× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76fca1389af231f880ad7ce75f01c282f451343fbe58128170a70a6094e94e7a
File name: Qwb3afoho1pgcxlea4jmr8.exe
Detection ratio: 41 / 56
Analysis date: 2015-10-26 18:28:01 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.344530 20151027
Yandex TrojanSpy.Zbot!FEWl/7x6NDw 20151026
AhnLab-V3 Trojan/Win32.Zbot 20151026
ALYac Gen:Variant.Kazy.344530 20151027
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151027
Arcabit Trojan.Kazy.D541D2 20151027
Avast Win32:Malware-gen 20151027
AVG PSW.Generic12.AELI 20151026
Avira (no cloud) TR/Crypt.ZPACK.53658 20151027
AVware Trojan.Win32.Generic!BT 20151026
Baidu-International Trojan.Win32.Zbot.rqst 20151026
BitDefender Gen:Variant.Kazy.344530 20151027
Bkav HW32.Packed.D245 20151026
CAT-QuickHeal Trojan.Zbot.AM4 20151026
Comodo UnclassifiedMalware 20151027
Cyren W32/Trojan.ITTD-5539 20151027
Emsisoft Gen:Variant.Kazy.344530 (B) 20151026
ESET-NOD32 Win32/Spy.Zbot.AAO 20151026
F-Secure Gen:Variant.Kazy.344530 20151027
Fortinet W32/Simda.AGEZ!tr 20151026
GData Gen:Variant.Kazy.344530 20151027
Ikarus Trojan-Spy.Win32.Zbot 20151027
K7AntiVirus Backdoor ( 0040f7ec1 ) 20151026
K7GW Backdoor ( 0040f7ec1 ) 20151026
Kaspersky Trojan-Spy.Win32.Zbot.rqst 20151027
McAfee RDN/Spybot.bfr!l 20151027
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20151027
Microsoft PWS:Win32/Zbot!CI 20151026
eScan Gen:Variant.Kazy.344530 20151027
NANO-Antivirus Trojan.Win32.Zbot.cuappi 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 HEUR/Malware.QVM20.Gen 20151027
Sophos AV Troj/Agent-AGEZ 20151027
Symantec Trojan.Zbot 20151026
Tencent Win32.Trojan-spy.Zbot.Duwj 20151027
TotalDefense Win32/Zbot.KfVbZcB 20151026
TrendMicro TROJ_SPNR.35CD14 20151027
TrendMicro-HouseCall TROJ_SPNR.35CD14 20151027
VBA32 SScope.Worm.Dorkbot.2113 20151026
VIPRE Trojan.Win32.Generic!BT 20151027
Zillya Trojan.Zbot.Win32.149554 20151026
AegisLab 20151026
Alibaba 20151026
ByteHero 20151027
ClamAV 20151027
CMC 20151026
DrWeb 20151027
F-Prot 20151027
Jiangmin 20151026
Malwarebytes 20151026
nProtect 20151026
Rising 20151026
SUPERAntiSpyware 20151027
TheHacker 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher FilmLoop Inc.
Original name Qwb3afoho1pgcxlea4jmr8.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-30 09:41:31
Entry Point 0x00013F29
Number of sections 5
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
RegCloseKey
RegQueryValueExA
AllocateAndInitializeSid
CheckTokenMembership
LookupAccountNameW
RegOpenKeyExA
RegQueryValueExW
PeekNamedPipe
EnumResourceTypesA
GetPrivateProfileStructA
GetVersionExW
GetSystemWindowsDirectoryW
GetFileAttributesW
VerifyVersionInfoW
GetCommTimeouts
_lwrite
SizeofResource
SetThreadExecutionState
BackupRead
GetThreadContext
WaitCommEvent
FlushInstructionCache
lstrcmpA
InterlockedExchange
ConvertDefaultLocale
GetProfileIntW
GetProfileStringA
WaitForMultipleObjectsEx
GetBinaryTypeA
EnumLanguageGroupLocalesW
GetTimeZoneInformation
PostQueuedCompletionStatus
MapWindowPoints
GetParent
UpdateWindow
GetPropW
SystemParametersInfoW
DefWindowProcW
EnumDesktopsW
ScreenToClient
ShowWindow
IMPGetIMEW
GetSysColorBrush
SetWindowLongW
IsWindow
SetMessageQueue
GetWindowRect
EnableWindow
MoveWindow
LoadCursorFromFileA
ChangeClipboardChain
SendDlgItemMessageW
GetWindow
PostMessageW
GetSysColor
GetScrollInfo
GetDC
CreateDialogParamW
ReleaseDC
SetScrollInfo
EndDialog
GetWindowLongW
GetWindowTextLengthW
GetDlgItem
CharLowerBuffA
SetDlgItemTextW
SetWindowPos
GetNextDlgTabItem
ClientToScreen
GetProcessWindowStation
InvalidateRect
PeekMessageW
GetActiveWindow
DialogBoxIndirectParamW
FillRect
SetWindowsHookExA
GetWindowTextW
RegisterClipboardFormatW
GetDesktopWindow
LoadIconW
GetFocus
GetMenuItemID
EndPaint
DestroyWindow
GetWindowWord
SetCursor
Number of PE resources by type
RT_BITMAP 189
RT_DIALOG 6
RT_VERSION 1
RT_ICON 1
Number of PE resources by language
BASQUE DEFAULT 197
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:04:30 10:41:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90624

LinkerVersion
0.2

FileTypeExtension
exe

InitializedDataSize
151040

SubsystemVersion
4.0

EntryPoint
0x13f29

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 132d703400870f5d4ee667a392aca872
SHA1 5a8ca131458e6c0ec6f3da76f02a940c5d04689e
SHA256 76fca1389af231f880ad7ce75f01c282f451343fbe58128170a70a6094e94e7a
ssdeep
6144:6PaR2QFXya4GDdIjKR80HX8FsxokqKROu9MGA3CyJSP:6CRwa4GwKR8FsTx9MGASyJ

authentihash 5e7aa4b3b6d21d621e2a47311bb22fb23e3ef8517eb50cc34e151420437f1cef
imphash 6c317f06f9d950ff47c6c811a0cf5ba4
File size 237.0 KB ( 242688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-28 14:41:18 UTC ( 4 years, 9 months ago )
Last submission 2014-02-28 17:50:23 UTC ( 4 years, 9 months ago )
File names Qwb3afoho1pgcxlea4jmr8.exe
invoice.132d703400870f5d4ee667a392aca872.exe
invoice.exe
VEN6Ndq2j.msc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests