× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78865415a1493fe53482601b8aa238f8c79438005826c2389f97aa0a1fc068a1
File name: bot.exe
Detection ratio: 32 / 41
Analysis date: 2012-06-11 18:47:17 UTC ( 5 years, 4 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.Gen 20120611
Avast Win32:MalOb-A [Cryp] 20120611
AVG Win32/Heri 20120611
BitDefender Trojan.Spy.Zbot.SO 20120611
CAT-QuickHeal TrojanPWS.Zbot.Y 20120611
Commtouch W32/Zbot.Z.gen!Eldorado 20120611
Comodo TrojWare.Win32.Spy.Zbot.GEN 20120611
DrWeb Trojan.PWS.Panda.311 20120611
Emsisoft Trojan-Spy.Win32.Zbot!IK 20120611
F-Prot W32/Zbot.Z.gen!Eldorado 20120611
F-Secure Trojan.Spy.Zbot.SO 20120611
Fortinet W32/Zbot.gen!tr 20120611
GData Trojan.Spy.Zbot.SO 20120611
Ikarus Trojan-Spy.Win32.Zbot 20120611
K7AntiVirus Riskware 20120611
Kaspersky Trojan-Spy.Win32.Zbot.gen 20120611
McAfee BackDoor-DKI.gen.bf 20120611
McAfee-GW-Edition BackDoor-DKI.gen.bf 20120611
Microsoft PWS:Win32/Zbot.PG 20120607
NOD32 a variant of Win32/Spy.Zbot.NJ 20120611
Norman W32/ZBot.gen.gen 20120611
nProtect Trojan.Spy.Zbot.SO 20120611
Panda Suspicious file 20120611
PCTools HeurEngine.MaliciousPacker 20120611
Sophos AV Mal/Zbot-O 20120611
Symantec Packed.Generic.232 20120611
TotalDefense Win32/KollahCryptor.B 20120611
TrendMicro TSPY_ZBOT.SMLA 20120611
TrendMicro-HouseCall TSPY_ZBOT.SMLA 20120610
VBA32 Malware-Cryptor.Win32.Vals.22 20120611
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20120611
VirusBuster TrojanSpy.ZBot.Gen!Pac.9 20120611
Antiy-AVL 20120611
ByteHero 20120606
ClamAV 20120611
eSafe 20120610
Jiangmin 20120611
Rising 20120611
SUPERAntiSpyware 20120609
TheHacker 20120611
ViRobot 20120611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-07-24 23:28:28
Entry Point 0x0000E752
Number of sections 3
PE sections
PE imports
DuplicateTokenEx
CryptReleaseContext
RegCloseKey
GetUserNameW
CryptGetHashParam
RegQueryValueExA
CryptAcquireContextW
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
CryptHashData
RegEnumKeyExA
CryptDestroyHash
CryptCreateHash
GetModuleFileNameW
SetFilePointer
ReleaseMutex
lstrcatA
GetFileSize
GetModuleHandleA
GetFileAttributesA
FindResourceW
FindNextFileW
SetEvent
MultiByteToWideChar
OpenMutexW
VirtualProtect
GetCommandLineA
GetFileAttributesW
VirtualAlloc
PathMatchSpecW
PathFindFileNameW
wnsprintfW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrCmpNIA
wvnsprintfW
StrStrW
PathCombineW
wnsprintfA
GetCursorPos
GetWindowThreadProcessId
LoadCursorA
GetMessageA
GetWindowLongA
GetDlgItemTextA
PeekMessageA
GetDlgItem
ToUnicode
SetProcessWindowStation
GetForegroundWindow
ExitWindowsEx
CloseWindowStation
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:07:25 00:28:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
60416

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
23040

SubsystemVersion
4.0

EntryPoint
0xe752

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

File identification
MD5 4e9a5f7e45043f7ce0e2822b947fc117
SHA1 94fdba568fe79f8587085b8e7ccabeffd0d4866b
SHA256 78865415a1493fe53482601b8aa238f8c79438005826c2389f97aa0a1fc068a1
ssdeep
1536:Ft7kywC+4v+Zt7a3jSMCx25GU0LXVlm29qSoIZ7yVW:Ft4yD+9tu3jMg5twVlr9q1INyA

authentihash 64c090b5c6246f6ce50069aca86fbe46276b465023c2700543baa990233ce743
imphash a787306feef041ca742e60a0df95047a
File size 62.5 KB ( 64000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-11 18:25:12 UTC ( 5 years, 4 months ago )
Last submission 2016-01-21 00:38:59 UTC ( 1 year, 9 months ago )
File names 4e9a5f7e45043f7ce0e2822b947fc117
bot.exe
output.1660267.txt
78865415a1493fe53482601b8aa238f8c79438005826c2389f97aa0a1fc068a1
78865415a1493fe53482601b8aa238f8c79438005826c2389f97aa0a1fc068a1.vir
1660267
191eed37373435fc4099e70eecdabf78.exe
643f38470ba0ade79c3a8ce966664211.exe
77c1431726c979def41a16b6ea453b47.exe
78865415a1493fe53482601b8aa238f8c79438005826c2389f97aa0a1fc068a1.bin
file
ZeuS_binary_4e9a5f7e45043f7ce0e2822b947fc117.exe
ZeuS_binary_4e9a5f7e45043f7ce0e2822b947fc117.dat
fb3b34aa74f5b006eb5c023ce09b98d2.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!