× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8824645af4ad1dde2adaf97ebcdf46fb0eea80f95714b9da784fbde8b1c937ed
File name: vt-upload-ZGPWT
Detection ratio: 19 / 52
Analysis date: 2014-05-26 08:28:45 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic 20140525
AntiVir TR/Spy.ZBot.abs.2 20140526
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140526
AVG Zbot.JCX 20140526
DrWeb Trojan.Winlock.6674 20140526
ESET-NOD32 Win32/Spy.Zbot.ABS 20140526
Fortinet W32/Zbot.SWVW!tr 20140526
Ikarus Trojan-Spy.Zbot 20140526
Kaspersky Trojan-Spy.Win32.Zbot.swvw 20140526
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140526
McAfee Artemis!223AC99820FA 20140526
McAfee-GW-Edition Artemis!223AC99820FA 20140525
Qihoo-360 Win32/Trojan.Spy.1cf 20140526
Rising PE:Malware.Obscure/Heur!1.9E03 20140526
Sophos AV Mal/Generic-S 20140526
Symantec WS.Reputation.1 20140526
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140526
TrendMicro-HouseCall TROJ_GEN.R0CBB01EP14 20140526
VIPRE Trojan.Win32.Generic!BT 20140526
Ad-Aware 20140526
AegisLab 20140526
Yandex 20140525
Avast 20140526
Baidu-International 20140526
BitDefender 20140526
Bkav 20140523
ByteHero 20140526
CAT-QuickHeal 20140525
ClamAV 20140526
CMC 20140525
Commtouch 20140526
Comodo 20140526
Emsisoft 20140526
F-Prot 20140525
F-Secure 20140525
GData 20140526
Jiangmin 20140526
K7AntiVirus 20140523
K7GW 20140523
Malwarebytes 20140526
Microsoft 20140526
eScan 20140526
NANO-Antivirus 20140526
Norman 20140525
nProtect 20140525
Panda 20140525
SUPERAntiSpyware 20140525
TheHacker 20140526
TotalDefense 20140525
TrendMicro 20140526
VBA32 20140523
ViRobot 20140526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-21 17:33:40
Entry Point 0x00001000
Number of sections 3
PE sections
Overlays
MD5 57ef4640caa56967ba309898723448fb
File type data
Offset 20480
Size 199539
Entropy 6.71
PE imports
FileTimeToSystemTime
GetCurrentProcess
GetProcessTimes
SystemTimeToTzSpecificLocalTime
CreateWindowExW
CreateGenericComposite
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:21 18:33:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18944

LinkerVersion
7.1

EntryPoint
0x1000

InitializedDataSize
5120

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 223ac99820fa2116837dd83a0bff3f3e
SHA1 80bfcfffc2de1c268d6ee838835767883230b5a4
SHA256 8824645af4ad1dde2adaf97ebcdf46fb0eea80f95714b9da784fbde8b1c937ed
ssdeep
3072:ouaZZjRYJ7pnMHFzkB0CGObsJQDbM8AKUyyCnkb5B:X82J7pnMHXOQJQDbM3KUTCno5B

authentihash b38074d89af3f75b5998ec5bf989b2440ed58ccb278376ba15cf286a3146e35c
imphash 48962ebbae17cc219c7a45379fe54d86
File size 214.9 KB ( 220019 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-26 08:28:45 UTC ( 4 years, 10 months ago )
Last submission 2015-06-12 12:28:41 UTC ( 3 years, 9 months ago )
File names vt-upload-ZGPWT
008080192
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs