× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a85987cd0045ad003c6b0704e5c060c73269fd5adfdef129c35ec403ac00153
File name: a1ba4d033214371c006e1dd4099d78a4.virus
Detection ratio: 50 / 70
Analysis date: 2019-02-14 17:33:23 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Gen:Variant.Zboter.2 20190214
AhnLab-V3 Spyware/Win32.Zbot.R146584 20190214
Antiy-AVL Trojan/Win32.SGeneric 20190214
Arcabit Trojan.Zboter.2 20190213
Avast Win32:Zbot-UXR [Trj] 20190214
AVG Win32:Zbot-UXR [Trj] 20190214
Avira (no cloud) TR/Dropper.Gen 20190214
BitDefender Gen:Variant.Zboter.2 20190214
CAT-QuickHeal Trojan.Ceeinject.A4 20190214
ClamAV Win.Trojan.DustySky-22 20190214
Comodo TrojWare.Win32.Senta.B@7jlodw 20190214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.332143 20190109
Cylance Unsafe 20190214
Cyren W32/Trojan.BBI.gen!Eldorado 20190214
DrWeb Trojan.PWS.Tinba.161 20190214
eGambit Unsafe.AI_Score_56% 20190214
Emsisoft Gen:Variant.Zboter.2 (B) 20190214
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Tinba.BJ 20190214
F-Secure Trojan.TR/Dropper.Gen 20190214
Fortinet W32/Injector.BYOF!tr 20190214
GData Gen:Variant.Zboter.2 20190214
Ikarus Trojan.Win32.Injector 20190214
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.Injector.avto 20190214
K7AntiVirus Trojan ( 004c660a1 ) 20190214
K7GW Trojan ( 004c660a1 ) 20190214
Kaspersky HEUR:Trojan.Win32.Generic 20190214
McAfee Packed-EK!A1BA4D033214 20190214
McAfee-GW-Edition BehavesLike.Win32.Generic.nh 20190214
Microsoft Trojan:Win32/Senta!rfn 20190214
eScan Gen:Variant.Zboter.2 20190214
NANO-Antivirus Trojan.Win32.Tinba.drhznm 20190214
Panda Generic Suspicious 20190214
Qihoo-360 HEUR/QVM07.1.3A0D.Malware.Gen 20190214
Rising Trojan.Injector!1.B427 (CLASSIC) 20190214
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/HkMain-DO 20190214
SUPERAntiSpyware Backdoor.Bot/Variant 20190213
Symantec SMG.Heur!gen 20190214
TACHYON Trojan-Spy/W32.Banker.101300.B 20190214
TrendMicro TROJ_MALKRYP.SM7 20190214
TrendMicro-HouseCall TROJ_MALKRYP.SM7 20190214
VBA32 TrojanPSW.Tinba 20190214
Webroot Trojan.Dropper.Gen 20190214
Yandex Trojan.Agent!YKtao+aJKmY 20190213
Zillya Dropper.Injector.Win32.66668 20190213
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190214
AegisLab 20190214
Alibaba 20180921
ALYac 20190214
Avast-Mobile 20190214
Babable 20180918
Baidu 20190202
Bkav 20190214
CMC 20190214
F-Prot 20190214
Kingsoft 20190214
Malwarebytes 20190214
MAX 20190214
Palo Alto Networks (Known Signatures) 20190214
Symantec Mobile Insight 20190207
Tencent 20190214
TheHacker 20190212
TotalDefense 20190214
Trapmine 20190123
Trustlook 20190214
ViRobot 20190214
Zoner 20190214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-16 22:54:26
Entry Point 0x000070F4
Number of sections 4
PE sections
Overlays
MD5 aed08f1af7fd37ad6380f334f339b3d9
File type application/zip
Offset 49152
Size 52148
Entropy 7.99
PE imports
SelectPalette
DeleteObject
CreatePalette
StretchDIBits
GetACP
GetSystemTimeAdjustment
SetCurrentDirectoryW
TerminateProcess
MapViewOfFile
GetCurrentProcessId
SetFilePointer
UnmapViewOfFile
GetCurrentDirectoryA
ClearCommBreak
HeapDestroy
GetStartupInfoW
CloseHandle
GetCurrentThread
GetModuleHandleW
GetTimeFormatA
Ord(3820)
Ord(6113)
Ord(4621)
Ord(6332)
Ord(350)
Ord(354)
Ord(2980)
Ord(6371)
Ord(2438)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(641)
Ord(5233)
Ord(3449)
Ord(2388)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(1165)
Ord(2486)
Ord(617)
Ord(366)
Ord(4154)
Ord(4604)
Ord(5710)
Ord(4692)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(2874)
Ord(4606)
Ord(4335)
Ord(3345)
Ord(2619)
Ord(1767)
Ord(975)
Ord(4480)
Ord(4229)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(1089)
Ord(4158)
Ord(5573)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(2385)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5097)
Ord(1131)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(3054)
Ord(3658)
Ord(5296)
Ord(6372)
Ord(3131)
Ord(825)
Ord(5059)
Ord(3825)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
_except_handler3
__p__fmode
_CxxThrowException
_adjust_fdiv
__CxxFrameHandler
??1type_info@@UAE@XZ
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_exit
__set_app_type
TrackPopupMenu
UpdateWindow
EnableWindow
MessageBoxIndirectA
MoveWindow
GetClientRect
GetDlgItemTextW
SetDlgItemTextW
Number of PE resources by type
RT_STRING 13
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
KOREAN 13
ENGLISH US 1
ITALIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:16 23:54:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x70f4

OSVersion
4.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a1ba4d033214371c006e1dd4099d78a4
SHA1 043009277c444705ae36f6340594725566556e70
SHA256 8a85987cd0045ad003c6b0704e5c060c73269fd5adfdef129c35ec403ac00153
ssdeep
3072:uuL4O96w0G1+au2xBBbLD2QaGfDySmwzEJMvYe+O7d/R:t8O96wt+72xHLSsyShcMJ+4hR

authentihash 457bde7ab360e1ba8a60a055ae69b0f56d445b3b75c157890c3ac3e115ade951
imphash 5085ed1633abf7ace84c9102f89d288f
File size 98.9 KB ( 101300 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-14 17:33:23 UTC ( 2 months, 1 week ago )
Last submission 2019-02-14 17:33:23 UTC ( 2 months, 1 week ago )
File names a1ba4d033214371c006e1dd4099d78a4.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!