× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 83b7eef50ea60f22399337e0a4f65bb46ed8f29ac790690bd0cb9b877269f0fe
File name: WebMoney Keeper Classic
Detection ratio: 44 / 55
Analysis date: 2014-09-25 00:05:26 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.46137 20140925
Yandex TrojanSpy.Zbot!jLDZHvbPsjY 20140924
AhnLab-V3 Trojan/Win32.Agent 20140924
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140924
Avast Win32:GenMalicious-NI [Trj] 20140925
AVG Crypt3.AKVR 20140924
Avira (no cloud) TR/Spy.ZBot.tkwim 20140924
AVware Trojan.Win32.Generic!SB.0 20140924
Baidu-International Trojan.Win32.Zbot.aMEi 20140924
BitDefender Gen:Variant.Symmi.46137 20140925
Bkav HW32.Paked.672F 20140923
CAT-QuickHeal TrojanSpy.Zbot.r4 20140924
Comodo UnclassifiedMalware 20140924
Cyren W32/Trojan.PLFR-8518 20140925
DrWeb Trojan.PWS.Panda.2977 20140924
Emsisoft Gen:Variant.Symmi.46137 (B) 20140924
ESET-NOD32 Win32/Spy.Zbot.AAO 20140924
F-Secure Gen:Variant.Symmi.46137 20140924
Fortinet W32/Zbot.AAO!tr 20140925
GData Gen:Variant.Symmi.46137 20140924
Ikarus Win32.SuspectCrc 20140924
K7AntiVirus Spyware ( 0029a43a1 ) 20140924
K7GW Trojan ( 050000001 ) 20140924
Kaspersky Trojan-Spy.Win32.Zbot.tvvg 20140924
Kingsoft Win32.Troj.Zbot.tv.(kcloud) 20140925
Malwarebytes Spyware.Zbot.ED 20140924
McAfee RDN/Generic PWS.y!b2s 20140924
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20140924
Microsoft PWS:Win32/Zbot.CIT 20140924
eScan Gen:Variant.Symmi.46137 20140925
NANO-Antivirus Trojan.Win32.Zbot.decbke 20140924
Norman Troj_Generic.VLJWK 20140924
Panda Trj/Genetic.gen 20140924
Qihoo-360 Win32/Trojan.054 20140925
Rising PE:Trojan.Win32.Generic.17393E2B!389627435 20140924
Sophos Mal/Generic-S 20140925
SUPERAntiSpyware Trojan.Agent/Gen-Zusy 20140925
Symantec WS.Reputation.1 20140925
Tencent Win32.Trojan.Bp-generic.Ixrn 20140925
TotalDefense Win32/Zbot.caABTX 20140924
TrendMicro TROJ_GEN.R0CBC0FHP14 20140924
TrendMicro-HouseCall TROJ_GEN.R0CBC0FHP14 20140924
VBA32 TrojanSpy.Zbot 20140924
VIPRE Trojan.Win32.Generic!SB.0 20140924
AegisLab 20140925
ByteHero 20140925
ClamAV 20140924
CMC 20140924
F-Prot 20140924
Jiangmin 20140924
nProtect 20140924
TheHacker 20140924
ViRobot 20140924
Zillya 20140923
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © 1998-2012 by CJSC "Computing Forces"

Publisher CJSC "Computing Forces"
Product WebMoney Keeper Classic
Original name webmoney.exe
Internal name WebMoney Keeper Classic
File version 3.9.9.0
Description WebMoney Keeper Classic Runner Module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-20 10:32:57
Entry Point 0x00002B3B
Number of sections 4
PE sections
Number of PE resources by type
RT_DIALOG 2
RT_ICON 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
File identification
MD5 29fb14b41c20af6e6d2ac936b3fe03e9
SHA1 a56033bf20a950be4e24a0737407c6ce13981c16
SHA256 83b7eef50ea60f22399337e0a4f65bb46ed8f29ac790690bd0cb9b877269f0fe
ssdeep
6144:LgGAmp4ZzVdctGXoVChORVP0ojUjP8CWhvjyvAKS:LgGAmU/4GFhO3P0oj+PZWtj0AKS

authentihash ce9e0bd3449e57586e7fbb8de98a3ca54c71aceafeeb6ace8c1a48e981e95cf1
imphash 406af67fd4bad5ae2eb4927756ce485d
File size 233.0 KB ( 238592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-23 07:32:05 UTC ( 2 years, 8 months ago )
Last submission 2014-08-23 07:32:05 UTC ( 2 years, 8 months ago )
File names WebMoney Keeper Classic
webmoney.exe
29fb14b41c20af6e6d2ac936b3fe03e9
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications