× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d51b63f96855bc56ce3d1305770699719bc0d97e6368423cbc77ad60f49c909
File name: temp.exe
Detection ratio: 42 / 55
Analysis date: 2015-10-27 00:50:46 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.ManBat.1 20151027
Yandex Trojan.Injector!qA9sVRX0joQ 20151026
AhnLab-V3 Spyware/Win32.Zbot 20151027
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20151027
Arcabit Trojan.ManBat.1 20151027
Avast Win32:Zbot-UKJ [Trj] 20151027
AVG Inject.CMIQ 20151026
AVware Trojan.Win32.Zbot.aauf (v) 20151027
Baidu-International Trojan.Win32.Injector.ALAO 20151026
BitDefender Gen:Heur.ManBat.1 20151027
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151027
ClamAV Win.Trojan.Injector-13018 20151027
Comodo TrojWare.Win32.Injector.ASGC 20151027
Cyren W32/Trojan.PVIB-8309 20151027
DrWeb Trojan.Packed.24612 20151027
Emsisoft Gen:Heur.ManBat.1 (B) 20151027
ESET-NOD32 a variant of Win32/Injector.ALAO 20151027
F-Prot W32/Trojan3.GHO 20151027
F-Secure Gen:Heur.ManBat.1 20151027
Fortinet W32/Injector.AJAR!tr 20151026
GData Gen:Heur.ManBat.1 20151027
Ikarus Trojan.Injector 20151027
Jiangmin Trojan/Generic.bzues 20151026
K7AntiVirus Trojan ( 0040f6901 ) 20151026
K7GW Trojan ( 0040f6901 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes Trojan.Zbot 20151026
McAfee PWSZbot-FDR!9FE2548635EA 20151027
McAfee-GW-Edition PWSZbot-FDR!9FE2548635EA 20151027
Microsoft PWS:Win32/Zbot 20151027
eScan Gen:Heur.ManBat.1 20151027
NANO-Antivirus Trojan.Win32.Injector.crkzmb 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 Win32/Trojan.f2a 20151027
Rising PE:Stealer.Zbot!6.902 [F] 20151026
Sophos Troj/Zbot-GSG 20151027
Symantec Trojan.Zbot 20151026
Tencent Win32.Trojan.Generic.Hzne 20151027
TheHacker Trojan/Injector.alao 20151026
TrendMicro TSPY_ZBOT.VNU 20151027
TrendMicro-HouseCall TSPY_ZBOT.VNU 20151027
VIPRE Trojan.Win32.Zbot.aauf (v) 20151027
AegisLab 20151026
Alibaba 20151027
ALYac 20151027
Bkav 20151026
ByteHero 20151027
CMC 20151026
nProtect 20151026
SUPERAntiSpyware 20151027
TotalDefense 20151026
VBA32 20151026
ViRobot 20151026
Zillya 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
UdEXCPgwuX

Publisher RUTQzjofyo
Product oKAlodmttJ
Original name temp.exe
Internal name temp.exe
File version 6.4.6.7
Description CbBjjTAgaU
Comments nPsLSKhTJb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-22 16:33:00
Entry Point 0x0000191F
Number of sections 4
PE sections
Overlays
MD5 8ce7ce374991242d457afa6de2281ff8
File type data
Offset 265216
Size 155752
Entropy 7.96
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetTickCount
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
LockResource
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
LeaveCriticalSection
SetFilePointer
WriteConsoleW
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetProcessHeap
TerminateProcess
IsValidCodePage
LoadResource
CreateFileW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
FindResourceA
HeapCreate
SetLastError
InterlockedIncrement
MessageBoxW
Number of PE resources by type
RT_ICON 14
PVOKCR 2
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 18
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
YZpTYHiKIa

SubsystemVersion
5.1

Comments
nPsLSKhTJb

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.4.6.7

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
CbBjjTAgaU

CharacterSet
Unicode

InitializedDataSize
227328

EntryPoint
0x191f

OriginalFileName
temp.exe

MIMEType
application/octet-stream

LegalCopyright
UdEXCPgwuX

FileVersion
6.4.6.7

TimeStamp
2013:10:22 17:33:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
temp.exe

ProductVersion
6.4.6.7

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
RUTQzjofyo

CodeSize
36864

ProductName
oKAlodmttJ

ProductVersionNumber
6.4.6.7

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 9fe2548635ea0d67949eb988d161d657
SHA1 434e2e0bb385072b786f65fc557c97e3f7a6b9fa
SHA256 7d51b63f96855bc56ce3d1305770699719bc0d97e6368423cbc77ad60f49c909
ssdeep
6144:nGHf8uXDnl6tA5QoQNYZynGEpRekOmmEX6RZSZr:nGHfJXx5QDFp4kOmXyer

authentihash fc47aed3dee9145665ab1f9c73a421a048c40359a2686f06a4b3ec0c9a85794f
imphash c89c6f238dae82146fc13e81416b9258
File size 411.1 KB ( 420968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-10-24 04:46:09 UTC ( 3 years, 5 months ago )
Last submission 2014-02-12 10:51:06 UTC ( 3 years, 1 month ago )
File names temp.exe
receipt_copy.scr
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications