× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d488620adff1b0e3762db87bd7447e4513c01f05dffdf79515ea8953550fa61
File name: aa
Detection ratio: 39 / 40
Analysis date: 2010-04-13 16:04:13 UTC ( 7 years, 10 months ago )
Antivirus Result Update
a-squared Trojan-Spy.Win32.Zbot!IK 20100413
AhnLab-V3 Win-Trojan/Zbot.63488.AO 20100412
AntiVir TR/Crypt.ZPACK.Gen 20100413
Antiy-AVL Trojan/Win32.Zbot.gen 20100413
Authentium W32/Trojan2.MFRB 20100413
Avast Win32:MalOb-A 20100413
Avast5 Win32:MalOb-A 20100413
AVG PSW.Generic7.BHFX 20100413
BitDefender Trojan.Spy.Zbot.SO 20100413
CAT-QuickHeal Win32.Trojan-Spy.Zbot.gen.3 20100413
ClamAV Trojan.Zbot-8469 20100413
Comodo TrojWare.Win32.Spy.Zbot.GEN 20100413
DrWeb Trojan.PWS.Panda.114 20100413
eSafe Win32.TRCrypt.ZPACK 20100413
eTrust-Vet Win32/KollahCryptorB 20100413
F-Prot W32/Trojan2.MFRB 20100413
F-Secure Trojan.Spy.Zbot.SO 20100413
Fortinet W32/Zbot.O!tr 20100412
GData Trojan.Spy.Zbot.SO 20100413
Ikarus Trojan-Spy.Win32.Zbot 20100413
Jiangmin TrojanSpy.Zbot.ale 20100413
Kaspersky Trojan-Spy.Win32.Zbot.gen 20100413
McAfee BackDoor-DKI.gen.bf 20100413
McAfee-GW-Edition Trojan.Crypt.ZPACK.Gen 20100413
Microsoft PWS:Win32/Zbot.PG 20100413
NOD32 a variant of Win32/Spy.Zbot.NJ 20100413
Norman W32/Zbot.NLV 20100413
nProtect Trojan-Spy/W32.ZBot.63488.GW 20100406
Panda Trj/CI.A 20100413
PCTools HeurEngine.MaliciousPacker 20100413
Prevx High Risk System Back Door 20100413
Sophos AV Mal/Zbot-O 20100413
Sunbelt Trojan-Spy.Win32.Zbot.gen (v) 20100413
Symantec Packed.Generic.232 20100413
TheHacker Trojan/Spy.Zbot.gen 20100413
TrendMicro TSPY_ZBOT.ILA 20100413
VBA32 Malware-Cryptor.Win32.Vals.22 20100409
ViRobot Spyware.Zbot.63488.Y 20100413
VirusBuster TrojanSpy.ZBot.Gen!Pac.9 20100413
Rising 20100413
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
PE header basic information
Number of sections 3
PE sections
PE imports
RegSetValueExA
RegEnumKeyExA
DuplicateTokenEx
RegQueryValueExA
RegCloseKey
RegDeleteValueA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptReleaseContext
GetUserNameW
RegCreateKeyExA
VirtualProtect
GetFileSize
ExpandEnvironmentStringsW
TryEnterCriticalSection
GetUserDefaultUILanguage
EnterCriticalSection
GetModuleHandleA
FindResourceW
ReleaseMutex
GlobalLock
GetCurrentThreadId
HeapAlloc
SetFileTime
lstrcpyA
OpenMutexW
VirtualAlloc
GetDiskFreeSpaceW
lstrcatA
WideCharToMultiByte
GetAtomNameW
SHDeleteKeyA
PathCombineW
wnsprintfW
StrCmpNIA
StrCmpNIW
wnsprintfA
PathFindFileNameW
PathRemoveFileSpecW
PathMatchSpecW
MsgWaitForMultipleObjects
GetIconInfo
CharLowerBuffA
GetClipboardData
LoadCursorA
DrawIcon
SetThreadDesktop
EndDialog
GetCursorPos
ToUnicode
OpenWindowStationA
GetClassNameA
SetProcessWindowStation
File identification
MD5 9f12802e8c3a44cc0e2ebe37195d6afc
SHA1 e93cb1a71afd0dffda747933948e2c36839c1583
SHA256 7d488620adff1b0e3762db87bd7447e4513c01f05dffdf79515ea8953550fa61
ssdeep
768:2B9VESdNw54SD6jtTnvR0xTLvh0LMFhGnCKVdMiwZqb6rjdwpXGqw+MlsE89lhwm:2B7Nw54J1nWxnwEYTMiwTtwxpcX8lGg

File size 62.0 KB ( 63488 bytes )
File type unknown
Magic literal

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
VirusTotal metadata
First submission 2010-02-06 09:59:11 UTC ( 8 years ago )
Last submission 2010-04-13 16:04:13 UTC ( 7 years, 10 months ago )
File names 1pCeQjLxYI.bmp
uUwHOGiY.ps1
aa
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!