× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8440328c7074adf5ef82ab8616b5987dc6613ad6dd0a1ee4460eb7adeb4e3f82
File name: 9649ac5cacb56ea298e433c15f9cbc39c64d9326
Detection ratio: 46 / 53
Analysis date: 2014-05-16 03:49:43 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Zbot.D 20140516
AhnLab-V3 Win-Trojan/Zbot.95744.BY 20140515
AntiVir TR/Kazy.MK 20140516
Avast Win32:Zbot-NRC [Trj] 20140516
AVG PSW.Generic8.BBWC 20140515
BitDefender Backdoor.Zbot.D 20140516
Bkav W32.AppdataSoutLnr.Trojan 20140515
CAT-QuickHeal TrojanPWS.Zbot.Y3 20140515
ClamAV Trojan.Spy.Zbot-142 20140516
CMC Trojan-Spy.Win32.Zbot!O 20140512
Commtouch W32/Zbot.BR.gen!Eldorado 20140516
Comodo TrojWare.Win32.Kazy.MKE 20140516
DrWeb Trojan.PWS.Panda.1672 20140516
Emsisoft Backdoor.Zbot.D (B) 20140516
ESET-NOD32 Win32/Spy.Zbot.YW 20140516
F-Prot W32/Zbot.BR.gen!Eldorado 20140516
F-Secure Backdoor.Zbot.D 20140516
Fortinet W32/ZBot.DS!tr 20140516
GData Backdoor.Zbot.D 20140516
Ikarus Trojan-Spy.Win32.Zbot 20140516
Jiangmin TrojanSpy.Zbot.zjx 20140515
K7AntiVirus Spyware ( 00222ac61 ) 20140515
K7GW Spyware ( 00222ac61 ) 20140515
Kaspersky Trojan-Spy.Win32.Zbot.jadh 20140516
Kingsoft Win32.Troj.Generic.c.(kcloud) 20140516
Malwarebytes Trojan.Zbot 20140516
McAfee PWS-Zbot.gen.ds 20140516
McAfee-GW-Edition PWS-Zbot.gen.ds 20140515
Microsoft PWS:Win32/Zbot.gen!Y 20140516
eScan Backdoor.Zbot.D 20140516
NANO-Antivirus Trojan.Win32.Zbot.iljpy 20140516
Norman Crypt.BAJJ 20140515
nProtect Trojan/W32.Agent.95744.JT 20140515
Panda Trj/Sinowal.WXO 20140515
Qihoo-360 Malware.QVM20.Gen 20140516
Rising PE:Stealer.Zbot!1.648A 20140507
Sophos AV Mal/Zbot-HX 20140516
SUPERAntiSpyware Trojan.Agent/Gen-Frauder 20140516
Symantec Trojan.Zbot 20140516
TheHacker Trojan/Spy.Zbot.bfgu 20140515
TotalDefense Win32/Zbot.ECQ 20140515
TrendMicro TSPY_ZBOT.SMIG 20140516
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20140516
VBA32 SScope.Trojan.FakeAV.01110 20140514
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20140516
ViRobot Trojan.Win32.Zbot.95744.M 20140515
AegisLab 20140516
Yandex 20140515
Antiy-AVL 20140516
Baidu-International 20140515
ByteHero 20140516
Tencent 20140516
Zillya 20140516
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-11 22:39:06
Entry Point 0x0000574D
Number of sections 3
PE sections
Overlays
MD5 c38e4404d78d21c9de12dacca8de0299
File type data
Offset 95232
Size 512
Entropy 7.61
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
OpenThreadToken
RegSetValueExW
CryptGetHashParam
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
Thread32Next
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
GetTempPathW
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
InitializeCriticalSection
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateEventW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
VirtualQueryEx
SetEndOfFile
GetProcAddress
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
WriteFile
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
VirtualAllocEx
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
PathRenameExtensionW
StrCmpNIW
wvnsprintfA
SHDeleteKeyW
PathUnquoteSpacesW
PathFindFileNameW
PathRemoveFileSpecW
PathMatchSpecW
PathIsURLW
PathAddBackslashW
PathQuoteSpacesW
UrlUnescapeA
wvnsprintfW
PathSkipRootW
SHDeleteValueW
StrCmpNIA
PathCombineW
PathIsDirectoryW
PathRemoveBackslashW
PathAddExtensionW
GetUserNameExW
GetCursorPos
CharLowerA
LoadImageW
PeekMessageW
GetKeyboardState
CharToOemW
TranslateMessage
DrawIcon
CharUpperW
CharLowerW
ToUnicode
MsgWaitForMultipleObjects
CharLowerBuffA
GetIconInfo
DispatchMessageW
ExitWindowsEx
GetClipboardData
HttpSendRequestA
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetReadFileExA
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
shutdown
accept
WSAStartup
freeaddrinfo
connect
getsockname
WSASetLastError
WSAGetLastError
recv
send
select
listen
WSAEventSelect
getpeername
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CLSIDFromString
StringFromGUID2
ExifTool file metadata
FileAccessDate
2014:05:24 20:08:16+01:00

FileCreateDate
2014:05:24 20:08:16+01:00

Compressed bundles
File identification
MD5 78c00cd8930229a1d34b334f983a633b
SHA1 060868d663c6688cd5ccedf4b9f0a625e7633bf8
SHA256 8440328c7074adf5ef82ab8616b5987dc6613ad6dd0a1ee4460eb7adeb4e3f82
ssdeep
1536:uwH8lClr3QF/GTqg8HLhobQLAfm5b8HLljs2mwEhstzWrYo:HLlr39Og8HlKQLAfMmLljJmwEixWrT

authentihash de046e031a506385b62a1e4bd885624faec38e416eaf4bd1c81cb512db245da9
imphash 608b524939a4ae825f572a36fd684373
File size 93.5 KB ( 95744 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.6%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Sybase iAnywhere database files (0.1%)
Tags
mz overlay

VirusTotal metadata
First submission 2014-05-16 03:49:43 UTC ( 3 years, 2 months ago )
Last submission 2014-05-24 19:07:15 UTC ( 3 years, 2 months ago )
File names 78c00cd8930229a1d34b334f983a633b
jazz.exe
ZeuS_binary_78c00cd8930229a1d34b334f983a633b.exe
9649ac5cacb56ea298e433c15f9cbc39c64d9326
78c00cd8930229a1d34b334f983a633b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!