× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c2c4485dcf24d767599d1e720749a323353fd00a44c55401f4e285332ea54cd
File name: 98aecf4b5d3854634a87fe13249c27d5.exe
Detection ratio: 36 / 41
Analysis date: 2011-05-05 11:55:36 UTC ( 7 years, 1 month ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Meredrop.235008 20110504
AntiVir TR/Spy.ZBot.235008 20110505
Antiy-AVL Trojan/MSIL.Zbot.gen 20110505
Avast MSIL:AutoRun-T 20110505
Avast5 MSIL:AutoRun-T 20110505
AVG Dropper.Generic2.WCM 20110505
BitDefender Trojan.Generic.KD.18663 20110505
CAT-QuickHeal TrojanSpy.MSIL.Zbot.e 20110505
ClamAV Trojan.KillAV.VT 20110505
Commtouch W32/MalwareF.FDOP 20110505
Comodo TrojWare.MSIL.Spy.Zbot.e 20110505
DrWeb Trojan.Hosts.610 20110505
eSafe Win32.Trojan 20110504
F-Prot W32/MalwareF.FDOP 20110505
F-Secure Trojan:W32/Agent.DJVM 20110505
Fortinet MSIL/KeyLogger.AWB!tr 20110505
GData Trojan.Generic.KD.18663 20110505
Ikarus Trojan-Spy.MSIL 20110505
Jiangmin TrojanSpy.MSIL.pi 20110503
K7AntiVirus Riskware 20110504
Kaspersky Trojan-Spy.MSIL.Zbot.e 20110505
McAfee Downloader-AWM.gen.s 20110505
McAfee-GW-Edition Downloader-AWM.gen.s 20110505
Microsoft PWS:Win32/Zbot 20110505
NOD32 Win32/Spy.Zbot.NJ 20110505
Norman W32/Meredrop.EM 20110505
Panda Trj/CI.A 20110504
PCTools Trojan.Gen 20110504
Prevx High Risk Cloaked Malware 20110505
Sophos AV Troj/Meredrop-N 20110505
Symantec Trojan.Gen 20110505
TheHacker Trojan/Zbot.e 20110505
TrendMicro TSPY_ZBOT.CDN 20110505
TrendMicro-HouseCall TSPY_ZBOT.CDN 20110505
VBA32 TrojanSpy.MSIL.Zbot.e 20110505
VIPRE Trojan.Win32.Meredrop 20110504
eTrust-Vet 20110505
Rising 20110505
SUPERAntiSpyware 20110505
ViRobot 20110505
VirusBuster 20110505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Microsoft Corp. 1981-2010

Publisher Microsoft
Product Microsoft
Original name poly.exe
Internal name poly.exe
File version 2.3.0.0
Comments Windows Win32 Application Launcher
PE header basic information
Number of sections 4
PE sections
PE imports
_CorExeMain
ExifTool file metadata
LegalTrademarks
Copyright Microsoft Corp. 1981-2010

UninitializedDataSize
0

Comments
Windows Win32 Application Launcher

InitializedDataSize
189440

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription

CharacterSet
Unicode

LinkerVersion
8.0

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp. 1981-2010

FileVersion
2.3.0.0

TimeStamp
2010:06:02 08:05:29+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
poly.exe

ProductVersion
2.3.0.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
poly.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
44544

ProductName
Microsoft

ProductVersionNumber
2.3.0.0

EntryPoint
0xcdbe

ObjectFileType
Executable application

AssemblyVersion
3.0.0.0

File identification
MD5 98aecf4b5d3854634a87fe13249c27d5
SHA1 801c33f3c99a620a37ec85d9574e8dbd57c92d51
SHA256 7c2c4485dcf24d767599d1e720749a323353fd00a44c55401f4e285332ea54cd
ssdeep
3072:sIngD2DI9kGtdiPN/Y8VjxBaz0/awF3LgmyKSWHAC5KfbBi6uLprmzqB5JqGiOvc:lDI90/rLsUZl3S2AC6BkprIqBuGnSb

File size 229.5 KB ( 235008 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (51.6%)
Windows Screen Saver (17.9%)
Win32 Executable Generic (11.6%)
Win32 Dynamic Link Library (generic) (10.3%)
Win16/32 Executable Delphi generic (2.8%)
VirusTotal metadata
First submission 2010-06-30 10:44:35 UTC ( 7 years, 12 months ago )
Last submission 2011-05-05 11:55:36 UTC ( 7 years, 1 month ago )
File names isUkKgD2iO.txt
98aecf4b5d3854634a87fe13249c27d5.exe
zFf6K.inf
oT1fMOL.dotm
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!