07-15 20:58:40 UTC ( 7 years, 3 months ago )
File names 64EDD69E69A798D7DEF07FA3FD871AF2
36fKB0FowA.zip
aa
_xRU0gse.lnk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!