× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 910867edf5ecfbd46728a173314e73608ffcb8e97feddc8ded46a65073ed223b
File name: 813926189A6D015195EAA5C400C78DA4.exe
Detection ratio: 45 / 57
Analysis date: 2016-11-06 20:53:51 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.37314 20161106
AegisLab DangerousObject.Multi.Generic!c 20161106
AhnLab-V3 Trojan/Win32.ADH.N1063646878 20161106
ALYac Gen:Variant.Symmi.37314 20161106
Antiy-AVL Trojan[Spy]/Win32.Zbot 20161106
Arcabit Trojan.Symmi.D91C2 20161106
Avast Win32:Evo-gen [Susp] 20161106
AVG PSW.Generic12.TGD 20161106
Avira (no cloud) TR/Graftor.125428.7 20161106
AVware Trojan.Win32.Generic!BT 20161106
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161104
BitDefender Gen:Variant.Symmi.37314 20161106
CAT-QuickHeal TrojanSpy.Zbot 20161105
Comodo TrojWare.Win32.Injector.AUHI 20161106
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.PWS.UFR.3470 20161106
Emsisoft Gen:Variant.Symmi.37314 (B) 20161106
ESET-NOD32 a variant of Win32/Injector.AUCX 20161106
F-Secure Gen:Variant.Symmi.37314 20161106
Fortinet W32/Injector.AVJF!tr 20161106
GData Gen:Variant.Symmi.37314 20161106
Ikarus Trojan.Win32.Dynamer 20161106
Invincea generic.a 20161018
Jiangmin TrojanSpy.Zbot.eahi 20161106
K7AntiVirus Riskware ( 0040eff71 ) 20161106
K7GW Riskware ( 0040eff71 ) 20161106
Kaspersky HEUR:Trojan.Win32.Generic 20161106
Kingsoft Win32.Troj.Zbot.ra.(kcloud) 20161106
Malwarebytes Trojan.Agent.NV 20161106
McAfee PWS-Zbot.dx 20161106
McAfee-GW-Edition PWS-Zbot.dx 20161106
eScan Gen:Variant.Symmi.37314 20161106
NANO-Antivirus Trojan.Win32.Zbot.csbjyp 20161106
nProtect Trojan-Spy/W32.ZBot.244083 20161106
Panda Trj/CI.A 20161106
Qihoo-360 Win32/Trojan.Spy.7ee 20161106
Rising Malware.Generic!T4XcQHTK2AP@5 (thunder) 20161106
Sophos Mal/Generic-S 20161106
Symantec Trojan.Gen 20161106
Tencent Win32.Trojan.Generic.Dxcr 20161106
TheHacker Trojan/LockScreen.yl 20161106
VBA32 TrojanSpy.Zbot 20161105
VIPRE Trojan.Win32.Generic!BT 20161106
Yandex TrojanSpy.Zbot!0J9W92k+5W0 20161105
Zillya Trojan.Zbot.Win32.145628 20161105
Alibaba 20161104
Bkav 20161105
ClamAV 20161106
CMC 20161106
Cyren 20161106
F-Prot 20161106
Microsoft 20161106
SUPERAntiSpyware 20161106
TotalDefense 20161106
TrendMicro 20161106
TrendMicro-HouseCall 20161106
ViRobot 20161106
Zoner 20161106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-21 19:57:11
Entry Point 0x0000B2CB
Number of sections 3
PE sections
Overlays
MD5 97376bd8ac25c77a031bbc896b627f4d
File type data
Offset 73728
Size 170355
Entropy 6.52
PE imports
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
VirtualProtect
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
QueryPerformanceCounter
HeapCreate
VirtualQuery
VirtualFree
GetFileType
GetTickCount
HeapAlloc
GetCurrentThreadId
VirtualAlloc
MessageBoxW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:12:21 19:57:11+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
7.1

EntryPoint
0xb2cb

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 813926189a6d015195eaa5c400c78da4
SHA1 cd1cefa4c2154033107aa628f1622aa63157b6de
SHA256 910867edf5ecfbd46728a173314e73608ffcb8e97feddc8ded46a65073ed223b
ssdeep
3072:xe5ZlS4vKz71T1kTQkLSx1bimUVqmQUufAqWo8k+2/Umckv:xevvO1WQx0QfYqW2/UO

authentihash cb67b6db1c8ffd6ca1a60eaecde03f2808567a76b37c711c8a842c678ce9b9d1
imphash 575fab8ff5631f1d4552869ebbfebccb
File size 238.4 KB ( 244083 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-12-23 13:56:49 UTC ( 3 years, 3 months ago )
Last submission 2016-11-06 20:53:51 UTC ( 4 months, 2 weeks ago )
File names cd1cefa4c2154033107aa628f1622aa63157b6de
813926189A6D015195EAA5C400C78DA4.exe
bot.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.