× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92b063d176d82a2599a9f55f657e914faaf4d850b1ac118757502f896c9476ac
File name: 98fb8d4aa544a328a4dda9ff427fa572
Detection ratio: 42 / 50
Analysis date: 2014-04-08 02:23:59 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.875988 20140408
Yandex TrojanSpy.Zbot!sa9Fv8D1AA0 20140407
AhnLab-V3 Spyware/Win32.Zbot 20140407
AntiVir TR/Spy.ZBot.jhyy 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140407
Avast Win32:Carberp-ANH [Trj] 20140407
AVG Zbot.YP 20140407
Baidu-International Trojan.Win32.Zbot.AX 20140407
BitDefender Trojan.Generic.KDV.875988 20140408
CAT-QuickHeal TrojanPWS.Zbot 20140407
CMC Trojan-Spy.Win32.Zbot!O 20140407
Commtouch W32/Trojan.KURC-0073 20140408
Comodo UnclassifiedMalware 20140408
DrWeb Trojan.PWS.Panda.2401 20140408
Emsisoft Trojan.Generic.KDV.875988 (B) 20140408
ESET-NOD32 Win32/Spy.Zbot.AAO 20140408
F-Secure Trojan.Generic.KDV.875988 20140408
Fortinet W32/Injector.ABXY!tr 20140407
GData Trojan.Generic.KDV.875988 20140408
Ikarus Virus.Win32.Zbot 20140408
Jiangmin TrojanSpy.Zbot.dnnl 20140407
K7AntiVirus Spyware ( 0029a43a1 ) 20140407
K7GW Spyware ( 0029a43a1 ) 20140407
Kaspersky Trojan-Spy.Win32.Zbot.jhyy 20140408
Kingsoft Win32.Troj.Zbot.jh.(kcloud) 20140408
McAfee PWS-Zbot-FAMM!98FB8D4AA544 20140408
McAfee-GW-Edition PWS-Zbot-FAMM!98FB8D4AA544 20140408
Microsoft PWS:Win32/Zbot 20140408
eScan Trojan.Generic.KDV.875988 20140408
NANO-Antivirus Trojan.Win32.Zbot.bjonjs 20140408
Norman Troj_Generic.HWDTS 20140407
nProtect Trojan.Generic.KDV.875988 20140408
Panda Trj/Genetic.gen 20140407
Qihoo-360 HEUR/Malware.QVM19.Gen 20140408
Rising PE:Trojan.Win32.Generic.147E2348!343810888 20140406
Sophos AV Troj/ZBot-EBJ 20140408
Symantec Trojan.Gen 20140408
TotalDefense Win32/Zbot.WbeNGTD 20140407
TrendMicro TROJ_ZBOT.NDF 20140408
TrendMicro-HouseCall TROJ_ZBOT.NDF 20140408
VBA32 TrojanSpy.Zbot 20140407
VIPRE Trojan.Win32.Generic!BT 20140407
AegisLab 20140408
ByteHero 20140408
ClamAV 20140408
F-Prot 20140408
Malwarebytes 20140408
SUPERAntiSpyware 20140408
TheHacker 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-22 23:44:22
Entry Point 0x00001630
Number of sections 3
PE sections
PE imports
InitializeCriticalSection
TerminateProcess
SwitchToThread
EnterCriticalSection
SetUnhandledExceptionFilter
CreateThread
GetModuleHandleA
WaitForSingleObject
GlobalAlloc
RtlMoveMemory
lstrcpyA
SetErrorMode
HeapAlloc
OutputDebugStringA
ExitProcess
LoadLibraryA
GetProcAddress
LeaveCriticalSection
IsPwrHibernateAllowed
IsPwrShutdownAllowed
GetPwrCapabilities
GetActivePwrScheme
TranslateMessage
GetMessageW
DefWindowProcW
PostQuitMessage
DispatchMessageW
OpenClipboard
WintrustGetRegPolicyFlags
ImageEnumerateCertificates
RtlUnwind
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:11:23 00:44:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
235520

LinkerVersion
7.0

FileAccessDate
2014:04:08 03:37:48+01:00

EntryPoint
0x1630

InitializedDataSize
3584

SubsystemVersion
4.0

ImageVersion
84.1

OSVersion
4.0

FileCreateDate
2014:04:08 03:37:48+01:00

UninitializedDataSize
0

File identification
MD5 98fb8d4aa544a328a4dda9ff427fa572
SHA1 e203a927b2458ee04f5816e3efd09bc79f16bee4
SHA256 92b063d176d82a2599a9f55f657e914faaf4d850b1ac118757502f896c9476ac
ssdeep
6144:7UatZW0s6RuUuBflxEcEbaFHiXKROYv+j8XiWaCI0A9qB:IatVs6ROflxyM2Kfv+jyxpOq

imphash 27fae4addc9ae184842fe9128e86a844
File size 237.3 KB ( 243039 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-26 19:28:45 UTC ( 5 years, 9 months ago )
Last submission 2013-02-26 19:28:45 UTC ( 5 years, 9 months ago )
File names 98fb8d4aa544a328a4dda9ff427fa572
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications