× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 869678c0c8becee6eb83e45b85fa59f190ab19a307083e78fdbfc1dd9157d80e
File name: exec.ex
Detection ratio: 42 / 46
Analysis date: 2013-02-14 23:00:22 UTC ( 5 years ago )
Antivirus Result Update
Yandex TrojanSpy.ZBot.Gen!Pac.12 20130214
AhnLab-V3 Win-Trojan/Zbot.90112.K 20130214
AntiVir TR/Crypt.XPACK.Gen 20130214
Avast Win32:MalOb-FE [Cryp] 20130214
AVG Win32/Heri 20130214
BitDefender Worm.Generic.224296 20130214
ByteHero Virus.Win32.Heur.e 20130214
ClamAV Trojan.Zbot-7055 20130214
Commtouch W32/Zbot.AND 20130214
Comodo NetWorm.Win32.Koobface.~R 20130214
DrWeb Trojan.Webmoner.60972 20130214
Emsisoft Worm.Generic.224296 (B) 20130214
eSafe Win32.Zbot 20130211
ESET-NOD32 a variant of Win32/Kryptik.BSE 20130214
F-Prot W32/Zbot.AND 20130214
F-Secure Worm.Generic.224296 20130214
Fortinet W32/Kryptik.L!worm 20130214
GData Worm.Generic.224296 20130214
Ikarus Net-Worm.Win32.Koobface 20130214
Jiangmin TrojanSpy.Zbot.yxl 20130214
K7AntiVirus Riskware 20130214
Kaspersky Trojan-Spy.Win32.Zbot.adru 20130214
Kingsoft Win32.Troj.Zbot.(kcloud) 20130204
McAfee W32/Koobface.worm.gen.w 20130214
McAfee-GW-Edition W32/Koobface.worm.gen.w 20130214
Microsoft PWS:Win32/Zbot.gen!R 20130214
eScan Worm.Generic.224296 20130214
NANO-Antivirus Trojan.Win32.Zbot.lcau 20130214
Norman Suspicious_Gen2.PCDIU 20130214
nProtect Trojan-Spy/W32.ZBot.90112.BF 20130214
Panda Trj/Pck_Pretorx.A 20130214
PCTools Trojan.Zbot 20130214
Rising Trojan.Win32.Generic.11EBB691 20130205
Sophos AV Mal/FakeSpy-A 20130214
Symantec Trojan.Zbot 20130214
TheHacker Trojan/Spy.Zbot.adru 20130214
TotalDefense Win32/Kollah.MBL 20130214
TrendMicro TROJ_GEN.RCBOCHR 20130214
TrendMicro-HouseCall WORM_PKOOBF.SMC 20130214
VBA32 Malware-Cryptor.Win32.General.4.1 20130214
VIPRE Trojan-Dropper.Win32.XoredBinary.a (v) 20130214
ViRobot Spyware.Zbot.90112.Q 20130214
Antiy-AVL 20130214
CAT-QuickHeal 20130214
Malwarebytes 20130214
SUPERAntiSpyware 20130214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(_) __________ __________, 1995-2001

Publisher __________ __________
Product Zone.com
File version 1.2.626.1
Description Zone Datafile
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-06-13 00:40:35
Entry Point 0x00001083
Number of sections 4
PE sections
PE imports
GetModuleHandleA
GlobalFree
GlobalAlloc
ExitProcess
VirtualProtect
LoadLibraryA
GetProcAddress
DragFinish
wsprintfA
MessageBoxA
timeSetEvent
GetOpenFileNameA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2002:06:13 01:40:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
6.13

EntryPoint
0x1083

InitializedDataSize
3072

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
4.0

UninitializedDataSize
94208

File identification
MD5 e4ccbb9eca447a6095926f076da414c0
SHA1 93f5615594fe1d5be8b14d5683e24b31c63220cc
SHA256 869678c0c8becee6eb83e45b85fa59f190ab19a307083e78fdbfc1dd9157d80e
ssdeep
1536:rFXlxl6dp2SL/fiO17QWHxkv79eNH3G7dVZiCl9wx1MNgb406lOgQtba9:r9Ar2SL/fi8NOOYdVprwx1Yf06loba9

File size 88.0 KB ( 90112 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-01-11 03:34:23 UTC ( 8 years, 1 month ago )
Last submission 2013-02-14 23:00:22 UTC ( 5 years ago )
File names 0WYn.dwg
d5dn1.fon
aa
exec.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!