× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93c93b8e0c375738e4e5c957c835e02c677004b4bc81df5a5249afb0fbea985c
File name: 1106fb27676a554c53b4882464dbf8f8
Detection ratio: 45 / 56
Analysis date: 2014-12-14 11:37:45 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.28502 20141214
Yandex TrojanSpy.Zbot!IQHwQg11RGo 20141213
AhnLab-V3 Trojan/Win32.Zbot 20141214
ALYac Gen:Variant.Symmi.28502 20141214
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141214
Avast Win32:Zbot-RRQ [Trj] 20141214
AVG PSW.Generic11.BEQO 20141214
Avira (no cloud) TR/Spy.ZBot.5029401 20141213
AVware Trojan.Win32.Zbot.f (v) 20141214
Baidu-International Trojan.Win32.Injector.bAKYD 20141214
BitDefender Gen:Variant.Symmi.28502 20141214
Bkav W32.SysloadyM.Trojan 20141212
CAT-QuickHeal TrojanPWS.Zbot.Gen 20141213
Comodo TrojWare.Win32.Injector.AKIS 20141214
Cyren W32/Trojan.MHDD-2397 20141214
DrWeb BackDoor.Comet.700 20141214
Emsisoft Gen:Variant.Symmi.28502 (B) 20141214
ESET-NOD32 a variant of Win32/Injector.AKYD 20141214
F-Prot W32/Trojan2.NXGJ 20141214
F-Secure Gen:Variant.Symmi.28502 20141214
Fortinet W32/SpyZbot.PVJV!tr 20141213
GData Gen:Variant.Symmi.28502 20141214
Ikarus Trojan-Spy.Zbot 20141214
Jiangmin TrojanSpy.Zbot.fceo 20141213
K7AntiVirus Riskware ( 0040eff71 ) 20141212
K7GW Riskware ( 0040eff71 ) 20141213
Kaspersky HEUR:Trojan.Win32.Generic 20141214
Kingsoft Win32.HeurC.KVM007.a.(kcloud) 20141214
Malwarebytes Trojan.PWS.Zbot 20141214
McAfee PWS-FBII!1106FB27676A 20141214
McAfee-GW-Edition PWS-FBII!1106FB27676A 20141214
Microsoft VirTool:Win32/CeeInject.gen!KK 20141214
eScan Gen:Variant.Symmi.28502 20141214
NANO-Antivirus Trojan.Win32.Comet.crhjqr 20141214
Norman Obfuscated.Z!genr 20141214
nProtect Trojan-Spy/W32.ZBot.502940 20141212
Panda Trj/CI.A 20141214
Qihoo-360 Win32/Trojan.7db 20141214
Sophos Troj/Zbot-FWC 20141214
Symantec Trojan.Zbot!gen58 20141214
Tencent Win32.Trojan.Spy.Dtis 20141214
TheHacker Trojan/Injector.akmu 20141212
VBA32 TrojanSpy.Zbot 20141212
VIPRE Trojan.Win32.Zbot.f (v) 20141214
Zillya Trojan.Zbot.Win32.130008 20141212
AegisLab 20141214
ByteHero 20141214
ClamAV 20141214
CMC 20141212
Rising 20141213
SUPERAntiSpyware 20141213
TotalDefense 20141214
TrendMicro 20141214
TrendMicro-HouseCall 20141214
ViRobot 20141214
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Product S3 Application
Original name S3.EXE
Internal name S3
File version 1, 0, 0, 1
Description S3 MFC Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-31 04:58:35
Entry Point 0x00004720
Number of sections 4
PE sections
PE imports
LocalFree
GetStartupInfoA
GetFileSize
GetModuleHandleA
GetModuleFileNameW
CreateFileW
Sleep
ReadFile
VirtualAlloc
CloseHandle
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(4448)
Ord(3136)
Ord(554)
Ord(642)
Ord(4468)
Ord(5237)
Ord(3350)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5105)
Ord(2383)
Ord(4163)
Ord(4246)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(327)
Ord(3869)
Ord(815)
Ord(2723)
Ord(4676)
Ord(641)
Ord(4428)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(818)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(6565)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(796)
Ord(567)
Ord(4424)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(1859)
Ord(6376)
Ord(2117)
Ord(401)
Ord(1727)
Ord(823)
Ord(2725)
Ord(4998)
Ord(5981)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(3749)
Ord(2512)
Ord(470)
Ord(2087)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(2621)
Ord(6626)
Ord(4077)
Ord(5101)
Ord(4995)
Ord(3262)
Ord(674)
Ord(975)
Ord(1576)
Ord(2880)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(3742)
Ord(4275)
Ord(6117)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(2101)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(807)
Ord(3922)
Ord(4671)
Ord(2445)
Ord(2649)
Ord(976)
Ord(4376)
Ord(1776)
Ord(402)
Ord(6619)
Ord(6000)
Ord(324)
Ord(2391)
Ord(3830)
Ord(2385)
Ord(1233)
Ord(5871)
Ord(2878)
Ord(3079)
Ord(5255)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(4427)
Ord(5012)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(620)
Ord(3403)
Ord(4622)
Ord(561)
Ord(2390)
Ord(5102)
Ord(6491)
Ord(2879)
Ord(4486)
Ord(529)
Ord(4698)
Ord(5254)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4152)
Ord(4153)
Ord(4458)
Ord(5302)
Ord(2382)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
_adjust_fdiv
__p__commode
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
LoadAcceleratorsA
LoadCursorA
UpdateWindow
EnableWindow
LoadMenuA
SendMessageA
MessageBoxA
Number of PE resources by type
RT_STRING 11
RT_ICON 10
RT_DIALOG 2
RT_MENU 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
NEUTRAL 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
319488

ImageVersion
0.0

ProductName
S3 Application

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
S3.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2013:07:31 05:58:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
S3

FileAccessDate
2014:12:14 12:37:51+01:00

ProductVersion
1, 0, 0, 1

FileDescription
S3 MFC Application

OSVersion
4.0

FileCreateDate
2014:12:14 12:37:51+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x4720

ObjectFileType
Executable application

File identification
MD5 1106fb27676a554c53b4882464dbf8f8
SHA1 44b7b787178105e017caae529c03f0014decf433
SHA256 93c93b8e0c375738e4e5c957c835e02c677004b4bc81df5a5249afb0fbea985c
ssdeep
6144:YevHoyoMGGGGGGGGGGbGGGGGGGGGG6GG/DGXxeXJE85PmWyVcjUkdHbIIA93yHwO:NvZKHjlUyHwVZZdxl5AzN

authentihash be00f65a428a3b375ed00d13da5c68ace4a41f9eed7d99eaa3a43992d3cc5af8
imphash 114f0db4b15f7cce14063a78814d1605
File size 491.2 KB ( 502940 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-14 11:37:45 UTC ( 2 years, 3 months ago )
Last submission 2014-12-14 11:37:45 UTC ( 2 years, 3 months ago )
File names S3
1106fb27676a554c53b4882464dbf8f8
S3.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.