× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 786807f3eb3d8aa6329d8904692c72e9fc1e07110b0c3a85f10b51c863d04636
File name: vt-upload-1JeIG
Detection ratio: 34 / 54
Analysis date: 2014-06-25 08:11:46 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.25232 20140625
AntiVir TR/Crypt.ZPACK.87158 20140625
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140624
Avast Win32:Downloader-VII [Trj] 20140625
AVG Downloader.Generic13.CGNN 20140625
BitDefender Trojan.GenericKDZ.25232 20140625
Bkav W32.DropperHeqyarN.Trojan 20140624
Commtouch W32/Downloader.OPBB-6300 20140625
DrWeb Trojan.Boaxxe.209 20140625
Emsisoft Trojan.GenericKDZ.25232 (B) 20140625
ESET-NOD32 Win32/Spy.Zbot.AAO 20140625
F-Secure Trojan.GenericKDZ.25232 20140625
Fortinet W32/Kryptik.VAS!tr 20140624
GData Trojan.GenericKDZ.25232 20140625
Ikarus Trojan.Inject2 20140625
Jiangmin TrojanSpy.Zbot.hfch 20140625
Kaspersky HEUR:Trojan.Win32.Generic 20140625
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140625
Malwarebytes Spyware.Zbot.ED 20140625
McAfee Downloader-FYH!7303E356EF4E 20140625
McAfee-GW-Edition Downloader-FYH!7303E356EF4E 20140624
Microsoft PWS:Win32/Zbot.gen!AJ 20140625
eScan Trojan.GenericKDZ.25232 20140625
NANO-Antivirus Trojan.Win32.Zbot.cyuril 20140625
nProtect Trojan.GenericKDZ.25232 20140625
Panda Trj/CI.A 20140624
Qihoo-360 HEUR/Malware.QVM19.Gen 20140625
Rising PE:Trojan.Zemot!6.19D2 20140623
Sophos Mal/Zbot-QU 20140625
Tencent Win32.Trojan.Generic.Adtz 20140625
TrendMicro TROJ_GEN.R011C0DFL14 20140625
TrendMicro-HouseCall TROJ_GEN.R011C0DFL14 20140625
VIPRE Trojan.Win32.Generic!BT 20140625
ViRobot Trojan.Win32.Zbot.157192 20140625
AegisLab 20140625
Yandex 20140624
AhnLab-V3 20140625
Baidu-International 20140624
ByteHero 20140625
CAT-QuickHeal 20140624
ClamAV 20140624
CMC 20140624
Comodo 20140625
F-Prot 20140625
K7AntiVirus 20140624
K7GW 20140624
Norman 20140625
SUPERAntiSpyware 20140625
Symantec 20140625
TheHacker 20140624
TotalDefense 20140624
VBA32 20140624
Zillya 20140624
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-10-07 18:18:40
Entry Point 0x0000D41F
Number of sections 4
PE sections
PE imports
Rectangle
StretchDIBits
LocalFree
GetStartupInfoA
LocalLock
GetFileSize
GetModuleHandleA
GetModuleFileNameW
GlobalFree
ReadFile
GlobalAlloc
LocalAlloc
CloseHandle
GlobalUnlock
GetProcAddress
GlobalLock
LocalUnlock
LoadLibraryA
GlobalHandle
Ord(6197)
Ord(1775)
Ord(2358)
Ord(2438)
Ord(4080)
Ord(2362)
Ord(537)
Ord(4710)
Ord(2414)
Ord(4129)
Ord(506)
Ord(1641)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(5101)
Ord(3394)
Ord(4468)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5953)
Ord(1665)
Ord(4303)
Ord(2884)
Ord(5105)
Ord(2864)
Ord(2383)
Ord(2393)
Ord(4246)
Ord(6215)
Ord(5875)
Ord(4441)
Ord(1725)
Ord(517)
Ord(2915)
Ord(4220)
Ord(5787)
Ord(4852)
Ord(3869)
Ord(4529)
Ord(795)
Ord(2652)
Ord(4531)
Ord(815)
Ord(2723)
Ord(6270)
Ord(4635)
Ord(641)
Ord(5788)
Ord(1175)
Ord(3351)
Ord(3716)
Ord(2514)
Ord(4953)
Ord(3177)
Ord(338)
Ord(4750)
Ord(3454)
Ord(4998)
Ord(5277)
Ord(353)
Ord(5120)
Ord(941)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(6216)
Ord(5265)
Ord(4425)
Ord(6111)
Ord(1669)
Ord(4627)
Ord(1168)
Ord(6241)
Ord(4716)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(2301)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4823)
Ord(1746)
Ord(2513)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1859)
Ord(5791)
Ord(2587)
Ord(3729)
Ord(4607)
Ord(4229)
Ord(472)
Ord(2294)
Ord(401)
Ord(1727)
Ord(5102)
Ord(823)
Ord(6267)
Ord(5243)
Ord(283)
Ord(1644)
Ord(3172)
Ord(2379)
Ord(2725)
Ord(4133)
Ord(5926)
Ord(5472)
Ord(4436)
Ord(3654)
Ord(800)
Ord(4262)
Ord(4245)
Ord(4694)
Ord(2512)
Ord(470)
Ord(4427)
Ord(2642)
Ord(4274)
Ord(5284)
Ord(755)
Ord(5067)
Ord(4696)
Ord(6131)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(1146)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(2370)
Ord(4892)
Ord(3749)
Ord(4077)
Ord(3721)
Ord(6336)
Ord(2584)
Ord(2391)
Ord(3262)
Ord(6052)
Ord(5653)
Ord(674)
Ord(293)
Ord(975)
Ord(1576)
Ord(3573)
Ord(6376)
Ord(4353)
Ord(1776)
Ord(2880)
Ord(3748)
Ord(2564)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(4275)
Ord(6117)
Ord(3663)
Ord(562)
Ord(4428)
Ord(4152)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(4545)
Ord(3346)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(4370)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(4297)
Ord(4204)
Ord(5163)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(3711)
Ord(1834)
Ord(2764)
Ord(2446)
Ord(3499)
Ord(2510)
Ord(4406)
Ord(3402)
Ord(1920)
Ord(858)
Ord(4834)
Ord(4623)
Ord(324)
Ord(3692)
Ord(4238)
Ord(3830)
Ord(790)
Ord(1768)
Ord(1871)
Ord(2385)
Ord(3597)
Ord(816)
Ord(4349)
Ord(2878)
Ord(3092)
Ord(3079)
Ord(4899)
Ord(6334)
Ord(652)
Ord(535)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(289)
Ord(2399)
Ord(4153)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(3403)
Ord(5280)
Ord(5255)
Ord(4622)
Ord(561)
Ord(4216)
Ord(2390)
Ord(411)
Ord(4960)
Ord(5261)
Ord(355)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(5016)
Ord(4608)
Ord(2879)
Ord(4486)
Ord(4698)
Ord(5254)
Ord(613)
Ord(4588)
Ord(4375)
Ord(976)
Ord(6055)
Ord(6199)
Ord(4341)
Ord(4858)
Ord(784)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(804)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(402)
Ord(6170)
Ord(860)
Ord(5731)
Ord(783)
__p__fmode
rand
??1type_info@@UAE@XZ
srand
__dllonexit
_except_handler3
log
fabs
__p__commode
sqrt
_onexit
exit
_XcptFilter
_ftol
__setusermatherr
log10
_controlfp
_acmdln
memset
_adjust_fdiv
memcpy
wcscat
_wfopen
_initterm
_setmbcp
cos
__CxxFrameHandler
__getmainargs
sin
strcpy
time
_exit
__set_app_type
cos
fabs
_ftol
memset
sqrt
sin
memcpy
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1970:10:07 19:18:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53249

LinkerVersion
9.0

FileAccessDate
2014:06:25 09:11:29+01:00

EntryPoint
0xd41f

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
0.0

FileCreateDate
2014:06:25 09:11:29+01:00

UninitializedDataSize
0

File identification
MD5 7303e356ef4ec03c003a372204c2ad52
SHA1 5d90965a6c05ece08b098a537b782cf0a9d5c51f
SHA256 786807f3eb3d8aa6329d8904692c72e9fc1e07110b0c3a85f10b51c863d04636
ssdeep
6144:N/EKYrfewze3xXoYLHGPzTYPefH4C0ynlFNdHinckSRnGteBYytRhHfjQ:XYrfewzedXM10ynlFvCckSV8eeypLQ

imphash 3592de2d4e3e473acca568dfb78b58d0
File size 357.5 KB ( 366088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-25 08:11:46 UTC ( 2 years, 10 months ago )
Last submission 2014-06-25 08:11:46 UTC ( 2 years, 10 months ago )
File names vt-upload-1JeIG
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!