× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 748bba1e228b89ddff2b10410a7d95894e26f1a4341921a229815344a33cd7bf
File name: fd38cdf0a4811e5a87d65142d3d43c46
Detection ratio: 49 / 57
Analysis date: 2016-05-14 08:17:03 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zbot.121 20160514
AegisLab Troj.W32.Gen.lWdh 20160514
AhnLab-V3 Trojan/Win32.Zbot 20160513
ALYac Gen:Variant.Zbot.121 20160514
Antiy-AVL Trojan/Win32.SGeneric 20160514
Arcabit Trojan.Zbot.121 20160514
Avast Win32:Crypt-ROG [Trj] 20160514
AVG Generic35.BCDM 20160514
Avira (no cloud) TR/Injector.hhj 20160514
AVware Trojan.Win32.Fareit.if (v) 20160511
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160513
Baidu-International Trojan.Win32.Injector.AURH 20160513
BitDefender Gen:Variant.Zbot.121 20160514
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160514
Comodo TrojWare.Win32.Spy.Zbot.~RO 20160514
Cyren W32/Trojan.QIHV-4628 20160514
DrWeb Trojan.Packed.25367 20160514
Emsisoft Gen:Variant.Zbot.121 (B) 20160514
ESET-NOD32 Win32/Injector.AURH 20160514
F-Secure Gen:Variant.Zbot.121 20160514
Fortinet W32/Zbot.OA!tr 20160514
GData Gen:Variant.Zbot.121 20160514
Ikarus Trojan-Downloader.Win32.Carberp 20160514
Jiangmin Backdoor/Androm.bvl 20160514
Kaspersky HEUR:Trojan.Win32.Generic 20160514
Kingsoft Win32.Troj.Undef.(kcloud) 20160514
Malwarebytes Trojan.Agent.ED 20160514
McAfee PWS-Zbot.dx 20160514
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20160514
Microsoft VirTool:Win32/Injector.IA 20160514
eScan Gen:Variant.Zbot.121 20160514
NANO-Antivirus Trojan.Win32.Tepfer.cwdpfw 20160514
nProtect Trojan-Spy/W32.ZBot.212281.B 20160513
Panda Trj/Genetic.gen 20160513
Qihoo-360 Win32/Trojan.Spy.7fa 20160514
Rising Trjoan.Generic-mRcwUJ2lu4O (Cloud) 20160514
Sophos Troj/Agent-AFLI 20160514
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20160514
Symantec Infostealer.Napolar 20160514
Tencent Win32.Trojan.Generic.Eehc 20160514
TotalDefense Win32/Zbot.QNOEODC 20160512
TrendMicro TROJ_MALKRYPT.SM 20160514
TrendMicro-HouseCall TROJ_MALKRYPT.SM 20160514
VBA32 TrojanSpy.Zbot 20160513
VIPRE Trojan.Win32.Fareit.if (v) 20160514
ViRobot Trojan.Win32.S.Zbot.212281[h] 20160514
Yandex Trojan.Injector!xsqBT4LQerA 20160513
Zillya Trojan.Zbot.Win32.145296 20160513
Zoner Trojan.Fareit.A 20160514
Alibaba 20160513
Bkav 20160514
ClamAV 20160514
CMC 20160510
F-Prot 20160514
K7AntiVirus 20160514
K7GW 20160514
TheHacker 20160513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-03 17:03:55
Entry Point 0x000013FB
Number of sections 4
PE sections
Overlays
MD5 27694b68b6a628289416efb2a967a4e2
File type data
Offset 45056
Size 167225
Entropy 8.00
PE imports
SetPixel
Ellipse
CreateFileA
GetModuleFileNameA
GetModuleFileNameW
CreateFileW
Ord(3820)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(402)
Ord(5298)
Ord(4462)
Ord(2980)
Ord(6371)
Ord(2374)
Ord(6113)
Ord(5237)
Ord(4073)
Ord(4128)
Ord(6048)
Ord(5996)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(4422)
Ord(5236)
Ord(4523)
Ord(5208)
Ord(5727)
Ord(2093)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4518)
Ord(4717)
Ord(4852)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(5099)
Ord(289)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(4381)
Ord(2486)
Ord(617)
Ord(825)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4335)
Ord(4692)
Ord(5649)
Ord(4431)
Ord(1767)
Ord(2371)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(4240)
Ord(529)
Ord(4269)
Ord(1937)
Ord(4537)
Ord(1851)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(5250)
Ord(2875)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(554)
Ord(2047)
Ord(2109)
Ord(2619)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(4268)
Ord(3053)
Ord(796)
Ord(1850)
Ord(5095)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(4158)
Ord(4606)
Ord(800)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(3346)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(4459)
Ord(5239)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(4421)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4451)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(1658)
Ord(324)
Ord(560)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(5096)
Ord(1720)
Ord(4075)
Ord(4147)
Ord(652)
Ord(5094)
Ord(4420)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(4817)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(5280)
Ord(6617)
Ord(807)
Ord(561)
Ord(4292)
Ord(411)
Ord(3054)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(4154)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(613)
Ord(976)
Ord(2437)
Ord(296)
Ord(2356)
Ord(4418)
Ord(5286)
Ord(4690)
Ord(5098)
__CxxFrameHandler
malloc
fread
_ftol
fseek
fclose
sqrt
ftell
rewind
fopen
EnableWindow
GetClientRect
InvalidateRect
UpdateWindow
Number of PE resources by type
RT_STRING 14
RT_DIALOG 5
RT_MENU 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
Number of PE resources by language
CHINESE SIMPLIFIED 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:01:03 18:03:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

EntryPoint
0x13fb

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 fd38cdf0a4811e5a87d65142d3d43c46
SHA1 7cab5d6310db937b9d606a52468d3b28b86ec797
SHA256 748bba1e228b89ddff2b10410a7d95894e26f1a4341921a229815344a33cd7bf
ssdeep
3072:/Trlme/nqdLxsiCAKcjro1M5SqH9uRgxVL0H8l+4yq+PgsmO/S5Lb8lzs:/B/nqdLxsiZKw4E28lzD+PgKS5Lb8Vs

authentihash 28f709407649555383790325bedbd4bac2e2d852c911a6830948c07fb676a943
imphash 1ab15525b2ef98974c59d2f7a6be28cb
File size 207.3 KB ( 212281 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-01-04 04:22:27 UTC ( 3 years, 2 months ago )
Last submission 2016-03-02 20:58:27 UTC ( 1 year ago )
File names flashplayer.exe
flashplayer (1).exe
fd38cdf0a4811e5a87d65142d3d43c46
fd38cdf0a4811e5a87d65142d3d43c46.exe
ZeuS_binary_fd38cdf0a4811e5a87d65142d3d43c46.exe
7cab5d6310db937b9d606a52468d3b28b86ec797
fd38cdf0a4811e5a87d65142d3d43c46
file-6435798_exe
ZeuS_binary_(low)fd38cdf0a4811e5a87d65142d3d43c46.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!