× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7de1200d55deb07155ede9d5f9d7651457d722a12971e340a0191d2dd0f9ae39
File name: fa51feab8e29d53af58cb8c6f5cf2087
Detection ratio: 48 / 54
Analysis date: 2014-08-04 21:35:22 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Downloader.JPEE 20140804
Yandex TrojanSpy.Zbot!IXxjbvejv/w 20140804
AhnLab-V3 Trojan/Win32.Zbot 20140804
AntiVir TR/Spy.A.7371 20140804
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140804
Avast Win32:Zbot-OAM [Trj] 20140804
AVG PSW.Generic9.BLCZ 20140804
AVware Trojan-PWS.Win32.Zbot.aac (v) 20140804
BitDefender Trojan.Downloader.JPEE 20140804
Bkav W32.FamsconLTAAH.Trojan 20140804
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140804
ClamAV Trojan.Spy.Zbot-142 20140804
CMC Packed.Win32.Toggaf.4!O 20140804
Commtouch W32/Zbot.BR.gen!Eldorado 20140804
Comodo TrojWare.Win32.Kazy.MKD 20140804
DrWeb Trojan.PWS.Panda.547 20140804
Emsisoft Trojan.Downloader.JPEE (B) 20140804
ESET-NOD32 Win32/Spy.Zbot.YW 20140804
F-Prot W32/Zbot.BR.gen!Eldorado 20140804
F-Secure Trojan-Spy:W32/Zbot.AVTH 20140804
Fortinet W32/Zbot.AT!tr 20140804
GData Trojan.Downloader.JPEE 20140804
Ikarus Trojan-Spy.Win32.Zbot 20140804
Jiangmin Trojan/Generic.yhha 20140804
K7AntiVirus Backdoor ( 04c4ee7b1 ) 20140804
K7GW Backdoor ( 04c4ee7b1 ) 20140804
Kaspersky Trojan-Spy.Win32.Zbot.dsba 20140804
Kingsoft Win32.Troj.Undef.(kcloud) 20140804
Malwarebytes Trojan.Zbot 20140804
McAfee PWS-Zbot.gen.ds 20140804
Microsoft PWS:Win32/Zbot.gen!Y 20140804
eScan Trojan.Downloader.JPEE 20140804
NANO-Antivirus Trojan.Win32.Zbot.whnfn 20140804
nProtect Trojan-Spy/W32.ZBot.144384.AU 20140804
Panda Trj/Genetic.gen 20140804
Qihoo-360 Malware.QVM20.Gen 20140804
Rising PE:Stealer.Zbot!1.648A 20140804
Sophos Mal/Zbot-HX 20140804
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140804
Symantec Trojan.Zbot 20140804
Tencent Win32.Trojan-spy.Zbot.Edwz 20140804
TheHacker Trojan/Spy.Zbot.yw 20140803
TotalDefense Win32/Zbot.HIA 20140804
TrendMicro TROJ_FORUCON.BMC 20140804
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20140804
VBA32 SScope.Trojan.FakeAV.01110 20140804
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20140804
ViRobot Trojan.Win32.A.Zbot.143872.CA 20140804
AegisLab 20140804
Baidu-International 20140804
ByteHero 20140804
McAfee-GW-Edition 20140804
Norman 20140804
Zoner 20140729
File identification
MD5 fa51feab8e29d53af58cb8c6f5cf2087
SHA1 b0b953261f29bbd5c016249a865d92caf729e18f
SHA256 7de1200d55deb07155ede9d5f9d7651457d722a12971e340a0191d2dd0f9ae39
ssdeep
3072:s96hX+XmwoBh7tx2lXQZxC2fpquiQfNCPz0HyH0W3iCbkAUhzHF:s96fBHx2K3tiQfqzAyH0WtqhzHF

File size 141.0 KB ( 144384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-04 21:35:22 UTC ( 2 years, 9 months ago )
Last submission 2014-08-04 21:35:22 UTC ( 2 years, 9 months ago )
File names fa51feab8e29d53af58cb8c6f5cf2087
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections