× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79af8377730c25f1a27ccc55c30717f21ce4dd43e5933e3315acb327c2f9ce75
File name: 0d9e8bb30588f33e9ac4c672454b5f3297f878a2
Detection ratio: 30 / 57
Analysis date: 2015-03-01 13:53:04 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2187217 20150301
Yandex TrojanSpy.Zbot!a70S/OHS03g 20150228
AhnLab-V3 Trojan/Win32.ZBot 20150301
ALYac Trojan.GenericKD.2187217 20150301
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150301
Avast Win32:Malware-gen 20150301
AVG Zbot.YRS 20150301
Avira (no cloud) TR/Crypt.Xpack.154241 20150301
BitDefender Trojan.GenericKD.2187217 20150301
CMC Trojan.Win32.Swizzor.1!O 20150301
Emsisoft Trojan.GenericKD.2187217 (B) 20150301
ESET-NOD32 Win32/Spy.Zbot.ACB 20150301
F-Secure Trojan.GenericKD.2187217 20150301
Fortinet W32/Zbot.ACB!tr 20150301
GData Trojan.GenericKD.2187217 20150301
K7AntiVirus Spyware ( 004a08e61 ) 20150301
K7GW Spyware ( 004a08e61 ) 20150301
Kaspersky Trojan-Spy.Win32.Zbot.vbsm 20150301
McAfee GenericR-DAX!FE514C6AEA06 20150301
McAfee-GW-Edition BehavesLike.Win32.Backdoor.gc 20150301
Microsoft PWS:Win32/Zbot.gen!VM 20150301
eScan Trojan.GenericKD.2187217 20150301
NANO-Antivirus Trojan.Win32.Xpack.dohmnb 20150301
Panda Trj/Chgt.O 20150301
Qihoo-360 Win32/Trojan.Spy.f32 20150301
Sophos AV Mal/Generic-S 20150301
Symantec Trojan.Gen 20150301
TrendMicro TROJ_FORUCON.BMC 20150301
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150301
VIPRE Trojan.Win32.Generic!BT 20150301
AegisLab 20150301
Alibaba 20150301
AVware 20150228
Baidu-International 20150301
Bkav 20150228
ByteHero 20150301
CAT-QuickHeal 20150228
ClamAV 20150301
Comodo 20150301
Cyren 20150301
DrWeb 20150301
F-Prot 20150301
Ikarus 20150301
Jiangmin 20150228
Kingsoft 20150301
Malwarebytes 20150301
Norman 20150301
nProtect 20150227
Rising 20150301
SUPERAntiSpyware 20150228
Tencent 20150301
TheHacker 20150227
TotalDefense 20150301
VBA32 20150227
ViRobot 20150301
Zillya 20150228
Zoner 20150227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-24 12:04:55
Entry Point 0x00008BC1
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
GetAclInformation
GetSecurityDescriptorDacl
AddAccessAllowedAce
GetAce
InitializeAcl
LookupAccountNameW
InitializeSecurityDescriptor
AddAce
capCreateCaptureWindowA
capGetDriverDescriptionA
Ord(413)
PropertySheetA
Ord(411)
ImageList_Create
CreatePropertySheetPageA
ImageList_Add
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
CreatePolygonRgn
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
CreateDCW
BitBlt
CreateDIBSection
CreateBitmapIndirect
SetTextColor
GetObjectA
FillRgn
FrameRgn
MoveToEx
GetStockObject
CreateEllipticRgnIndirect
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
CreateSolidBrush
DeleteObject
Ellipse
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
Process32Next
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
DecodePointer
GetCurrentProcessId
OpenProcess
WriteConsoleW
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
GetModuleHandleA
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
FindFirstFileA
CloseHandle
GetSystemTimeAsFileTime
Process32First
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
GetFileAttributesA
GetProcessHeap
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
FindClose
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetModuleFileNameExA
RpcImpersonateClient
SetupDiGetDeviceInstallParamsA
SetupDiGetClassInstallParamsA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceInstallParamsA
SetupDiSetClassInstallParamsA
PathRemoveFileSpecA
PathAppendA
SetFocus
SetWindowRgn
ChildWindowFromPointEx
LoadMenuA
InvalidateRect
OffsetRect
MoveWindow
DestroyMenu
PostQuitMessage
DefWindowProcA
LoadBitmapA
SetWindowPos
GetParent
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
EndPaint
GetWindowLongA
SetCapture
ReleaseCapture
GetDlgItemTextA
MessageBoxA
SetWindowLongA
GetSysColor
GetDC
InsertMenuItemA
EndDeferWindowPos
DrawTextA
BeginPaint
CreatePopupMenu
GetMenu
LoadStringA
PtInRect
DrawIconEx
BeginDeferWindowPos
SendMessageA
GetClientRect
GetDlgItem
BringWindowToTop
SetUserObjectSecurity
ClientToScreen
TrackPopupMenuEx
GetSubMenu
GetWindowTextLengthA
CreateWindowExA
TrackPopupMenu
FillRect
CopyRect
DeferWindowPos
GetDialogBaseUnits
wsprintfA
GetFocus
GetUserObjectSecurity
DestroyWindow
GetFileVersionInfoW
WinHttpOpen
gethostname
WTSEnumerateProcessesA
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
PE exports
Number of PE resources by type
RT_BITMAP 15
RT_STRING 12
RT_ICON 10
RT_RCDATA 6
RT_CURSOR 3
RT_GROUP_ICON 2
RT_MANIFEST 1
WAVEDATA 1
Number of PE resources by language
ENGLISH US 50
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:02:24 13:04:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96768

LinkerVersion
10.0

EntryPoint
0x8bc1

InitializedDataSize
329216

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 fe514c6aea060af5819b0a7b331e2997
SHA1 0d9e8bb30588f33e9ac4c672454b5f3297f878a2
SHA256 79af8377730c25f1a27ccc55c30717f21ce4dd43e5933e3315acb327c2f9ce75
ssdeep
12288:jjwnwASj+sXG63kDtO4u+BmiDsv7gwSC+9DA6bx0:jjwnMHXG63kDw4u+BracwSC+986t0

authentihash b0b46431d17b99d54b19a8b19bbdcb9497a5ed52581d97680316d79e556337c7
imphash 4fc05a10998af8b2b9ec64e47ac185bc
File size 417.0 KB ( 427008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-01 13:53:04 UTC ( 4 years ago )
Last submission 2015-03-01 13:53:04 UTC ( 4 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!