× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79ff18daf137317ae187c68481bbf6ff0c4a1d87fc319174c6689f3ffb2f5d70
File name: 9fca705ab07c15172a7cd3da63de748bb0b85871
Detection ratio: 2 / 57
Analysis date: 2015-06-13 00:59:32 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.ACB 20150612
Kaspersky UDS:DangerousObject.Multi.Generic 20150613
Ad-Aware 20150613
AegisLab 20150613
Yandex 20150612
AhnLab-V3 20150612
Alibaba 20150611
ALYac 20150613
Antiy-AVL 20150613
Arcabit 20150613
Avast 20150613
AVG 20150612
Avira (no cloud) 20150612
AVware 20150612
Baidu-International 20150612
BitDefender 20150613
Bkav 20150612
ByteHero 20150613
CAT-QuickHeal 20150612
ClamAV 20150613
CMC 20150610
Comodo 20150613
Cyren 20150613
DrWeb 20150613
Emsisoft 20150612
F-Prot 20150613
F-Secure 20150612
Fortinet 20150612
GData 20150612
Ikarus 20150612
Jiangmin 20150610
K7AntiVirus 20150612
K7GW 20150612
Kingsoft 20150613
Malwarebytes 20150612
McAfee 20150613
McAfee-GW-Edition 20150612
Microsoft 20150612
eScan 20150612
NANO-Antivirus 20150613
nProtect 20150612
Panda 20150612
Qihoo-360 20150613
Rising 20150612
Sophos AV 20150612
SUPERAntiSpyware 20150613
Symantec 20150613
Tencent 20150613
TheHacker 20150611
TotalDefense 20150612
TrendMicro 20150612
TrendMicro-HouseCall 20150613
VBA32 20150612
VIPRE 20150612
ViRobot 20150612
Zillya 20150612
Zoner 20150612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-12 10:40:31
Entry Point 0x000026AC
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
SetHandleCount
RemoveDirectoryW
SetTapeParameters
GetConsoleCP
GetOEMCP
LCMapStringA
VirtualFree
IsDebuggerPresent
GetTickCount
TlsAlloc
GetVersionExA
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleOutputCP
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
QueryPerformanceCounter
TlsFree
GetStartupInfoW
SetStdHandle
GetModuleHandleA
GetCPInfo
GetModuleFileNameW
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
HeapDestroy
LocalFree
TerminateProcess
CreateEventW
WriteConsoleA
InitializeCriticalSection
HeapCreate
SetLastError
CreateProcessW
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
MprAdminPortEnum
MprAdminMIBEntryGet
MprAdminPortGetInfo
MprAdminTransportCreate
MprAdminPortReset
MprAdminMIBServerDisconnect
MprConfigBufferFree
MprConfigInterfaceGetHandle
MprConfigInterfaceGetInfo
MprConfigInterfaceCreate
MprAdminMIBEntrySet
MprAdminTransportGetInfo
MprAdminMIBEntryCreate
MprAdminPortDisconnect
MprConfigInterfaceDelete
MprAdminMIBServerConnect
MprAdminMIBEntryGetFirst
MprAdminMIBEntryDelete
MprAdminMIBEntryGetNext
MprConfigInterfaceEnum
MprAdminRegisterConnectionNotification
MprAdminTransportSetInfo
MprAdminServerGetCredentials
MprAdminServerDisconnect
MprConfigGetFriendlyName
MprConfigInterfaceSetInfo
MprAdminServerConnect
MprAdminServerSetCredentials
MprAdminUserGetInfo
MprAdminSendUserMessage
MprConfigGetGuidName
MprAdminServerGetInfo
MprAdminPortClearStats
MprAdminUserSetInfo
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:12 11:40:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
233472

LinkerVersion
8.0

EntryPoint
0x26ac

InitializedDataSize
94208

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2ad39512ae42bedd6f5618b34567bcd1
SHA1 9fca705ab07c15172a7cd3da63de748bb0b85871
SHA256 79ff18daf137317ae187c68481bbf6ff0c4a1d87fc319174c6689f3ffb2f5d70
ssdeep
3072:TbYYbdrQOPehADhrBY569ViWMKl4ayAScX5fW3WX/chGnop20Zwx50OIAHIt:TbHbdrrPeh4B1/lTyAS8VgK06H

authentihash 2849c739466b1bd711514c1236a870adcf9ee85d4e8a80db6f3de73e5de6297d
imphash 1b790b05572afaa44f6b88092d128db3
File size 284.0 KB ( 290816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-13 00:59:32 UTC ( 3 years, 9 months ago )
Last submission 2015-06-13 00:59:32 UTC ( 3 years, 9 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.