× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7bf045e5678acfe307e29d96f66412fd5d5f88d28f9dfeabb92cd407e9f45562
File name: 88550f8c841739ce9b9735abe5273dff215b4a50
Detection ratio: 29 / 57
Analysis date: 2015-02-17 18:46:42 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2108443 20150217
Yandex TrojanSpy.Zbot!ilTti0Rujjs 20150216
ALYac Trojan.GenericKD.2108443 20150217
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150216
Avast Win32:Malware-gen 20150217
AVG Zbot.XGU 20150217
Avira (no cloud) TR/Crypt.Xpack.128701 20150217
AVware Trojan.Win32.Generic!BT 20150217
BitDefender Trojan.GenericKD.2108443 20150217
Emsisoft Trojan.GenericKD.2108443 (B) 20150217
ESET-NOD32 Win32/Spy.Zbot.ACB 20150217
F-Secure Trojan.GenericKD.2108443 20150217
Fortinet W32/Zbot.ACB!tr.spy 20150216
GData Trojan.GenericKD.2108443 20150217
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150217
K7GW DoS-Trojan ( 200d63751 ) 20150217
Kaspersky Trojan-Spy.Win32.Zbot.uwoa 20150217
Malwarebytes Trojan.Agent.ED 20150217
McAfee Generic-FAVQ!47EF287388A4 20150217
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.fc 20150216
eScan Trojan.GenericKD.2108443 20150217
NANO-Antivirus Trojan.Win32.Zbot.dmurvr 20150216
nProtect Trojan.GenericKD.2108443 20150216
Panda Trj/Genetic.gen 20150216
Sophos AV Mal/Generic-S 20150217
Symantec Trojan.Gen 20150217
TrendMicro TROJ_GEN.R021C0FB815 20150217
TrendMicro-HouseCall TROJ_GEN.R021C0FB815 20150217
VIPRE Trojan.Win32.Generic!BT 20150217
AegisLab 20150217
AhnLab-V3 20150216
Alibaba 20150217
Baidu-International 20150216
Bkav 20150213
ByteHero 20150217
CAT-QuickHeal 20150217
ClamAV 20150217
CMC 20150214
Comodo 20150217
Cyren 20150217
DrWeb 20150217
F-Prot 20150217
Ikarus 20150217
Jiangmin 20150216
Kingsoft 20150217
Microsoft 20150217
Norman 20150216
Qihoo-360 20150217
Rising 20150216
SUPERAntiSpyware 20150215
Tencent 20150217
TheHacker 20150217
TotalDefense 20150216
VBA32 20150216
ViRobot 20150216
Zillya 20150216
Zoner 20150216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-22 20:29:02
Entry Point 0x000039D8
Number of sections 6
PE sections
PE imports
GetSecurityDescriptorSacl
RegDisablePredefinedCache
InitializeSecurityDescriptor
ImageList_DragLeave
FindTextW
CreateDCA
EndPage
DeleteDC
SelectObject
GetStockObject
EndDoc
StartPage
CreateCompatibleDC
StretchBlt
ImmGetContext
ImmGetOpenStatus
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
ExpandEnvironmentStringsA
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
WriteConsoleW
InterlockedIncrement
WNetGetConnectionA
GetProcessMemoryInfo
PathGetArgsA
GetCursorPos
GetSubMenu
LoadCursorA
LoadIconA
wsprintfA
SetDlgItemTextA
IsDlgButtonChecked
GetShellWindow
GetClientRect
LoadIconW
DefWindowProcA
OemToCharA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GdipDrawLineI
GdipDrawEllipseI
GdipCreateFromHDC
GdiplusStartup
GdipCreatePen1
GdipFree
GdipDrawRectangleI
GdipAlloc
GdiplusShutdown
GdipDeleteGraphics
GdipDeletePen
PE exports
Number of PE resources by type
RT_BITMAP 8
RT_DIALOG 5
RT_RCDATA 5
GOOGLEUPDATE 1
RT_MANIFEST 1
RT_STRING 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:22 21:29:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
111616

LinkerVersion
10.0

EntryPoint
0x39d8

InitializedDataSize
227840

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 47ef287388a4748afc21131a8a550fc6
SHA1 88550f8c841739ce9b9735abe5273dff215b4a50
SHA256 7bf045e5678acfe307e29d96f66412fd5d5f88d28f9dfeabb92cd407e9f45562
ssdeep
6144:+x3KXiDxE5P4biCmFxC+j7Q/AOlBgMqVZo14VcWCEjh7gE8yc10t:46XitE6+PxZ7Q/yf1VBCEF8EM1C

authentihash b98043673f1ecfd2456ec0765ae4c84622b49870e47d48531fbc2e09e4146e90
imphash 3cc0b4ca76c44b5676d396a2086ddf8c
File size 332.5 KB ( 340480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-17 18:46:42 UTC ( 4 years, 1 month ago )
Last submission 2015-02-17 18:46:42 UTC ( 4 years, 1 month ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.