× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79f6fedd2a6778756de23438cb665bd852290fc3d9859874d911945de20c58e0
File name: e14409ab29ad7224d437a6dc6bdb734a71701327
Detection ratio: 31 / 54
Analysis date: 2014-10-16 10:40:42 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.60523 20141016
AhnLab-V3 Trojan/Win32.DarkKomet 20141016
Avast MSIL:GenMalicious-CP [Trj] 20141016
AVG Generic11_c.ASJJ 20141016
Avira (no cloud) TR/Spy.Banker.2219 20141016
AVware Trojan.Win32.Generic.pak!cobra 20141016
BitDefender Gen:Variant.Strictor.60523 20141016
CAT-QuickHeal TrojanPWS.AutoIt.Zbot.S 20141016
CMC Trojan.Win32.Generic!O 20141016
Cyren W32/Trojan.DFLE-1096 20141016
DrWeb Win32.Rmnet.12 20141016
Emsisoft Gen:Variant.Strictor.60523 (B) 20141016
ESET-NOD32 Win32/Spy.Zbot.AAO 20141016
F-Prot W32/Trojan3.KEH 20141016
F-Secure Gen:Variant.Strictor.60523 20141016
Fortinet W32/Zbot.AAO!tr.spy 20141016
GData Gen:Variant.Strictor.60523 20141016
Ikarus Trojan.Autoit 20141016
Kaspersky Trojan-Spy.Win32.Zbot.ujpo 20141016
Malwarebytes Trojan.Zbot.AI 20141016
McAfee Generic-FAVA!65926CF3425C 20141016
McAfee-GW-Edition Generic-FAVA!65926CF3425C 20141015
Microsoft PWS:Win32/Zbot 20141016
eScan Gen:Variant.Strictor.60523 20141016
nProtect Trojan.Autoit.Agent.GV 20141016
Qihoo-360 HEUR/QVM11.1.Malware.Gen 20141016
Sophos AV Mal/Generic-S 20141016
Symantec Trojan.Zbot 20141016
Tencent Win32.Trojan.Inject.Auto 20141016
TrendMicro-HouseCall TROJ_GEN.R011B01JD14 20141016
VIPRE Trojan.Win32.Generic.pak!cobra 20141016
AegisLab 20141016
Yandex 20141015
Antiy-AVL 20141016
Baidu-International 20141015
Bkav 20141015
ByteHero 20141016
ClamAV 20141016
Comodo 20141016
Jiangmin 20141015
K7AntiVirus 20141016
K7GW 20141015
Kingsoft 20141016
NANO-Antivirus 20141016
Norman 20141016
Rising 20141016
SUPERAntiSpyware 20141016
TheHacker 20141013
TotalDefense 20141016
TrendMicro 20141016
VBA32 20141015
ViRobot 20141016
Zillya 20141015
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 8, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000DDEB0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
634880

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.3.8.1

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
184320

MIMEType
application/octet-stream

FileVersion
3, 3, 8, 1

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:10:16 11:41:23+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:10:16 11:41:23+01:00

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 8, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

EntryPoint
0xddeb0

ObjectFileType
Unknown

File identification
MD5 65926cf3425c8742dad05744ed832a8b
SHA1 e14409ab29ad7224d437a6dc6bdb734a71701327
SHA256 79f6fedd2a6778756de23438cb665bd852290fc3d9859874d911945de20c58e0
ssdeep
24576:YthEVaPqLLTZCAcGIo0rpHfaW8nj49hS0v:8EVUcLTZCAJy

authentihash e45a1ddf105b9d0c74b3e5b328a20befd3fe713dd6ef4ef015b992cedeadfebe
imphash 890e522b31701e079a367b89393329e6
File size 982.3 KB ( 1005894 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.6%)
UPX compressed Win32 Executable (5.2%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-16 10:40:42 UTC ( 4 years, 1 month ago )
Last submission 2014-10-16 10:40:42 UTC ( 4 years, 1 month ago )
File names 79f6fedd2a6778756de23438cb665bd852290fc3d9859874d911945de20c58e0.exe
e14409ab29ad7224d437a6dc6bdb734a71701327
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.