× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e11123c6167c791aa1b8c602a4337e1ca8772332c9e6fa5821afc3e81f7efa8
File name: E265B2C11F928C5465CFFA5188A8C3CA
Detection ratio: 29 / 51
Analysis date: 2014-06-05 20:10:30 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1704326 20140605
AntiVir TR/Rogue.288256.4 20140605
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140605
Avast Win32:Malware-gen 20140605
AVG Zbot.JOF 20140605
Baidu-International Trojan.Win32.Zbot.bABS 20140605
BitDefender Trojan.GenericKD.1704326 20140605
CMC Packed.Win32.Obfuscated.10!O 20140605
DrWeb Trojan.Siggen6.18691 20140605
Emsisoft Trojan.Win32.FakeMS (A) 20140605
ESET-NOD32 Win32/Spy.Zbot.ABS 20140605
F-Secure Trojan.GenericKD.1704326 20140605
GData Trojan.GenericKD.1704326 20140605
Ikarus Trojan.SuspectCRC 20140605
Kaspersky Trojan-Spy.Win32.Zbot.tdnn 20140605
Malwarebytes Backdoor.Bot 20140605
McAfee Artemis!E265B2C11F92 20140605
McAfee-GW-Edition Artemis!E265B2C11F92 20140605
Microsoft PWS:Win32/Zbot.gen!Y 20140605
eScan Trojan.GenericKD.1704326 20140605
Norman Troj_Generic.UGDBD 20140605
Qihoo-360 Win32/Trojan.Spy.473 20140605
Rising PE:Malware.XPACK!1.9C22 20140605
Sophos AV Mal/Generic-S 20140605
Symantec WS.Reputation.1 20140605
Tencent Win32.Trojan-spy.Zbot.Aihp 20140605
TotalDefense Win32/Zbot.MNcAJGB 20140605
TrendMicro-HouseCall TROJ_GEN.R0CBH07F514 20140605
VIPRE Trojan.Win32.ZAccess.a!ag (v) 20140605
AegisLab 20140605
Yandex 20140605
AhnLab-V3 20140605
Bkav 20140604
ByteHero 20140605
CAT-QuickHeal 20140605
ClamAV 20140605
Commtouch 20140605
Comodo 20140605
F-Prot 20140605
Fortinet 20140605
K7AntiVirus 20140605
K7GW 20140605
Kingsoft 20140605
NANO-Antivirus 20140605
nProtect 20140605
Panda 20140605
SUPERAntiSpyware 20140605
TheHacker 20140602
TrendMicro 20140605
VBA32 20140605
ViRobot 20140605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CONIME.EXE
Internal name Console
File version 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Description Console IME
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-03 06:34:58
Entry Point 0x000414A0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteKeyW
RegEnumValueA
RegQueryValueExA
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegCreateKeyExA
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueW
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitiateSystemShutdownExW
RegSetValueExA
EqualSid
FreeSid
GetTextMetricsW
SetMapMode
CreateFontIndirectW
PatBlt
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetObjectType
GetObjectA
DeleteDC
SetBkMode
GetObjectW
SetTextColor
GetDeviceCaps
ExtTextOutW
CreateFontA
GetStockObject
CreateCompatibleDC
GetTextFaceA
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindFirstFileW
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
GetLocaleInfoW
GetFileTime
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
MoveFileA
InitializeCriticalSection
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
SetFileAttributesW
SetLastError
DeviceIoControl
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
CopyFileA
HeapAlloc
RemoveDirectoryA
LoadLibraryExA
GetPrivateProfileStringA
WriteProfileStringA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
WriteProfileStringW
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
GetSystemDirectoryA
MoveFileExA
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
CreateEventW
SetEndOfFile
GetVersion
GetProcAddress
SetCurrentDirectoryA
CloseHandle
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
GetVersionExA
LoadLibraryA
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CreateFileMappingW
GetProfileStringW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
InterlockedIncrement
GetProfileStringA
ResetEvent
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
GetModuleFileNameA
GetTimeZoneInformation
CreateFileW
CreateEventA
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
OpenEventW
GlobalUnlock
lstrlenW
GetShortPathNameA
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
GetCommandLineW
GetCurrentDirectoryA
WritePrivateProfileStringW
lstrcpynW
GetSystemDefaultLangID
MapViewOfFile
SetFilePointer
ReadFile
FindFirstFileA
GetModuleHandleW
CreateProcessA
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
IsBadReadPtr
OpenEventA
CompareStringA
ShellExecuteExA
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathGetCharTypeA
PathRemoveBlanksW
PathGetCharTypeW
MapWindowPoints
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
DispatchMessageW
ReleaseDC
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetClientRect
DrawTextW
LoadImageW
GetActiveWindow
GetWindowTextW
LoadImageA
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
GetMessageW
ShowWindow
PeekMessageW
EnableWindow
PeekMessageA
TranslateMessage
LoadStringA
RegisterClassW
LoadStringW
RegisterClassA
DrawFocusRect
CreateWindowExA
IsDialogMessageW
CharNextA
CreateWindowExW
GetWindowLongW
IsDialogMessageA
SetFocus
BeginPaint
DefWindowProcW
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageA
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
SetWindowTextA
GetWindowLongA
SetWindowTextW
GetDlgItem
CreateDialogParamA
ScreenToClient
GetClassLongA
FindWindowExA
LoadCursorA
LoadIconA
PostThreadMessageW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetDC
PostThreadMessageA
DrawTextA
GetScrollInfo
FindWindowW
FindWindowA
MessageBeep
MessageBoxW
MoveWindow
MessageBoxA
DestroyCursor
SetScrollInfo
InvalidateRect
CallWindowProcW
CallWindowProcA
GetClassNameA
SetCursor
_purecall
__p__fmode
malloc
_wcsupr
_endthread
_ftol
_wcsnicmp
__dllonexit
_cexit
_wcslwr
wcstok
wcsncat
towupper
_vsnwprintf
strncpy
_except_handler3
_c_exit
wcschr
iswalnum
__p__commode
_onexit
wcslen
_wtol
_strlwr
_XcptFilter
_itow
exit
__setusermatherr
wcsncpy
_acmdln
_wcsicmp
wcspbrk
strrchr
_adjust_fdiv
time
free
ceil
iswalpha
wcsncmp
__getmainargs
calloc
_stricmp
_exit
_snwprintf
strpbrk
_vsnprintf
strstr
memmove
strncat
strchr
wcscmp
swscanf
wcsrchr
iswdigit
_beginthreadex
iswspace
wcsstr
_initterm
_controlfp
_wtoi
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.1830

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
22528

EntryPoint
0x414a0

OriginalFileName
CONIME.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)

TimeStamp
2014:06:03 07:34:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Console

ProductVersion
5.2.3790.1830

FileDescription
Console IME

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
264704

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.1830

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e265b2c11f928c5465cffa5188a8c3ca
SHA1 5d244ee5ec55218a9983523b5f7408497aca8433
SHA256 7e11123c6167c791aa1b8c602a4337e1ca8772332c9e6fa5821afc3e81f7efa8
ssdeep
6144:XJ682p9WcDMkRZE38X8g2ApBG251Hf7Zph4BEXoL0Mfu5bOURw1FC1w3JK:56z9WcQp6pwGBTZYpmCt1U

authentihash a2008facb589e3ee941a3f0e9ce70e74274d61db6fbc5258372320b76ecd356e
imphash d8494e134fd992865aefc4c393a3f6ee
File size 281.5 KB ( 288256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-03 18:49:34 UTC ( 4 years, 9 months ago )
Last submission 2018-05-01 23:52:35 UTC ( 10 months, 3 weeks ago )
File names 008134574
Console
ZeuS_binary_e265b2c11f928c5465cffa5188a8c3ca.exe
CONIME.EXE
newpjp.exe
e265b2c11f928c5465cffa5188a8c3ca.exe
e265b2c11f928c5465cffa5188a8c3ca
E265B2C11F928C5465CFFA5188A8C3CA
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications