× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94c1be1fb94053cf1bed085c7b8a305d29631c0d56f8d0099338318706d7053e
File name: 509e7c03e038e72fa5b457537c3f2c6f3566a93b
Detection ratio: 10 / 57
Analysis date: 2015-06-17 13:52:53 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.PWS.Panda.8087 20150617
ESET-NOD32 Win32/Spy.Zbot.ACB 20150617
Kaspersky Trojan-Spy.Win32.Zbot.vohu 20150617
Microsoft PWS:Win32/Zbot 20150617
Panda Trj/Genetic.gen 20150617
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150617
Sophos AV Mal/Generic-S 20150617
Tencent Trojan.Win32.YY.Gen.7 20150617
TrendMicro TROJ_FORUCON.BMC 20150617
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150617
Ad-Aware 20150617
AegisLab 20150617
Yandex 20150617
AhnLab-V3 20150617
Alibaba 20150616
ALYac 20150617
Antiy-AVL 20150617
Arcabit 20150617
Avast 20150617
AVG 20150617
Avira (no cloud) 20150617
AVware 20150617
Baidu-International 20150617
BitDefender 20150617
Bkav 20150617
ByteHero 20150617
CAT-QuickHeal 20150617
ClamAV 20150617
CMC 20150615
Comodo 20150617
Cyren 20150617
Emsisoft 20150617
F-Prot 20150617
F-Secure 20150617
Fortinet 20150617
GData 20150617
Ikarus 20150617
Jiangmin 20150615
K7AntiVirus 20150617
K7GW 20150617
Kingsoft 20150617
Malwarebytes 20150617
McAfee 20150617
McAfee-GW-Edition 20150616
eScan 20150617
NANO-Antivirus 20150617
nProtect 20150617
Rising 20150617
SUPERAntiSpyware 20150617
Symantec 20150617
TheHacker 20150616
TotalDefense 20150617
VBA32 20150617
VIPRE 20150617
ViRobot 20150617
Zillya 20150617
Zoner 20150617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-02 21:50:37
Entry Point 0x00001000
Number of sections 11
PE sections
Overlays
MD5 53e979547d8c2ea86560ac45de08ae25
File type ASCII text
Offset 281600
Size 1536
Entropy 0.00
PE imports
SetDIBits
GetNearestPaletteIndex
RestoreDC
GdiPlayDCScript
EnumObjects
GetClipBox
GdiStartPageEMF
SetICMProfileA
CloseMetaFile
GetBoundsRect
GetSystemPaletteUse
RemoveFontMemResourceEx
SetStretchBltMode
GdiComment
SelectClipPath
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:08:02 22:50:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
31744

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 caf2f4a97a315c9e06a9fa940baae1fc
SHA1 5000d00114c6e2e12e784e432361a6c5502532dc
SHA256 94c1be1fb94053cf1bed085c7b8a305d29631c0d56f8d0099338318706d7053e
ssdeep
3072:CksSqBzKv5zGtbAybrUIUunGWbJy7qgI:j0BzKv5wxbYp2BIq

authentihash d5e6e4b967bcd90d713fbeef4a2438f31b0122235d9a10ea3000e2204144f4f3
imphash 5805929e5510e656bd3d0b4b8ec0c38d
File size 276.5 KB ( 283136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-16 19:20:20 UTC ( 3 years, 9 months ago )
Last submission 2015-07-24 04:15:34 UTC ( 3 years, 8 months ago )
File names 509e7c03e038e72fa5b457537c3f2c6f3566a93b
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.