× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98acede249b7517f2743e1d1df71d3b0b7bd711c6065a0c3c7d3eadd8e0d0450
File name: vt-upload-N4ClM
Detection ratio: 23 / 54
Analysis date: 2014-08-23 23:17:09 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.663 20140823
Yandex TrojanSpy.Zbot!Q9RK4/IBrws 20140823
AntiVir TR/Spy.ZBot.EB.119 20140823
AVG PSW.Generic8.BQWQ.dropper 20140823
BitDefender Gen:Variant.Strictor.663 20140823
Bkav W32.OnGameT2KSULAE.Trojan 20140821
Comodo TrojWare.Win32.Spy.Zbot.BPOE 20140823
Emsisoft Gen:Variant.Strictor.663 (B) 20140823
ESET-NOD32 Win32/Spy.Zbot.YW 20140823
F-Prot W32/A-85c4ff98!Eldorado 20140823
F-Secure Gen:Variant.Strictor.663 20140823
GData Gen:Variant.Strictor.663 20140823
Kaspersky Trojan-Spy.Win32.Zbot.bopd 20140823
Malwarebytes Trojan.Zbot 20140823
McAfee Artemis!17818D9EAAA4 20140823
eScan Gen:Variant.Strictor.663 20140823
Rising PE:Malware.FakePDF@CV!1.6AB2 20140823
SUPERAntiSpyware Trojan.Agent/Gen-Dynamer 20140823
Tencent Win32.Trojan-spy.Zbot.Dyqj 20140824
TrendMicro TROJ_GEN.R0CBC0UHL14 20140823
TrendMicro-HouseCall TROJ_GEN.R0CBC0UHL14 20140823
VBA32 SScope.Trojan.FakeAV.01110 20140822
VIPRE Trojan.Win32.Generic.pak!cobra 20140823
AegisLab 20140823
AhnLab-V3 20140823
Antiy-AVL 20140823
Avast 20140823
Baidu-International 20140823
ByteHero 20140824
CAT-QuickHeal 20140823
ClamAV 20140824
CMC 20140822
Commtouch 20140823
DrWeb 20140823
Fortinet 20140823
Ikarus 20140823
Jiangmin 20140823
K7AntiVirus 20140822
K7GW 20140822
Kingsoft 20140824
McAfee-GW-Edition 20140823
Microsoft 20140823
NANO-Antivirus 20140823
Norman 20140823
nProtect 20140822
Panda 20140823
Qihoo-360 20140824
Sophos 20140823
Symantec 20140823
TheHacker 20140822
TotalDefense 20140823
ViRobot 20140823
Zillya 20140822
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-03 15:11:52
Entry Point 0x000294F4
Number of sections 4
PE sections
Number of PE resources by type
RT_DIALOG 4
RT_ACCELERATOR 1
RT_ICON 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
File identification
MD5 17818d9eaaa47d94960cb48298619070
SHA1 046a2624fb288a2d342b1e43ea91164d872a84d4
SHA256 98acede249b7517f2743e1d1df71d3b0b7bd711c6065a0c3c7d3eadd8e0d0450
ssdeep
12288:+YgFKpUEqkCPsBNkqQ5Cz9HJqnuENKkaw4fA:j6EqkCEBNkqQ5Cv+udw4fA

imphash 8c2569b7ea105c161af93da6bcc0dfa4
File size 733.5 KB ( 751072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-23 23:17:09 UTC ( 2 years, 10 months ago )
Last submission 2014-08-23 23:17:09 UTC ( 2 years, 10 months ago )
File names vt-upload-N4ClM
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests