× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 826643803126d46097e2e767e51e992633aaf4ba8de7047c3cc05068fe621a59
File name: db587bdbca9239f586f3b9904a7837b9
Detection ratio: 28 / 55
Analysis date: 2015-01-26 06:36:03 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2101980 20150126
ALYac Trojan.GenericKD.2101980 20150126
Avast Win32:Malware-gen 20150126
AVG Zbot.XAQ 20150126
Avira (no cloud) TR/Zbot.A.1550 20150125
AVware Trojan.Win32.Generic!BT 20150126
BitDefender Trojan.GenericKD.2101980 20150126
ByteHero Trojan.Malware.Obscu.Gen.002 20150126
CMC Packed.Win32.Fareit.2!O 20150124
Emsisoft Trojan.GenericKD.2101980 (B) 20150126
F-Secure Trojan.GenericKD.2101980 20150125
Fortinet W32/Zbot.ACB!tr.spy 20150126
GData Trojan.GenericKD.2101980 20150126
Ikarus Trojan-Spy.Agent 20150126
Kaspersky Trojan-Spy.Win32.Zbot.uwgk 20150126
McAfee RDN/Suspicious.bfr!bh 20150126
McAfee-GW-Edition RDN/Suspicious.bfr!bh 20150126
Microsoft PWS:Win32/Zbot.gen!VM 20150126
eScan Trojan.GenericKD.2101980 20150126
NANO-Antivirus Trojan.Win32.Zbot.dmtlye 20150126
nProtect Trojan.GenericKD.2101980 20150123
Panda Trj/Chgt.O 20150125
Sophos AV Mal/Generic-S 20150126
Symantec Trojan.Zbot 20150126
TrendMicro TROJ_GEN.F0C2C00AO15 20150126
TrendMicro-HouseCall TROJ_GEN.F0C2C00AO15 20150126
VBA32 BScope.Trojan-Spy.Zbot 20150123
VIPRE Trojan.Win32.Generic!BT 20150126
AegisLab 20150126
Yandex 20150125
AhnLab-V3 20150125
Alibaba 20150126
Antiy-AVL 20150126
Baidu-International 20150125
Bkav 20150124
CAT-QuickHeal 20150125
ClamAV 20150126
Comodo 20150126
Cyren 20150126
DrWeb 20150126
F-Prot 20150126
Jiangmin 20150125
K7AntiVirus 20150125
Kingsoft 20150126
Malwarebytes 20150126
Norman 20150123
Qihoo-360 20150126
Rising 20150125
SUPERAntiSpyware 20150125
Tencent 20150126
TheHacker 20150126
TotalDefense 20150125
ViRobot 20150126
Zillya 20150125
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-21 05:12:00
Entry Point 0x00001140
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
AddFontResourceA
FlattenPath
EndPage
CloseFigure
SelectObject
GetBkMode
SaveDC
GetDCPenColor
SetTextAlign
CreateCompatibleDC
DeleteMetaFile
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
LoadResource
GetSystemInfo
lstrlenA
lstrcmpiA
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetThreadLocale
VirtualProtect
GetVersionExA
IsDBCSLeadByte
GetCommandLineW
RtlUnwind
LoadLibraryA
FreeLibrary
VirtualAllocEx
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
CreateThread
LoadLibraryExA
SizeofResource
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
lstrcatA
lstrlenW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
SetHandleCount
GetCommandLineA
GetProcAddress
ExitProcess
WideCharToMultiByte
GetFileAttributesA
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEvent
FindResourceA
TerminateProcess
GetEnvironmentStrings
GetModuleFileNameA
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
lstrcpyA
VirtualQuery
VirtualFree
CreateEventA
GetEnvironmentStringsW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
InterlockedIncrement
PathFindExtensionA
wsprintfA
SetWindowLongW
IsWindow
LoadIconA
GetMessageA
DispatchMessageA
CharNextA
LoadIconW
GetDlgItem
PostThreadMessageA
TranslateMessage
SetForegroundWindow
LoadBitmapA
GetDC
timeGetTime
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 9
RT_STRING 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
SWEDISH 10
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:21 06:12:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14848

LinkerVersion
8.0

EntryPoint
0x1140

InitializedDataSize
348160

SubsystemVersion
5.0

ImageVersion
6.1

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 db587bdbca9239f586f3b9904a7837b9
SHA1 bf07b98396b5e2368c5b1c5cb8ea3ba3aebfd009
SHA256 826643803126d46097e2e767e51e992633aaf4ba8de7047c3cc05068fe621a59
ssdeep
6144:zwKJs3jqhyBxpuZvecRMq/KZlwEMZK95YNAfyH/tKz:zTJsTqhyLpcmqaWEJwyfyfE

authentihash 9e9c1c36751643bce786fdee771d1b967a4404ad4801253e3fe28d70f34bccd6
imphash d7a880ad9306785b207fd98bfa9aab44
File size 355.5 KB ( 364032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-26 06:36:03 UTC ( 4 years, 1 month ago )
Last submission 2015-01-26 06:36:03 UTC ( 4 years, 1 month ago )
File names db587bdbca9239f586f3b9904a7837b9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.