× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81d1b9ecdc08f952aa827b4f74e9914356aaaae1f2a6b0e2a842249088ae8209
File name: 136113272cb204b063251116b70fdb38
Detection ratio: 42 / 57
Analysis date: 2015-04-04 13:26:25 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.12985044 20150404
AhnLab-V3 Trojan/Win32.Crowti 20150404
ALYac Trojan.Generic.12985044 20150404
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150404
Avast Win32:Crypt-RYW [Trj] 20150404
AVG FileCryptor.AQQ 20150404
Avira (no cloud) TR/Crypt.Xpack.167865 20150404
AVware Trojan.Win32.Generic!BT 20150404
Baidu-International Trojan.Win32.Zbot.vfha 20150404
BitDefender Trojan.Generic.12985044 20150404
Bkav HW32.Packed.F771 20150404
Cyren W32/Trojan.WDIU-7059 20150404
DrWeb Trojan.Inject1.53694 20150404
Emsisoft Trojan.Generic.12985044 (B) 20150404
ESET-NOD32 Win32/Spy.Zbot.ACB 20150404
F-Secure Trojan.Generic.12985044 20150404
Fortinet W32/Zbot.ACB!tr 20150404
GData Trojan.Generic.12985044 20150404
Ikarus Trojan-Spy.Agent 20150404
Jiangmin TrojanDropper.Injector.brep 20150403
K7AntiVirus Trojan ( 004ba01a1 ) 20150404
K7GW Trojan ( 004ba01a1 ) 20150404
Kaspersky Trojan-Spy.Win32.Zbot.vfha 20150404
Malwarebytes Trojan.Passwords.GO 20150404
McAfee Generic.vm 20150404
McAfee-GW-Edition Generic.vm 20150403
Microsoft PWS:Win32/Zbot.gen!VM 20150404
eScan Trojan.Generic.12985044 20150404
NANO-Antivirus Trojan.Win32.Zbot.dpktor 20150404
nProtect Trojan.Generic.12985044 20150404
Panda Trj/Genetic.gen 20150401
Rising PE:Malware.Obscure/Heur!1.9E03 20150403
Sophos AV Mal/Zbot-TO 20150404
Symantec Trojan.Gen 20150404
Tencent Trojan.Win32.YY.Gen.24 20150404
TheHacker Trojan/Injector.bwsm 20150403
TotalDefense Win32/Zbot.JCILcTC 20150404
TrendMicro TSPY_ZBOT.YUYAG 20150404
TrendMicro-HouseCall TSPY_ZBOT.YUYAG 20150404
VBA32 BScope.Malware-Cryptor.Hlux 20150403
VIPRE Trojan.Win32.Generic!BT 20150404
Zillya Trojan.Zbot.Win32.176618 20150404
AegisLab 20150404
Yandex 20150403
Alibaba 20150404
ByteHero 20150404
CAT-QuickHeal 20150404
ClamAV 20150403
CMC 20150403
Comodo 20150404
F-Prot 20150401
Kingsoft 20150404
Norman 20150404
Qihoo-360 20150404
SUPERAntiSpyware 20150403
ViRobot 20150404
Zoner 20150403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-20 18:52:27
Entry Point 0x00003F14
Number of sections 7
PE sections
Overlays
MD5 620f0b67a91f7f74151bc5be745b7110
File type ASCII text
Offset 253952
Size 4096
Entropy 0.00
PE imports
GetLengthSid
RegCreateKeyA
CreatePatternBrush
GetObjectA
CreateCompatibleDC
GetBkMode
GetCharABCWidthsFloatA
BitBlt
GetCharWidth32A
GetCharacterPlacementA
GetSystemTime
GetStartupInfoA
GetCurrentProcessId
GetModuleHandleA
ReadFile
HeapSize
DeleteFileW
GetCommandLineA
GetCurrentThreadId
GetStartupInfoW
Ord(1775)
Ord(2358)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(6383)
Ord(5440)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4476)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(3262)
Ord(5241)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6394)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(2405)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(3571)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(1640)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
_except_handler3
_setmbcp
_XcptFilter
_adjust_fdiv
__CxxFrameHandler
_acmdln
__setusermatherr
__p__commode
__dllonexit
_onexit
__p__fmode
exit
_purecall
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
GetSystemMetrics
MessageBoxW
CheckMenuItem
GetSystemMenu
LoadIconA
EnableWindow
EndDialog
HideCaret
DrawIcon
SendMessageA
GetClientRect
AppendMenuW
IsIconic
LoadBitmapA
GetDC
AppendMenuA
Number of PE resources by type
RT_DIALOG 2
1
Struct(77) 1
RT_ICON 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE SIMPLIFIED 3
GERMAN AUSTRIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:20 19:52:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x3f14

InitializedDataSize
229376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 136113272cb204b063251116b70fdb38
SHA1 1453e311a9b0ce576c47754d61b58783a0a5379f
SHA256 81d1b9ecdc08f952aa827b4f74e9914356aaaae1f2a6b0e2a842249088ae8209
ssdeep
6144:/3Lf3yM1ZdWSA3rHDN90/JSo3uHXHCo4Hz5P9XdA6hY:/LwHrx/o3Ay/Xd/S

authentihash dacd204079b7f39f7b732efbd2ffd9f5c3ec4347f176ec8342f7bdc526e551ce
imphash c7a44dd3e44a57eb9316740e75aadabd
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-04 13:26:25 UTC ( 3 years, 11 months ago )
Last submission 2015-04-04 13:26:25 UTC ( 3 years, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications