× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 807972fbb9a640a3ca5df852eba12a6f34ff19337ee4d2e4625bd91aa13adeaf
File name: 807972fbb9a640a3ca5df852eba12a6f34ff19337ee4d2e4625bd91aa13adeaf
Detection ratio: 45 / 56
Analysis date: 2015-11-26 01:12:59 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.36712 20151126
Yandex TrojanSpy.Zbot!/YYZf7T10Ww 20151125
AhnLab-V3 Spyware/Win32.Zbot 20151125
ALYac Gen:Variant.Symmi.36712 20151126
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151126
Arcabit Trojan.Symmi.D8F68 20151126
Avast Win32:Androp [Drp] 20151126
AVG Win32/Cryptor 20151126
Avira (no cloud) TR/ATRAPS.Gen4 20151126
AVware TrojanDownloader.Win32.Upatre.ba (v) 20151126
Baidu-International Trojan.Win32.Zbot.AAO 20151125
BitDefender Gen:Variant.Symmi.36712 20151126
CAT-QuickHeal Worm.Gamarue.I3 20151125
Comodo TrojWare.Win32.Injector.ARWA 20151126
Cyren W32/S-cb46e8e4!Eldorado 20151126
DrWeb Trojan.PWS.Panda.2401 20151126
Emsisoft Gen:Variant.Symmi.36712 (B) 20151126
ESET-NOD32 Win32/Spy.Zbot.AAO 20151126
F-Prot W32/S-cb46e8e4!Eldorado 20151126
F-Secure Gen:Variant.Symmi.36712 20151126
Fortinet W32/Kryptik.ASJY!tr 20151126
GData Gen:Variant.Symmi.36712 20151126
Ikarus Trojan.Inject2 20151126
Jiangmin Trojan/Foreign.alqh 20151125
K7AntiVirus Spyware ( 0029a43a1 ) 20151125
K7GW Spyware ( 0029a43a1 ) 20151126
Kaspersky HEUR:Trojan.Win32.Generic 20151126
Malwarebytes Trojan.Zbot 20151126
McAfee PWSZbot-FMT!FC7D618FDD4C 20151126
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20151126
Microsoft PWS:Win32/Zbot.AKM 20151126
eScan Gen:Variant.Symmi.36712 20151126
NANO-Antivirus Trojan.Win32.Androm.cqsceo 20151126
nProtect Trojan-Spy/W32.ZBot.287442 20151125
Panda Trj/Genetic.gen 20151125
Qihoo-360 Win32/Trojan.f53 20151126
Sophos AV Mal/Generic-S 20151126
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20151126
Symantec Trojan.ADH 20151125
Tencent Win32.Trojan.Atraps.Efkv 20151126
TrendMicro TROJ_SPNR.35LB13 20151126
TrendMicro-HouseCall TROJ_SPNR.35LB13 20151126
VIPRE TrojanDownloader.Win32.Upatre.ba (v) 20151126
ViRobot Trojan.Win32.S.Zbot.287442[h] 20151125
Zillya Trojan.ZBot.Win32.682 20151123
AegisLab 20151125
Alibaba 20151126
Bkav 20151125
ByteHero 20151126
ClamAV 20151125
CMC 20151124
Rising 20151124
TheHacker 20151125
TotalDefense 20151125
VBA32 20151125
Zoner 20151126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Connected 2006-2013

Product Connected
File version 5.0.0.4
Description Connected adjective castle introduced pleasure sport aside
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-25 08:24:35
Entry Point 0x00008241
Number of sections 4
PE sections
Overlays
MD5 0226a123cbe177c29762307698c23374
File type data
Offset 286208
Size 1234
Entropy 7.77
PE imports
CreateDCA
CloseMetaFile
CancelDC
AbortPath
Arc
CreateDIBSection
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
SetupComm
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
FreeEnvironmentStringsW
UnhandledExceptionFilter
CreateDirectoryA
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
VirtualLock
GetCommandLineA
GetProcAddress
GetStartupInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteVolumeMountPointW
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
InterlockedDecrement
GetSystemTimeAsFileTime
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GlobalAlloc
SearchPathA
DeleteCriticalSection
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetNumberFormatW
WriteConsoleW
LeaveCriticalSection
GetWindowTextLengthA
ChangeDisplaySettingsExA
GetClassLongW
DefDlgProcA
AttachThreadInput
SetWindowTextW
GetScrollPos
EnableScrollBar
BringWindowToTop
MessageBeep
InternetAutodial
InternetGetCookieA
InternetQueryOptionW
InternetUnlockRequestFile
InternetSetCookieW
FtpPutFileW
InternetSetDialState
CoInternetGetSession
CoInternetCreateSecurityManager
URLOpenBlockingStreamA
Number of PE resources by type
RT_VERSION 1
JPEG 1
Number of PE resources by language
NEUTRAL 1
SAAMI ARABIC MOROCCO 1
PE resources
ExifTool file metadata
LegalTrademarks
Connected

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Connected adjective castle introduced pleasure sport aside

CharacterSet
Windows, Latin1

InitializedDataSize
212480

FileOS
Windows 16-bit

EntryPoint
0x8241

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Connected 2006-2013

FileVersion
5.0.0.4

TimeStamp
2013:11:25 09:24:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mississippi.exe

ProductVersion
7.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Mississippi.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Concerned struggle arrow - www.Connected.com

CodeSize
72704

ProductName
Connected

ProductVersionNumber
7.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fc7d618fdd4cd7046c4b4be5f5ef3cd5
SHA1 fdb11921534fc9a9900dcb545d1d2098adbc5277
SHA256 807972fbb9a640a3ca5df852eba12a6f34ff19337ee4d2e4625bd91aa13adeaf
ssdeep
6144:hx7pWXJ7cR0IpZYGe/sfDl7HjK+a40W4YS5jGzOtr25rO:/kXJcR0Irw8SWs5jGzirV

authentihash 8f7a8902aed6965042f992282011f275e551adab307b81c4dad8ee0cad057857
imphash beb0867486b517e85ccc8c28c2ff2428
File size 280.7 KB ( 287442 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-11-27 20:25:49 UTC ( 4 years, 6 months ago )
Last submission 2013-12-05 07:45:54 UTC ( 4 years, 6 months ago )
File names 807972fbb9a640a3ca5df852eba12a6f34ff19337ee4d2e4625bd91aa13adeaf
fdb11921534fc9a9900dcb545d1d2098adbc5277
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs