× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93ae873b4da4e7c862e6e16c9d6f73ad69ac2f93c6dc3164c123b5e8ae54800d
File name: 02e973e66d66522fecf06ed5b6778b25
Detection ratio: 26 / 57
Analysis date: 2015-02-02 07:15:02 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.50486 20150202
ALYac Gen:Variant.Symmi.50486 20150202
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150202
Avast Win32:Crypt-RSO [Trj] 20150202
AVG Zbot.XGS 20150202
Avira (no cloud) TR/Crypt.ZPACK.123411 20150201
AVware Trojan.Win32.Generic!BT 20150202
Baidu-International Trojan.Win32.Zbot.ACc 20150130
BitDefender Gen:Variant.Symmi.50486 20150202
Bkav HW32.Packed.D8D1 20150202
Cyren W32/PWS.SBTJ-8629 20150202
DrWeb Trojan.Siggen6.29359 20150202
Emsisoft Gen:Variant.Symmi.50486 (B) 20150202
ESET-NOD32 Win32/Spy.Zbot.ACB 20150202
F-Secure Gen:Variant.Symmi.50486 20150201
GData Gen:Variant.Symmi.50486 20150202
Kaspersky Trojan-Spy.Win32.Zbot.uxkc 20150202
Malwarebytes Trojan.Agent.ED 20150201
McAfee RDN/Generic PWS.y!bcp 20150202
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20150202
eScan Gen:Variant.Symmi.50486 20150202
NANO-Antivirus Trojan.Win32.Zbot.dnczkk 20150202
Panda Trj/Chgt.O 20150201
Qihoo-360 Win32/Trojan.adb 20150202
Sophos AV Mal/Generic-S 20150202
VIPRE Trojan.Win32.Generic!BT 20150202
AegisLab 20150202
Yandex 20150201
AhnLab-V3 20150202
Alibaba 20150201
ByteHero 20150202
CAT-QuickHeal 20150202
ClamAV 20150202
CMC 20150129
Comodo 20150202
F-Prot 20150202
Fortinet 20150202
Ikarus 20150202
Jiangmin 20150131
K7AntiVirus 20150202
K7GW 20150130
Kingsoft 20150202
Microsoft 20150202
Norman 20150202
nProtect 20150130
Rising 20150130
SUPERAntiSpyware 20150201
Symantec 20150202
Tencent 20150202
TheHacker 20150131
TotalDefense 20150201
TrendMicro 20150202
TrendMicro-HouseCall 20150202
VBA32 20150129
ViRobot 20150202
Zillya 20150202
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-28 15:48:57
Entry Point 0x0001309C
Number of sections 4
PE sections
PE imports
RegisterServiceCtrlHandlerA
ClusterRegQueryInfoKey
ClusterResourceCloseEnum
OpenClusterNode
OfflineClusterResource
AddClusterResourceDependency
ChangeClusterResourceGroup
SetClusterNetworkPriorityOrder
ClusterRegGetKeySecurity
ClusterNodeControl
CloseClusterResource
CloseClusterNetwork
GetClusterNodeKey
ClusterNetworkEnum
GetClusterNodeId
ImageList_GetDragImage
Ord(16)
GetTextAlign
GetCharWidthW
ImageGetDigestStream
FindExecutableImage
SearchTreeForFile
UnmapDebugInformation
SymGetLineNext
SplitSymbols
MapFileAndCheckSumA
SymInitialize
GetImageUnusedHeaderBytes
ImageGetCertificateData
ImageEnumerateCertificates
ImageAddCertificate
MakeSureDirectoryPathExists
FindDebugInfoFile
ImageNtHeader
GetImageConfigInformation
BindImage
SymSetSearchPath
GetStartupInfoA
GetModuleHandleA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__getmainargs
__p__commode
__setusermatherr
exit
_XcptFilter
memcmp
_initterm
_exit
_controlfp
__set_app_type
SafeArrayGetLBound
VarUI2FromDec
VarDecRound
SafeArrayAllocDescriptor
LHashValOfNameSysA
VarDecInt
VarI2FromUI2
OleLoadPictureEx
SafeArrayCopyData
VarI2FromCy
DispInvoke
SafeArrayAllocData
RasEnumDevicesA
SetupDiRegisterDeviceInfo
SHGetPathFromIDListW
UnregisterHotKey
GetKeyboardLayoutList
DefFrameProcW
TranslateMessage
FtpFindFirstFileA
FtpRemoveDirectoryW
InternetSetCookieA
GetUrlCacheEntryInfoExW
HttpSendRequestExW
RetrieveUrlCacheEntryFileA
GopherGetAttributeW
InternetHangUp
FtpRemoveDirectoryA
InternetGetConnectedState
InternetErrorDlg
SetUrlCacheEntryGroup
RetrieveUrlCacheEntryFileW
GetUrlCacheEntryInfoExA
HttpOpenRequestW
GetUrlCacheEntryInfoA
InternetGetCookieW
GopherOpenFileA
GopherFindFirstFileW
InternetCloseHandle
FtpDeleteFileW
InternetGetCookieA
InternetSetOptionExA
InternetGetLastResponseInfoW
FtpRenameFileW
FindFirstUrlCacheEntryExW
FtpSetCurrentDirectoryA
InternetCheckConnectionA
HttpQueryInfoA
InternetCheckConnectionW
InternetReadFileExA
FindCloseUrlCache
InternetOpenUrlA
FtpGetCurrentDirectoryA
InternetOpenA
InternetSetDialState
InternetSetOptionW
FtpOpenFileW
FindNextUrlCacheEntryExA
auxGetDevCapsA
OleDraw
CoAddRefServerProcess
GetConvertStg
CoDisconnectObject
OleCreateLinkToFileEx
HWND_UserFree
HBITMAP_UserUnmarshal
CreatePointerMoniker
CoFreeLibrary
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
RUSSIAN 1
PE resources
File identification
MD5 02e973e66d66522fecf06ed5b6778b25
SHA1 bf47d157b5159614c94d4a54049a476ee63de356
SHA256 93ae873b4da4e7c862e6e16c9d6f73ad69ac2f93c6dc3164c123b5e8ae54800d
ssdeep
6144:J0hW60xnW9qJw1HalNWlzR96xxVkunSnPZ7:cWhF1WcNSEkuqZ7

authentihash b85384ad245fa95d792669bd7affb1faf90dc244c2a25d01d08611e68c032a6c
imphash da7379305e85351c22855c8ba5acdbeb
File size 225.0 KB ( 230434 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 07:15:02 UTC ( 4 years, 1 month ago )
Last submission 2015-02-02 07:15:02 UTC ( 4 years, 1 month ago )
File names 93ae873b4da4e7c862e6e16c9d6f73ad69ac2f93c6dc3164c123b5e8ae54800d.exe
02e973e66d66522fecf06ed5b6778b25
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.