× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87292eb2559addab715e211e4eb29a8531818481c1487243c22cc67022e10495
File name: 14d246517113c0873548b76364dc4b9808ba618b
Detection ratio: 10 / 55
Analysis date: 2015-01-22 23:22:30 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20150122
Avira (no cloud) TR/Crypt.EPACK.31073 20150122
Baidu-International Trojan.Win32.Zbot.bACB 20150122
ESET-NOD32 Win32/Spy.Zbot.ACB 20150122
Kaspersky Trojan-Spy.Win32.Zbot.uwji 20150122
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hz 20150122
Panda Trj/Genetic.gen 20150122
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150123
Sophos AV Mal/Generic-S 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0122 20150123
Ad-Aware 20150123
Yandex 20150122
Alibaba 20150120
ALYac 20150123
Antiy-AVL 20150122
Avast 20150122
AVG 20150122
AVware 20150122
BitDefender 20150122
Bkav 20150122
ByteHero 20150123
CAT-QuickHeal 20150122
ClamAV 20150122
CMC 20150120
Comodo 20150122
Cyren 20150122
DrWeb 20150122
Emsisoft 20150122
F-Prot 20150122
F-Secure 20150122
Fortinet 20150121
GData 20150122
Ikarus 20150122
Jiangmin 20150122
K7AntiVirus 20150122
Kingsoft 20150123
Malwarebytes 20150122
McAfee 20150122
Microsoft 20150122
eScan 20150122
NANO-Antivirus 20150122
Norman 20150122
nProtect 20150122
Rising 20150122
SUPERAntiSpyware 20150122
Symantec 20150122
Tencent 20150123
TheHacker 20150122
TotalDefense 20150122
TrendMicro 20150122
VBA32 20150122
VIPRE 20150123
ViRobot 20150122
Zillya 20150122
Zoner 20150121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-02 19:15:17
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
PlayMetaFileRecord
CreateICA
GetRelAbs
GetTextExtentExPointI
SetICMProfileA
SetDCBrushColor
GdiPlayJournal
GetTextCharset
CombineRgn
GetClipBox
UpdateColors
CreateMetaFileW
PaintRgn
GetTextExtentExPointA
GdiGetDevmodeForPage
EnumFontFamiliesW
CreateDiscardableBitmap
GetCharWidthW
SetWorldTransform
Arc
ChoosePixelFormat
GetOutlineTextMetricsA
BitBlt
SetDIBitsToDevice
GetDCBrushColor
SetAbortProc
FillPath
SetMiterLimit
CreateFontA
DrawEscape
GetPolyFillMode
ExtSelectClipRgn
CreateCompatibleDC
PolyBezierTo
GetRasterizerCaps
GetKerningPairsW
GetTextExtentPoint32A
GetStretchBltMode
GetFontData
CopyMetaFileA
CreateFontIndirectExW
SetSystemPaletteUse
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:05:02 20:15:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
422912

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
151561

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 16a26d9ccd28bc6d13a4ae8efe5d9b16
SHA1 0da070b99c4126848a40808c37efda16cfaf5a2c
SHA256 87292eb2559addab715e211e4eb29a8531818481c1487243c22cc67022e10495
ssdeep
3072:aiC2DYAoaTAkLszRztAfsoy71Yj6rhXp53R/baW1Uiz:aiC2DYAog41zu0j1u6rr5BDdCiz

authentihash 4901f31316e86bb43ec1232afd42cf8051de5fc85f85a6b40f920c5a9b79ec21
imphash 5139ccb01d257905a0c9cb06ba82c23d
File size 562.0 KB ( 575488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-22 00:56:43 UTC ( 4 years, 2 months ago )
Last submission 2015-01-22 23:22:30 UTC ( 4 years, 2 months ago )
File names 14d246517113c0873548b76364dc4b9808ba618b
10r1.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DHU15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.