× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79faf1e52e42e74b43d524f36f00c6f46545616d12f152b2ccf25e6bb5eab534
File name: babde9b05c431c3622d2a0b749e779aca7fefafd
Detection ratio: 7 / 57
Analysis date: 2015-06-06 00:55:18 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Zbot.A.77 20150606
ESET-NOD32 Win32/Spy.Zbot.ACB 20150606
Kaspersky Trojan.Win32.Inject.uxby 20150606
Panda Generic Suspicious 20150605
Tencent Trojan.Win32.YY.Gen.30 20150606
TrendMicro TROJ_FORUCON.BMC 20150605
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150606
Ad-Aware 20150606
AegisLab 20150606
Yandex 20150605
AhnLab-V3 20150605
Alibaba 20150605
ALYac 20150606
Antiy-AVL 20150605
Arcabit 20150605
Avast 20150606
AVG 20150606
AVware 20150606
Baidu-International 20150605
BitDefender 20150606
Bkav 20150605
ByteHero 20150606
CAT-QuickHeal 20150605
ClamAV 20150606
CMC 20150604
Comodo 20150605
Cyren 20150605
DrWeb 20150606
Emsisoft 20150606
F-Prot 20150605
F-Secure 20150606
Fortinet 20150605
GData 20150606
Ikarus 20150605
Jiangmin 20150605
K7AntiVirus 20150605
K7GW 20150605
Kingsoft 20150606
Malwarebytes 20150605
McAfee 20150606
McAfee-GW-Edition 20150605
Microsoft 20150605
eScan 20150606
NANO-Antivirus 20150605
nProtect 20150605
Qihoo-360 20150606
Rising 20150605
Sophos AV 20150606
SUPERAntiSpyware 20150606
Symantec 20150606
TheHacker 20150604
TotalDefense 20150605
VBA32 20150605
VIPRE 20150606
ViRobot 20150605
Zillya 20150605
Zoner 20150605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-05 11:34:11
Entry Point 0x0000A175
Number of sections 3
PE sections
PE imports
ImageList_GetImageCount
ImageList_Create
ImageList_GetBkColor
ImageList_GetIcon
ImageList_DragEnter
ImageList_EndDrag
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetVersion
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
GetStartupInfoA
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GlobalReAlloc
ResetEvent
lstrcmpW
GetProcAddress
CreateEventW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
AccessibleObjectFromEvent
LresultFromObject
GetRoleTextW
CreateStdAccessibleObject
GetOleaccVersionInfo
AccessibleObjectFromWindow
VariantChangeType
VariantInit
VariantClear
MapWindowPoints
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
ReleaseDC
DrawTextExW
GetPropW
LoadBitmapW
GetFocus
DefWindowProcW
CopyRect
GetCapture
GetMenuState
MessageBoxW
DestroyMenu
PostQuitMessage
SetWinEventHook
GetMessagePos
SetPropW
GetParent
GetWindowThreadProcessId
ValidateRect
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GrayStringW
GetWindowRect
EnableWindow
UnhookWindowsHookEx
SetWindowPos
AdjustWindowRectEx
GetMessageTime
GetWindow
PostMessageW
GetSysColor
SendMessageW
SetMenuItemBitmaps
GetDC
GetKeyState
SystemParametersInfoA
GetDlgCtrlID
CheckMenuItem
GetMenu
UnregisterClassA
GetClassLongW
GetMenuCheckMarkDimensions
RegisterClassW
GetWindowLongW
WinHelpW
GetWindowPlacement
IsWindowEnabled
SetWindowTextW
GetDlgItem
RemovePropW
DrawTextW
UnhookWinEvent
IsIconic
ClientToScreen
CallNextHookEx
GetSubMenu
CreateWindowExW
CallWindowProcW
GetClassNameW
GetMenuItemID
GetTopWindow
ModifyMenuW
GetClientRect
GetWindowTextW
EnableMenuItem
GetSysColorBrush
SetWindowsHookExW
LoadCursorW
LoadIconW
GetClassInfoW
DispatchMessageW
TabbedTextOutW
GetMenuItemCount
SetForegroundWindow
DestroyWindow
GetLastActivePopup
PtInRect
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetOpenFileNameW
GetFileTitleW
ChooseFontW
GetSaveFileNameW
ReplaceTextW
CommDlgExtendedError
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:05 12:34:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
8.0

EntryPoint
0xa175

InitializedDataSize
270336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1ace268b24aed3ceb9a81200b51f8ac2
SHA1 babde9b05c431c3622d2a0b749e779aca7fefafd
SHA256 79faf1e52e42e74b43d524f36f00c6f46545616d12f152b2ccf25e6bb5eab534
ssdeep
6144:Uhly0npsGKwCWb0bVhRDSF59iLgOWh3DKNH0/ojW9zTgLrW3:2sGKTWARSD6gOWh3DgcHgg

authentihash f65fec246088508dfdff4b855b826e85dd6c7c4eb8d5fbe8929340fb041ff238
imphash 31d783643e02c703917815870cf1f627
File size 336.0 KB ( 344064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-06 00:55:18 UTC ( 3 years, 9 months ago )
Last submission 2015-06-06 00:55:18 UTC ( 3 years, 9 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.