× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93371e13ff4b3db752d65d2d17d8394f3d834e89eac9628b828fc76827ce5518
File name: Binary1.exe
Detection ratio: 11 / 45
Analysis date: 2013-04-17 19:56:40 UTC ( 1 year ago )
Antivirus Result Update
BitDefender Trojan.GenericKDZ.14624 20130417
ESET-NOD32 a variant of Win32/Injector.AFJX 20130417
Emsisoft Trojan.Win32.Agent (A) 20130417
Fortinet W32/Jorik.CTPG!tr 20130417
GData Trojan.GenericKDZ.14624 20130417
Kaspersky UDS:DangerousObject.Multi.Generic 20130417
Malwarebytes Trojan.Ransom 20130417
McAfee PWS-Zbot-FAQD!256A2AB30F6D 20130417
McAfee-GW-Edition PWS-Zbot-FAQD!256A2AB30F6D 20130417
MicroWorld-eScan Trojan.GenericKDZ.14624 20130417
TrendMicro-HouseCall TROJ_GEN.F47V0417 20130417
AVG 20130417
Agnitum 20130417
AhnLab-V3 20130417
AntiVir 20130417
Antiy-AVL 20130417
Avast 20130417
ByteHero 20130417
CAT-QuickHeal 20130417
ClamAV 20130417
Commtouch 20130417
Comodo 20130417
F-Prot 20130417
F-Secure 20130417
Ikarus 20130417
Jiangmin 20130417
K7AntiVirus 20130417
K7GW 20130417
Kingsoft 20130415
Microsoft 20130417
NANO-Antivirus 20130417
Norman 20130417
PCTools 20130417
Panda 20130417
SUPERAntiSpyware 20130417
Sophos 20130417
Symantec 20130417
TheHacker 20130416
TotalDefense 20130417
TrendMicro 20130417
VBA32 20130417
VIPRE 20130417
ViRobot 20130417
eSafe 20130415
nProtect 20130417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-09-16 19:34:34
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetObjectA
DeleteDC
GetObjectType
BitBlt
GetStockObject
CreateBitmap
SetPixel
GetDIBits
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
HeapFree
EnterCriticalSection
FreeLibrary
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
FlushFileBuffers
LoadLibraryA
DeleteCriticalSection
GetProcAddress
SetFilePointer
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
HeapReAlloc
WriteConsoleA
InitializeCriticalSection
HeapCreate
Sleep
CreateFileA
HeapAlloc
LeaveCriticalSection
malloc
fabs
floor
memset
fclose
free
ceil
_CIlog
strcpy
sprintf
strlen
memcpy
RevokeDragDrop
RemovePropA
LoadCursorA
LoadIconA
DestroyIcon
UnregisterClassA
GetMenuItemInfoA
SetMenu
SetMenuItemInfoA
DestroyAcceleratorTable
SendMessageA
MessageBoxA
DestroyMenu
FillRect
GetWindow
SetActiveWindow
DestroyWindow
Number of PE resources by type
RT_ICON 1
Struct(257) 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2028:09:16 20:34:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.2

FileAccessDate
2013:04:17 20:56:42+01:00

EntryPoint
0x1000

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:04:17 20:56:42+01:00

UninitializedDataSize
0

File identification
MD5 256a2ab30f6d7dcdcae008588df4ec8c
SHA1 83f9d6b7020a30b7831758163e853361b89a79b2
SHA256 93371e13ff4b3db752d65d2d17d8394f3d834e89eac9628b828fc76827ce5518
ssdeep
768:KGd1868R8Z8s888m8E8Qvp7MupClC989SBLMWa7vOvUi0XG93jgfW+eNwXW2Y/Dg:zTzq+5hRpfvp7MupClCGkp0XG93jgfRx

File size 44.9 KB ( 45960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
VXD Driver (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-17 15:33:07 UTC ( 1 year ago )
Last submission 2013-04-17 19:56:40 UTC ( 1 year ago )
File names 256a2ab30f6d7dcdcae008588df4ec8c_83f9d6b7020a30b7831758163e853361b89a79b2.exe
Binary1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications