× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ac887af041a3dab00f3d9bff816fd591f03b7bf9c922fe78336b934f8514b83
File name: 0117dfc6f23b6c2e19172f49a2bed74f.exe
Detection ratio: 46 / 56
Analysis date: 2015-02-07 10:08:40 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.37596 20150207
Yandex Trojan.Injector!SW7PB6fKjyI 20150206
AhnLab-V3 Spyware/Win32.Zbot 20150207
ALYac Gen:Variant.Symmi.37596 20150207
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150207
Avast Win32:Zbot-SGB [Trj] 20150206
AVG SHeur4.BROK 20150207
Avira (no cloud) TR/Crypt.XPACK.Gen 20150207
AVware Trojan.Win32.Fareit.if (v) 20150207
Baidu-International Trojan.Win32.Zbot.aic 20150207
BitDefender Gen:Variant.Symmi.37596 20150207
Bkav W32.GhiafeLTW.Trojan 20150207
CAT-QuickHeal TrojanPWS.Zbot.Gen 20150205
Comodo TrojWare.Win32.Injector.AUHX 20150207
DrWeb Trojan.DownLoad.64769 20150207
Emsisoft Gen:Variant.Symmi.37596 (B) 20150207
ESET-NOD32 a variant of Win32/Injector.AUHX 20150207
F-Secure Gen:Variant.Symmi.37596 20150207
Fortinet W32/Zbot.OA!tr 20150207
GData Gen:Variant.Symmi.37596 20150207
Ikarus Trojan-Spy.Win32.Zbot 20150207
K7AntiVirus Trojan ( 004923e51 ) 20150207
K7GW Trojan ( 004923e51 ) 20150207
Kaspersky Trojan-Spy.Win32.Zbot.rbqn 20150207
Kingsoft Win32.Troj.Zbot.rb.(kcloud) 20150207
Malwarebytes Spyware.Zbot.ED 20150207
McAfee Downloader-FEX!0117DFC6F23B 20150207
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20150206
Microsoft VirTool:Win32/CeeInject.gen!KK 20150207
eScan Gen:Variant.Symmi.37596 20150207
NANO-Antivirus Trojan.Win32.Zbot.cscect 20150207
Norman Upatre.AY 20150207
nProtect Trojan-Spy/W32.ZBot.212281 20150206
Panda Trj/Genetic.gen 20150206
Qihoo-360 Win32/Trojan.Spy.8c7 20150207
Rising PE:Malware.Obscure!1.9C59 20150206
Sophos Mal/Zbot-OA 20150207
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20150207
Symantec Trojan.Zbot 20150207
Tencent Win32.Trojan-spy.Zbot.Tz 20150207
TotalDefense Win32/CInject.ZG 20150206
TrendMicro TROJ_SPNV.01LR13 20150207
TrendMicro-HouseCall TROJ_MALKRYPT.SM 20150207
VBA32 TrojanSpy.Zbot 20150206
VIPRE Trojan.Win32.Fareit.if (v) 20150207
Zoner Trojan.Agent.RZB 20150206
AegisLab 20150207
Alibaba 20150206
ByteHero 20150207
ClamAV 20150207
CMC 20150205
Cyren 20150207
F-Prot 20150207
TheHacker 20150206
ViRobot 20150207
Zillya 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-25 16:39:35
Entry Point 0x0000464C
Number of sections 4
PE sections
PE imports
CreateCompatibleBitmap
RealizePalette
HeapSize
LocalFree
GetCurrentProcess
GlobalMemoryStatus
GetStdHandle
GetModuleFileNameA
CreateThread
SetEnvironmentVariableW
GetCurrentProcessId
GetSystemDirectoryW
CreateFileW
GetModuleHandleW
OpenProcess
GetStartupInfoW
FreeEnvironmentStringsW
CreateFileA
GetACP
GetProcAddress
GlobalLock
GetCurrentThread
Ord(3820)
Ord(4726)
Ord(4525)
Ord(5276)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(1719)
Ord(4880)
Ord(527)
Ord(2980)
Ord(3386)
Ord(6371)
Ord(3907)
Ord(2486)
Ord(3394)
Ord(5237)
Ord(4891)
Ord(5208)
Ord(2619)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5006)
Ord(3733)
Ord(5736)
Ord(2244)
Ord(4934)
Ord(4523)
Ord(5247)
Ord(5727)
Ord(4362)
Ord(5303)
Ord(3744)
Ord(1822)
Ord(6617)
Ord(3449)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(978)
Ord(3917)
Ord(4717)
Ord(2392)
Ord(1833)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2717)
Ord(5236)
Ord(4418)
Ord(6228)
Ord(2382)
Ord(2388)
Ord(5277)
Ord(5256)
Ord(6144)
Ord(6222)
Ord(6332)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(3345)
Ord(3636)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2559)
Ord(6195)
Ord(4381)
Ord(338)
Ord(1724)
Ord(6264)
Ord(1165)
Ord(794)
Ord(5097)
Ord(561)
Ord(4526)
Ord(4234)
Ord(5473)
Ord(825)
Ord(4932)
Ord(4604)
Ord(5710)
Ord(641)
Ord(2390)
Ord(4146)
Ord(4401)
Ord(2242)
Ord(2874)
Ord(540)
Ord(6050)
Ord(2503)
Ord(1716)
Ord(4335)
Ord(4692)
Ord(4078)
Ord(4886)
Ord(4233)
Ord(1767)
Ord(384)
Ord(4831)
Ord(4480)
Ord(4229)
Ord(5055)
Ord(344)
Ord(823)
Ord(6267)
Ord(6048)
Ord(2047)
Ord(4537)
Ord(4954)
Ord(813)
Ord(3366)
Ord(2504)
Ord(5257)
Ord(800)
Ord(5157)
Ord(4852)
Ord(4298)
Ord(4955)
Ord(5847)
Ord(5261)
Ord(3074)
Ord(4334)
Ord(1934)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(554)
Ord(5059)
Ord(324)
Ord(657)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(1718)
Ord(4714)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(796)
Ord(4957)
Ord(674)
Ord(4527)
Ord(5070)
Ord(4236)
Ord(2746)
Ord(2618)
Ord(2575)
Ord(4606)
Ord(3715)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(2535)
Ord(2560)
Ord(4414)
Ord(2410)
Ord(858)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(686)
Ord(3476)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2857)
Ord(4397)
Ord(2640)
Ord(303)
Ord(2109)
Ord(3298)
Ord(4421)
Ord(6226)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4434)
Ord(4451)
Ord(2421)
Ord(5193)
Ord(5273)
Ord(4958)
Ord(4582)
Ord(2878)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(5249)
Ord(296)
Ord(2391)
Ord(5296)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(617)
Ord(3826)
Ord(3252)
Ord(2971)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5255)
Ord(5094)
Ord(4420)
Ord(3220)
Ord(2756)
Ord(520)
Ord(4364)
Ord(4435)
Ord(1172)
Ord(4267)
Ord(4830)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(3743)
Ord(6051)
Ord(2536)
Ord(986)
Ord(5813)
Ord(4239)
Ord(3054)
Ord(975)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(364)
Ord(3729)
Ord(1841)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(2083)
Ord(6220)
Ord(4607)
Ord(4341)
Ord(5649)
Ord(5239)
Ord(2251)
Ord(4885)
Ord(5286)
Ord(4690)
Ord(4580)
Ord(4073)
__p__fmode
malloc
__wgetmainargs
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
__p__commode
_initterm
_exit
__set_app_type
GetModuleFileNameExA
RedrawWindow
SystemParametersInfoA
CreateMenu
SendMessageW
UpdateWindow
InflateRect
EnableWindow
GetWindowRect
SetForegroundWindow
GetClientRect
SetWindowLongW
GetWindowLongW
WinHelpA
Number of PE resources by type
RT_STRING 13
RT_DIALOG 2
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:25 17:39:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.1

FileAccessDate
2015:02:07 11:08:48+01:00

EntryPoint
0x464c

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:02:07 11:08:48+01:00

UninitializedDataSize
0

File identification
MD5 0117dfc6f23b6c2e19172f49a2bed74f
SHA1 3c573220e02424df8e5730f95fa7adadb4fc56e5
SHA256 8ac887af041a3dab00f3d9bff816fd591f03b7bf9c922fe78336b934f8514b83
ssdeep
6144:aVdQ7Q/i3W2/23hG/TLKJsUzwoUEPfxkw:aVdAQ/zmqMKJb0oUEPfZ

authentihash e360557e731ca9fc0c817a74ad8591751b216eae28111b8ef474a13a5deb5aca
imphash e895dc94814939c2dda7c0b763bbbe2b
File size 207.3 KB ( 212281 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-12-26 17:12:01 UTC ( 3 years, 3 months ago )
Last submission 2013-12-27 07:31:07 UTC ( 3 years, 3 months ago )
File names 0117dfc6f23b6c2e19172f49a2bed74f
0117dfc6f23b6c2e19172f49a2bed74f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.