× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f1a93610bf2785daaf842b404d79f307dc15373f60f98507997a560e707845f
File name: _012E0000.mem
Detection ratio: 44 / 55
Analysis date: 2015-10-25 01:12:13 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.165 20151026
Yandex Trojan.Agent!GG3oBKUvNuI 20151025
AhnLab-V3 Trojan/Win32.Zbot 20151025
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20151026
Arcabit Trojan.Kazy.165 20151026
Avast Win32:GenMalicious-HMV [Trj] 20151026
AVG PSW.Generic9.BXVJ 20151025
Avira (no cloud) TR/Kazy.MK 20151025
AVware Trojan-PWS.Win32.Zbot.aac (v) 20151026
Baidu-International Trojan.Win32.Zbot.AAQ 20151025
BitDefender Gen:Variant.Kazy.165 20151026
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151024
ClamAV Trojan.Spy.Zbot-142 20151026
Comodo TrojWare.Win32.Kazy.MKD 20151026
Cyren W32/Zbot.BR.gen!Eldorado 20151026
DrWeb Trojan.PWS.Panda.547 20151026
Emsisoft Gen:Variant.Kazy.165 (B) 20151026
ESET-NOD32 Win32/Spy.Zbot.ZR 20151025
F-Prot W32/Zbot.BR.gen!Eldorado 20151026
F-Secure Trojan-Spy:W32/Zbot.AVTH 20151023
Fortinet W32/Zbot.AT!tr 20151026
GData Gen:Variant.Kazy.165 20151026
Ikarus Trojan-Spy.Zbot 20151026
Jiangmin Trojan/Generic.abrvn 20151025
K7AntiVirus Backdoor ( 04c4ee7b1 ) 20151025
K7GW Backdoor ( 04c4ee7b1 ) 20151025
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Trojan.Zbot 20151026
McAfee PWS-Zbot.gen.ds 20151026
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20151026
Microsoft PWS:Win32/Zbot!CI 20151026
eScan Gen:Variant.Kazy.165 20151026
NANO-Antivirus Trojan.Win32.Panda.cqwcny 20151026
Panda Trj/Genetic.gen 20151025
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151026
Rising PE:Stealer.Zbot!1.648A[F1] 20151025
Sophos Mal/Zbot-HX 20151026
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20151025
Symantec Trojan.Zbot 20151025
TrendMicro TSPY_ZBOT.SMIG 20151026
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20151026
VBA32 SScope.Trojan.FakeAV.01110 20151023
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20151026
Zillya Trojan.Zbot.Win32.172045 20151025
AegisLab 20151025
Alibaba 20151026
Bkav 20151025
ByteHero 20151026
CMC 20151026
nProtect 20151023
Tencent 20151026
TheHacker 20151025
TotalDefense 20151025
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-22 14:55:28
Entry Point 0x00012214
Number of sections 3
PE sections
Overlays
MD5 06d715fbe004df15d95792d0daa1f17b
File type data
Offset 143872
Size 513
Entropy 7.56
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
CheckTokenMembership
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
Thread32Next
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
WriteFile
Thread32First
HeapReAlloc
SetEvent
LocalFree
CreateEventW
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
HeapCreate
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
FreeLibrary
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTempPathW
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
GlobalUnlock
Process32NextW
VirtualFree
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
UnmapViewOfFile
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathIsURLW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
SendMessageW
CreateDesktopW
DispatchMessageW
GetCursorPos
ReleaseDC
DefFrameProcW
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
CharToOemW
GetMenuItemID
DrawEdge
GetUserObjectInformationW
GetParent
EqualRect
DefWindowProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
GetSystemMetrics
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
GetMessageA
SwitchDesktop
BeginPaint
DefMDIChildProcW
ReleaseCapture
MapVirtualKeyW
DefMDIChildProcA
GetClipboardData
CharLowerA
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
SetKeyboardState
GetClassLongW
CreateWindowStationW
GetProcessWindowStation
CloseWindowStation
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
GetMenuState
GetDC
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
CallWindowProcA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
SetCursorPos
SystemParametersInfoW
PostMessageW
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
DefDlgProcW
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetQueryOptionW
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetCrackUrlA
HttpAddRequestHeadersW
HttpSendRequestExA
InternetSetOptionA
getaddrinfo
getsockname
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
getpeername
select
recv
send
WSASend
WSAGetLastError
listen
WSAEventSelect
WSASetLastError
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:03:22 15:55:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135680

LinkerVersion
10.0

EntryPoint
0x12214

InitializedDataSize
14848

SubsystemVersion
5.1

ImageVersion
1.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 69628ff34565ee3ce28980e87c9f552d
SHA1 c562c4943f8ec7ea80b65a9cc5b2dea369bb4cd4
SHA256 8f1a93610bf2785daaf842b404d79f307dc15373f60f98507997a560e707845f
ssdeep
3072:Ds73eNsOqxCBCCzJF9SxNw3t6VZvBRwX80o23eyGCTVkgfzhEH:Ds7hOF9Sxe3iXwX8L23eyGahE

authentihash e5dd996f426d7ac80c48ff03f85927b68baa32bee2e006dc890523bbf3b46449
imphash d909c7614be19e8574c919a0d20a7300
File size 141.0 KB ( 144385 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-12-23 09:34:00 UTC ( 2 years, 5 months ago )
Last submission 2014-12-23 09:34:00 UTC ( 2 years, 5 months ago )
File names _012E0000.mem
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests