× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8843151d0040233909743b35a2f0045a77e8ec1948b6d5919a748508287d9ad3
File name: vbII.10-1702.3
Detection ratio: 48 / 57
Analysis date: 2016-10-31 06:44:38 UTC ( 5 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.VBRan.Gen.1 20161031
AhnLab-V3 Trojan/Win32.Zbot.R98296 20161030
ALYac Trojan.VBRan.Gen.1 20161031
Antiy-AVL Trojan[Spy]/Win32.Zbot 20161031
Avast Win32:Cutwail-CJ [Trj] 20161031
AVG PSW.Generic12.ACKM 20161031
Avira (no cloud) TR/Spy.ZBot.rodn 20161030
AVware Trojan.Win32.Fareit.vba (v) 20161031
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9976 20161031
BitDefender Trojan.VBRan.Gen.1 20161031
Bkav HW32.Packed.DCDF 20161030
CAT-QuickHeal VirTool.VBInject.AC3 20161031
CMC Trojan-Spy.Win32.Zbot!O 20161031
Comodo TrojWare.Win32.Injector.ABWX 20161031
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/VBInject.FJ.gen!Eldorado 20161031
DrWeb Trojan.PWS.Panda.2401 20161031
Emsisoft Trojan.VBRan.Gen.1 (B) 20161031
ESET-NOD32 a variant of Win32/Injector.AXYV 20161031
F-Prot W32/VBInject.FJ.gen!Eldorado 20161031
F-Secure Trojan.VBRan.Gen.1 20161031
Fortinet W32/Agent.ADBJ!tr 20161031
GData Trojan.VBRan.Gen.1 20161031
Ikarus Trojan-Spy.Win32.Zbot 20161030
Invincea virtool.win32.injector.fq 20161018
Jiangmin TrojanSpy.Zbot.ecdm 20161031
K7AntiVirus Trojan ( 0040f79d1 ) 20161030
K7GW Trojan ( 0040f79d1 ) 20161031
Kaspersky HEUR:Trojan.Win32.Generic 20161031
Malwarebytes Trojan.Crypt.NKN 20161031
McAfee Trojan-FDQD 20161031
McAfee-GW-Edition BehavesLike.Win32.AAEH.fc 20161031
Microsoft VirTool:Win32/VBInject 20161031
eScan Trojan.VBRan.Gen.1 20161031
NANO-Antivirus Trojan.Win32.Zbot.dybqpj 20161031
Panda Trj/CI.A 20161030
Qihoo-360 HEUR/Malware.QVM03.Gen 20161031
Rising Malware.Generic!BjHrmg3MYJE@3 (thunder) 20161031
Sophos Troj/Agent-ADBJ 20161031
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20161031
Symantec Heur.AdvML.B 20161031
Tencent Win32.Trojan-spy.Zbot.Fse 20161031
TrendMicro TSPY_ZBOT.YTMG 20161031
TrendMicro-HouseCall TSPY_ZBOT.YTMG 20161031
VBA32 TrojanSpy.Zbot 20161029
VIPRE Trojan.Win32.Fareit.vba (v) 20161031
Yandex TrojanSpy.Zbot!K/NP/GktI0Q 20161030
Zillya Trojan.Zbot.Win32.149037 20161028
AegisLab 20161031
Alibaba 20161031
Arcabit 20161031
ClamAV 20161031
Kingsoft 20161031
nProtect 20161028
TheHacker 20161029
TotalDefense 20161028
ViRobot 20161031
Zoner 20161031
File identification
MD5 02dcc1398bcc8435be3ca1dbc4608d82
SHA1 c5a01b65fe7b13c203d55ee1f8937fed8f799a30
SHA256 8843151d0040233909743b35a2f0045a77e8ec1948b6d5919a748508287d9ad3

authentihash 7e91a5f90bd18b1d91043e0305720328093c53658a8997dcb1e719b84c93c6d4
File size 312.7 KB ( 320218 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)

VirusTotal metadata
First submission 2014-02-17 19:19:59 UTC ( 3 years, 2 months ago )
Last submission 2014-02-17 23:40:21 UTC ( 3 years, 2 months ago )
File names 8843151d0040233909743b35a2f0045a77e8ec1948b6d5919a748508287d9ad3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests