× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7585d6a067ec91f8a56ca1f09ab58fd28d44b9990c5f75ade48e901515d003af
File name: 0f8941668240a57015b977e08c71bf6a
Detection ratio: 21 / 57
Analysis date: 2015-01-13 18:58:14 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150112
Avast Win32:Crypt-RQS [Trj] 20150113
AVG Crypt3.BQVR 20150113
Avira (no cloud) TR/Crypt.ZPACK.119738 20150110
Bkav HW32.Packed.2D59 20150113
ESET-NOD32 a variant of Win32/Kryptik.CUXK 20150113
Fortinet W32/Zbot.CUXK!tr 20150113
GData Win32.Trojan.Agent.K50PLZ 20150113
Ikarus Trojan-Spy.Zbot 20150113
Kaspersky Trojan-Spy.Win32.Zbot.uuur 20150113
Malwarebytes Trojan.Agent.ED 20150113
McAfee Gamarue-FAS!0F8941668240 20150113
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20150113
Microsoft PWS:Win32/Zbot.gen!VM 20150113
Panda Trj/CI.A 20150113
Qihoo-360 Win32/Trojan.c9d 20150113
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150113
Sophos AV Mal/Generic-S 20150113
TotalDefense Win32/Zbot.TKPaXFB 20150113
TrendMicro TROJ_GEN.R028C0DAA15 20150113
TrendMicro-HouseCall TROJ_GEN.R028C0DAA15 20150113
Ad-Aware 20150113
AegisLab 20150113
Yandex 20150113
AhnLab-V3 20150113
Alibaba 20150113
ALYac 20150113
AVware 20150113
Baidu-International 20150113
BitDefender 20150113
ByteHero 20150113
CAT-QuickHeal 20150113
ClamAV 20150113
CMC 20150113
Comodo 20150113
Cyren 20150113
DrWeb 20150113
Emsisoft 20150113
F-Prot 20150113
F-Secure 20150113
Jiangmin 20150112
K7AntiVirus 20150113
K7GW 20150113
Kingsoft 20150113
eScan 20150113
NANO-Antivirus 20150113
Norman 20150113
nProtect 20150113
SUPERAntiSpyware 20150113
Symantec 20150113
Tencent 20150113
TheHacker 20150112
VBA32 20150113
VIPRE 20150113
ViRobot 20150113
Zillya 20150112
Zoner 20150112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-08 09:40:51
Entry Point 0x0001F60E
Number of sections 4
PE sections
PE imports
OpenProcessToken
capCreateCaptureWindowW
LineTo
SetBkMode
MoveToEx
GetStockObject
TextOutA
SelectObject
SetBkColor
SetTextColor
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
FreeEnvironmentStringsA
HeapSetInformation
GetCurrentProcess
GetEnvironmentStrings
DecodePointer
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
WNetConnectionDialog
acmMetrics
acmFormatEnumA
acmDriverOpen
acmDriverClose
StrDupA
ReleaseDC
GetSystemMetrics
SetTimer
EnumDesktopsA
DlgDirListA
DrawTextA
EndPaint
BeginPaint
MessageBoxA
KillTimer
DestroyMenu
PostQuitMessage
GetDC
InvalidateRect
OpenThemeData
CloseThemeData
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 3
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:08 10:40:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
236544

LinkerVersion
10.0

FileAccessDate
2015:01:13 20:00:06+01:00

EntryPoint
0x1f60e

InitializedDataSize
33280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2015:01:13 20:00:06+01:00

UninitializedDataSize
0

File identification
MD5 0f8941668240a57015b977e08c71bf6a
SHA1 2d16417d7c59fa41d8455fa8db9cc352d4b52519
SHA256 7585d6a067ec91f8a56ca1f09ab58fd28d44b9990c5f75ade48e901515d003af
ssdeep
3072:X5LTd+cWHE4p6kepOhvUx4DzYWqcoLFaZVrwDaQHZgjYL/6u3xI9PyEiMvH5j:pLTgcWxFQKvUatVoLFaZdCKk6gNEBB

authentihash 322d47cfd8f9af05531d15a9f1e1bdcaa21e1437f85547fd66f8225e6232e3ff
imphash 14f8077019bda44015aaf887231a83d6
File size 264.5 KB ( 270852 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-13 18:58:14 UTC ( 4 years, 2 months ago )
Last submission 2015-01-13 18:58:14 UTC ( 4 years, 2 months ago )
File names 0f8941668240a57015b977e08c71bf6a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.