× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82ef7aaec07b660ce55777dab1e6e316ac4794f059cb486932de559d23baea0f
File name: 71b4db5b59831d00002af19949898a4f
Detection ratio: 35 / 57
Analysis date: 2015-03-27 14:10:28 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.12996070 20150327
AhnLab-V3 Trojan/Win32.ZBot 20150327
ALYac Trojan.Generic.12996070 20150327
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150327
Avast Win32:Malware-gen 20150327
AVG Pakes2_c.ADOS 20150327
Avira (no cloud) TR/Zbot.A.1721 20150327
AVware Trojan.Win32.Generic!BT 20150327
Baidu-International Trojan.Win32.Zbot.vfii 20150327
BitDefender Trojan.Generic.12996070 20150327
Bkav HW32.Packed.A113 20150327
CMC Trojan.Win32.Krap.2!O 20150325
Comodo UnclassifiedMalware 20150327
Cyren W32/Trojan.NAQA-7927 20150327
Emsisoft Trojan.Generic.12996070 (B) 20150327
ESET-NOD32 Win32/Spy.Zbot.ACB 20150327
F-Secure Trojan.Generic.12996070 20150327
Fortinet W32/Zbot.ACB!tr.spy 20150327
GData Trojan.Generic.12996070 20150327
Ikarus Trojan-Spy.Agent 20150327
K7AntiVirus Spyware ( 004b89a11 ) 20150327
K7GW Spyware ( 004b89a11 ) 20150327
Kaspersky Trojan-Spy.Win32.Zbot.vfii 20150327
McAfee Artemis!71B4DB5B5983 20150327
Microsoft PWS:Win32/Zbot!rfn 20150327
eScan Trojan.Generic.12996070 20150327
NANO-Antivirus Trojan.Win32.Zbot.dplnqu 20150327
nProtect Trojan.Generic.12996070 20150327
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150327
Sophos AV Mal/Generic-S 20150327
Symantec Trojan.Gen.2 20150327
Tencent Trojan.Win32.YY.Gen.24 20150327
TrendMicro TROJ_FORUCON.BMC 20150327
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150327
VIPRE Trojan.Win32.Generic!BT 20150327
AegisLab 20150327
Yandex 20150325
Alibaba 20150327
ByteHero 20150327
CAT-QuickHeal 20150327
ClamAV 20150327
DrWeb 20150327
F-Prot 20150327
Jiangmin 20150326
Kingsoft 20150327
Malwarebytes 20150327
McAfee-GW-Edition 20150327
Norman 20150327
Panda 20150327
Qihoo-360 20150327
SUPERAntiSpyware 20150327
TheHacker 20150324
TotalDefense 20150327
VBA32 20150327
ViRobot 20150327
Zillya 20150326
Zoner 20150327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
O86S54o0M8k8 1999-2001

Publisher Open Software Associates Ltd.
Product zV4x18IZ
Original name yY03Jv0BJ3v.exe
Internal name yY03Jv0BJ3v.exe
File version 6.8.3.3
Description wa7A2Ow2848n
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-31 22:06:29
Entry Point 0x00028F46
Number of sections 3
PE sections
PE imports
QueryServiceStatus
SetClusterGroupName
GetClusterNodeKey
ClusterRegQueryValue
GetClusterGroupState
CloseClusterNetInterface
GetClusterGroupKey
CloseClusterNetwork
AddClusterResourceNode
GetClusterQuorumResource
OpenClusterGroup
ClusterRegQueryInfoKey
CreateClusterGroup
ClusterRegCloseKey
ClusterRegDeleteKey
ClusterGroupControl
CanResourceBeDependent
ClusterNodeOpenEnum
OfflineClusterResource
OfflineClusterGroup
CloseClusterNode
ClusterGroupEnum
ClusterResourceOpenEnum
OpenClusterNetInterface
ClusterRegCreateKey
ClusterNetworkOpenEnum
GetClusterNetworkState
GetClusterNetInterfaceKey
GetClusterNetInterface
ClusterNodeEnum
InitCommonControlsEx
ImageAddCertificate
CopyFileW
DosDateTimeToFileTime
CreateFileMappingW
GetStartupInfoA
GetSystemInfo
EnumResourceLanguagesA
EnumResourceNamesW
GetVersionExW
Beep
GetNumberOfConsoleInputEvents
DefineDosDeviceA
GetVersionExA
GetFileAttributesW
CreateNamedPipeA
GetPrivateProfileSectionNamesW
GetCurrentProcess
FileTimeToDosDateTime
GetWindowsDirectoryA
GetCurrentDirectoryW
GetLocaleInfoA
GetCurrentProcessId
GetDriveTypeW
GetCurrentDirectoryA
FormatMessageW
GetLogicalDrives
GetFileInformationByHandle
GetCommandLineA
GetThreadContext
GetPrivateProfileStringW
GetLocaleInfoW
GetTempFileNameW
EnumResourceLanguagesW
CreateMutexA
GetTimeFormatW
FindResourceExA
CreateThread
FreeEnvironmentStringsW
GetSystemDirectoryW
GlobalAddAtomA
GetTempPathW
GetAtomNameA
CreateMutexW
GetTimeFormatA
FreeConsole
GetStringTypeExA
ClearCommError
ExitThread
GetModuleHandleW
FreeResource
ConnectNamedPipe
GetFileAttributesExW
GetProfileIntW
GetDiskFreeSpaceExA
GetLongPathNameW
GetTimeZoneInformation
FreeLibraryAndExitThread
GetNumberFormatA
GetCommState
FindFirstChangeNotificationA
FindAtomA
GetProcessVersion
ExitProcess
GetVersion
FindResourceA
CompareStringA
_except_handler3
VarDateFromI2
RpcAsyncRegisterInfo
IUnknown_QueryInterface_Proxy
NdrClientContextMarshall
RpcStringBindingParseW
RpcSmDestroyClientContext
RpcBindingToStringBindingW
RpcImpersonateClient
RpcMgmtSetServerStackSize
NdrFullPointerInsertRefId
NdrInterfacePointerBufferSize
NdrSimpleTypeMarshall
DceErrorInqTextW
RpcEpRegisterA
RpcMgmtEpEltInqNextW
RpcServerUseProtseqEpExA
RpcNetworkIsProtseqValidW
NdrServerInitializeMarshall
MesDecodeBufferHandleCreate
DceErrorInqTextA
NdrStubCall
I_RpcNsBindingSetEntryNameA
NdrByteCountPointerUnmarshall
RpcAsyncInitializeHandle
long_from_ndr_temp
RpcServerInqIf
I_RpcBindingIsClientLocal
NdrClientInitializeNew
NdrPointerBufferSize
NdrConformantVaryingArrayMemorySize
long_array_from_ndr
RpcBindingInqAuthClientW
NdrMesTypeEncode
RpcSsDisableAllocate
I_RpcBindingInqTransportType
I_RpcBindingInqDynamicEndpointW
NdrConformantStringMarshall
NdrClientInitialize
I_RpcFree
RpcEpUnregister
NdrVaryingArrayBufferSize
RpcMgmtStopServerListening
enum_from_ndr
NdrServerContextMarshall
RpcMgmtInqServerPrincNameW
I_RpcClearMutex
RpcServerTestCancel
RpcStringBindingComposeA
NdrNonConformantStringMemorySize
NdrSimpleStructFree
I_RpcDeleteMutex
NdrSimpleStructMarshall
NdrSimpleStructBufferSize
MIDL_wchar_strcpy
NdrPointerMarshall
NdrPointerMemorySize
NdrUserMarshalMemorySize
RpcServerUnregisterIf
NdrXmitOrRepAsBufferSize
NdrSimpleStructMemorySize
NdrConformantStringMemorySize
NdrVaryingArrayMarshall
I_RpcBindingCopy
RpcServerInqDefaultPrincNameA
NdrConformantArrayFree
NdrConformantVaryingStructFree
NDRcopy
data_into_ndr
MesDecodeIncrementalHandleCreate
NdrGetBuffer
RpcBindingFromStringBindingW
RpcMgmtInqComTimeout
NdrByteCountPointerMarshall
NdrClearOutParameters
RpcSsSetClientAllocFree
NdrConformantVaryingStructUnmarshall
MesBufferHandleReset
RpcBindingCopy
RpcEpResolveBinding
UuidCreate
NdrConformantVaryingStructBufferSize
IUnknown_Release_Proxy
RpcTestCancel
tree_peek_ndr
RpcMgmtEpEltInqDone
NdrFullPointerQueryPointer
MesEncodeDynBufferHandleCreate
I_RpcFreeBuffer
NdrConformantArrayBufferSize
RpcNsBindingInqEntryNameW
NdrConformantStructMarshall
long_from_ndr
NdrByteCountPointerBufferSize
MIDL_wchar_strlen
I_RpcAsyncSetHandle
NdrMesSimpleTypeEncode
NdrNonConformantStringUnmarshall
NdrConformantArrayMemorySize
MesIncrementalHandleReset
NdrServerCall
NDRCContextBinding
NdrServerInitializePartial
NdrUserMarshalBufferSize
RpcSmDisableAllocate
RpcBindingServerFromClient
UuidCreateNil
NdrGetDcomProtocolVersion
I_RpcGetBuffer
RpcMgmtSetAuthorizationFn
NdrComplexStructFree
NdrFullPointerXlatInit
NdrFullPointerFree
RpcMgmtInqStats
RpcBindingFromStringBindingA
NdrConformantStructUnmarshall
RpcServerUseAllProtseqsIf
RpcServerListen
NDRCContextMarshall
NdrComplexArrayBufferSize
RpcSmClientFree
RpcBindingSetObject
NdrEncapsulatedUnionMemorySize
NdrConvert
NdrStubCall2
RpcAsyncCancelCall
RpcServerRegisterAuthInfoA
NdrAllocate
NdrPointerUnmarshall
NdrNonEncapsulatedUnionUnmarshall
NdrConformantVaryingArrayBufferSize
NdrInterfacePointerMarshall
RpcServerInqBindings
NdrMesSimpleTypeDecode
NdrInterfacePointerUnmarshall
tree_into_ndr
RpcMgmtInqDefaultProtectLevel
NdrComplexStructBufferSize
I_RpcReceive
RpcBindingInqAuthInfoExW
RpcBindingSetAuthInfoW
NdrInterfacePointerFree
float_array_from_ndr
double_array_from_ndr
MesInqProcEncodingId
RpcBindingInqAuthInfoExA
NdrSendReceive
NdrRpcSsDefaultFree
NdrConformantStructFree
NdrEncapsulatedUnionBufferSize
data_from_ndr
NDRSContextMarshall
NdrNonEncapsulatedUnionMarshall
GetMessageA
MapVirtualKeyA
GetMessagePos
MapDialogRect
DrawTextA
GetScrollInfo
SendNotifyMessageW
EnableScrollBar
ChangeDisplaySettingsA
PostQuitMessage
DefMDIChildProcA
GetWindowContextHelpId
ToAsciiEx
RegisterWindowMessageW
GetNextDlgGroupItem
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetMenu
ModifyMenuA
GrayStringA
CharLowerW
wvsprintfA
GetQueueStatus
GetAsyncKeyState
GetDlgItemTextW
MessageBoxIndirectW
MsgWaitForMultipleObjectsEx
CheckDlgButton
GetCursorPos
GetWindowRgn
SystemParametersInfoA
AdjustWindowRectEx
DdeQueryConvInfo
LoadStringW
GetMenuCheckMarkDimensions
CharLowerBuffW
CharLowerBuffA
BringWindowToTop
LoadCursorA
InSendMessage
GetClassLongA
GetMenuDefaultItem
DdeClientTransaction
PostThreadMessageW
GetMenuItemInfoA
EnumThreadWindows
GetSysColorBrush
CharNextA
MapVirtualKeyExW
SetDlgItemTextW
CreateIconFromResourceEx
GetKeyboardLayout
EnumDesktopWindows
GetCursor
GetWindowTextLengthW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
GetMenuItemInfoW
GetKeyboardType
ReplyMessage
DrawMenuBar
UnlockUrlCacheEntryStream
ConnectToPrinterDlg
DocumentPropertiesW
SetPrinterDataW
PrinterProperties
ReadPrinter
AddJobA
GetPrinterDataA
SetFormA
DocumentPropertiesA
DeviceCapabilitiesA
SetFormW
ResetPrinterW
EnumPortsA
GetPrinterDataExW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
DeletePrintProvidorA
DeleteMonitorW
EnumFormsW
EnumPrinterDriversA
DeletePortA
EnumPrintProcessorDatatypesA
DeletePrinterDriverA
StartPagePrinter
DeletePrinterKeyA
ScheduleJob
DeletePrinterDataW
EnumMonitorsW
GetJobW
DeletePrinterDriverW
GetFormW
EndPagePrinter
SetJobW
EnumPrinterKeyW
PrinterMessageBoxW
WaitForPrinterChange
AddPrinterDriverA
StartDocPrinterW
FindClosePrinterChangeNotification
DeleteFormA
SetJobA
EnumPrintersW
AddPrinterW
DeletePrintProcessorA
DeletePrinterDriverExA
FindTextA
PrintDlgW
GetFileTitleW
PageSetupDlgA
ChooseColorA
FindTextW
CommDlgExtendedError
ChooseFontA
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.8.3.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Japan (Shift - JIS X-0208)

InitializedDataSize
688128

FileOS
Unknown (0x11004)

MIMEType
application/octet-stream

LegalCopyright
O86S54o0M8k8 1999-2001

FileVersion
6.8.3.3

TimeStamp
2005:08:31 23:06:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
yY03Jv0BJ3v.exe

ProductVersion
6.8.3.3

FileDescription
wa7A2Ow2848n

OSVersion
4.0

OriginalFilename
yY03Jv0BJ3v.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Open Software Associates Ltd.

CodeSize
217088

ProductName
zV4x18IZ

ProductVersionNumber
6.8.3.3

EntryPoint
0x28f46

ObjectFileType
Executable application

File identification
MD5 71b4db5b59831d00002af19949898a4f
SHA1 ff838beead6d6c0e61c4ec8460b9d3cc1faee24d
SHA256 82ef7aaec07b660ce55777dab1e6e316ac4794f059cb486932de559d23baea0f
ssdeep
3072:dSb7YuIPSKvwsTiOrjP7S9BKZWbm6ZGGQh9gcGrP2KcDFHZSrLN4WGYSK0TrW/W0:dSXTIS8w0iGjP7UB3b89KrXGFHZ+LFS

authentihash 25440b945e18ecaa91a4161b30bcbb29a578d2b694cca4e124215872a4a67f1e
imphash 604f12d584edfb4b4b505a0f30275846
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-27 14:10:28 UTC ( 3 years, 11 months ago )
Last submission 2015-03-27 14:10:28 UTC ( 3 years, 11 months ago )
File names yY03Jv0BJ3v.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications