× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92f30749a174019f51fd3a43fa34c82fb586dded2c27a3af2288ac0c52bdecad
File name: f2c1cab460fd8018856ab982570835fc
Detection ratio: 40 / 51
Analysis date: 2014-04-08 02:39:33 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.876978 20140408
Yandex TrojanSpy.Zbot!QZ5PMDt1aWQ 20140407
AhnLab-V3 Spyware/Win32.Zbot 20140407
AntiVir TR/Agent.249344569 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140407
Avast Win32:Zbot-QOP [Trj] 20140407
AVG PSW.Generic10.BXSU 20140407
Baidu-International Trojan.Win32.Zbot.AZN 20140407
BitDefender Trojan.Generic.KDV.876978 20140408
Bkav W32.Clodb2f.Trojan.e746 20140407
Comodo UnclassifiedMalware 20140408
DrWeb Trojan.PWS.Panda.2982 20140408
Emsisoft Trojan.Generic.KDV.876978 (B) 20140408
ESET-NOD32 Win32/Spy.Zbot.AAO 20140408
F-Prot W32/Zbot.LE3.gen!Eldorado 20140408
F-Secure Trojan.Generic.KDV.876978 20140408
Fortinet W32/Kryptik.AUFB!tr 20140407
GData Trojan.Generic.KDV.876978 20140408
Ikarus Trojan-Spy.Win32.Zbot 20140408
Jiangmin TrojanSpy.Zbot.dnfg 20140407
K7AntiVirus Riskware ( 0040eff71 ) 20140407
K7GW Riskware ( 0040eff71 ) 20140407
Kaspersky Trojan-Spy.Win32.Zbot.jhqn 20140408
Malwarebytes Virus.Expiro 20140408
McAfee Artemis!F2C1CAB460FD 20140408
McAfee-GW-Edition Artemis!F2C1CAB460FD 20140408
Microsoft PWS:Win32/Zbot 20140408
eScan Trojan.Generic.KDV.876978 20140408
NANO-Antivirus Trojan.Win32.Zbot.bronaf 20140408
Norman Troj_Generic.HVKUV 20140407
nProtect Trojan-Spy/W32.ZBot.249344.AC 20140408
Panda Trj/Genetic.gen 20140407
Qihoo-360 HEUR/Malware.QVM07.Gen 20140408
Rising PE:Trojan.Win32.Generic.1442D428!339924008 20140406
Sophos AV Troj/Agent-AAIV 20140408
SUPERAntiSpyware Trojan.Agent/Gen-Festo 20140408
Symantec WS.Reputation.1 20140408
TotalDefense Win32/Zbot.VLTBNIC 20140407
VBA32 TrojanSpy.Zbot 20140407
VIPRE Trojan.Win32.Zbot.ma!ag (v) 20140407
AegisLab 20140408
ByteHero 20140408
CAT-QuickHeal 20140407
ClamAV 20140408
CMC 20140407
Commtouch 20140408
Kingsoft 20140408
TheHacker 20140407
TrendMicro 20140408
TrendMicro-HouseCall 20140408
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-25 11:49:34
Entry Point 0x0002AC14
Number of sections 4
PE sections
PE imports
RegEnumKeyA
LockFileEx
PeekNamedPipe
HeapFree
BuildCommDCBAndTimeoutsA
LCMapStringW
SetCommBreak
GetThreadPriorityBoost
GetOverlappedResult
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
SetFileApisToANSI
BuildCommDCBW
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
EndUpdateResourceA
WaitForSingleObjectEx
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
FileTimeToLocalFileTime
GetEnvironmentStrings
LocalFileTimeToFileTime
FreeEnvironmentStringsW
LocalAlloc
SetHandleCount
UnhandledExceptionFilter
SetFileTime
OpenFileMappingA
ExitProcess
SetErrorMode
MultiByteToWideChar
VirtualLock
GetCPInfo
GetCommandLineA
GetProcAddress
GetPrivateProfileIntW
lstrcpynW
WriteFile
lstrcpyW
GlobalAddAtomW
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
GetExitCodeThread
GlobalFlags
lstrcpyA
GetCurrentProcess
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
SetCommTimeouts
SetFileAttributesA
GetSystemTimeAdjustment
MoveFileA
TerminateProcess
RtlUnwind
_hwrite
InitializeCriticalSection
HeapCreate
OpenEventW
VirtualFree
GetLogicalDriveStringsW
FindAtomA
Sleep
GetFileType
LocalShrink
GetVersion
VirtualAlloc
LoadLibraryExW
LeaveCriticalSection
Number of PE resources by type
RT_DIALOG 20
RT_MENU 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:25 12:49:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
181760

LinkerVersion
6.0

FileAccessDate
2014:04:08 03:55:16+01:00

EntryPoint
0x2ac14

InitializedDataSize
67584

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:08 03:55:16+01:00

UninitializedDataSize
0

File identification
MD5 f2c1cab460fd8018856ab982570835fc
SHA1 3b6fc39a71a09a13362f92c1a2368ec09a1166f8
SHA256 92f30749a174019f51fd3a43fa34c82fb586dded2c27a3af2288ac0c52bdecad
ssdeep
6144:nwqS8ZVPESzHfXGMNsEG6onUBYvXeNwP42u:woNbzv9aDzeOP42u

imphash c7e136e1037ff3839c754e2d9b70d5a5
File size 243.5 KB ( 249344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-02-26 11:48:37 UTC ( 5 years, 9 months ago )
Last submission 2013-02-26 11:48:37 UTC ( 5 years, 9 months ago )
File names f2c1cab460fd8018856ab982570835fc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications