× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73cdd7872e97a631d6fb0f9ac716d49614217d281c17361ff0a20e82b8560a45
File name: vt-upload-vgh95
Detection ratio: 25 / 52
Analysis date: 2014-05-06 17:01:40 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Yandex TrojanSpy.Zbot!k14HPN/M0G4 20140506
AhnLab-V3 Spyware/Win32.Zbot 20140506
AntiVir TR/Crypt.Xpack.62415 20140506
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140506
Avast Sf:Zbot-GF [Trj] 20140506
AVG Zbot.HRM 20140506
Bkav W32.VobfusAgentA.Trojan 20140506
DrWeb Trojan.DownLoad3.32895 20140506
ESET-NOD32 a variant of Win32/Injector.BCTM 20140506
Fortinet W32/Injector.BCTM!tr 20140506
GData Win32.Trojan.Agent.8ZJ6N0 20140506
Ikarus Virus.Win32.Zbot 20140506
K7GW Unwanted-File ( 6b49d2001 ) 20140506
Kaspersky Trojan-Spy.Win32.Zbot.seki 20140506
Malwarebytes Trojan.Agent.FMS 20140506
McAfee Downloader-FYH!1B6B0B0012E5 20140506
McAfee-GW-Edition Downloader-FYH!1B6B0B0012E5 20140505
NANO-Antivirus Trojan.Win32.Zbot.cwpepm 20140506
Panda Trj/CI.A 20140506
Sophos AV Mal/Ransom-CE 20140506
SUPERAntiSpyware Trojan.Agent/Gen-Spy 20140506
TrendMicro TROJ_GEN.R0CBC0PE514 20140506
TrendMicro-HouseCall TROJ_GEN.R0CBC0PE514 20140506
VIPRE Trojan.Win32.Generic!BT 20140506
Zillya Trojan.Zbot.Win32.153083 20140505
Ad-Aware 20140506
AegisLab 20140506
Baidu-International 20140506
BitDefender 20140506
ByteHero 20140506
CAT-QuickHeal 20140506
ClamAV 20140506
CMC 20140506
Commtouch 20140506
Comodo 20140506
Emsisoft 20140506
F-Prot 20140506
F-Secure 20140506
Jiangmin 20140506
K7AntiVirus 20140506
Kingsoft 20140506
Microsoft 20140506
eScan 20140506
Norman 20140506
nProtect 20140506
Qihoo-360 20140506
Rising 20140506
Symantec 20140506
TheHacker 20140504
TotalDefense 20140506
VBA32 20140506
ViRobot 20140506
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-20 20:48:43
Entry Point 0x00002B2E
Number of sections 4
PE sections
PE imports
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2393)
Ord(3597)
Ord(389)
Ord(3136)
Ord(4424)
Ord(693)
Ord(5440)
Ord(6375)
Ord(755)
Ord(3798)
Ord(3173)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(2370)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4402)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(3640)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(356)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(567)
Ord(6383)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(3370)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(2582)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(535)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(3215)
Ord(5065)
Ord(369)
Ord(4407)
Ord(5311)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6394)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(1776)
Ord(800)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(668)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5710)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
malloc
__CxxFrameHandler
??1type_info@@UAE@XZ
memset
fclose
strcat
__dllonexit
_controlfp
fopen
_except_handler3
fseek
_mbscmp
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_adjust_fdiv
_acmdln
fread
__p__commode
memcpy
__getmainargs
_initterm
_setmbcp
_exit
__set_app_type
GetWindowLongA
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
SetWindowLongA
GetWindow
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 3
Struct(144) 1
Struct(32) 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:20 21:48:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
2.0

FileAccessDate
2014:05:06 18:02:54+01:00

EntryPoint
0x2b2e

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:06 18:02:54+01:00

UninitializedDataSize
0

File identification
MD5 1b6b0b0012e5ffaffebda198cc21a5b4
SHA1 b540eee62d8b1ee91eedcea22f5a275d846081d0
SHA256 73cdd7872e97a631d6fb0f9ac716d49614217d281c17361ff0a20e82b8560a45
ssdeep
3072:snNl5mLmtw6VIJnJ/x4kdKNFcvUsAcoSU+EYuMRK1GZvD3j2KOWA2Zp:snNl58X4rNGUpvYuMsUrjx7n

imphash 5347a98f96c9dddc03ebed831d55c2fc
File size 192.4 KB ( 196968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-06 17:01:40 UTC ( 4 years, 10 months ago )
Last submission 2014-05-06 17:01:40 UTC ( 4 years, 10 months ago )
File names vt-upload-vgh95
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!