× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98e29282d322a55238379042d3c683e0f7e59829d2a3d51f0659322e07e5443f
File name: 98e29282d322a55238379042d3c683e0f7e59829d2a3d51f0659322e07e5443f.exe
Detection ratio: 41 / 56
Analysis date: 2016-10-08 19:18:48 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.64402 20161008
AegisLab Troj.Spy.W32.Zbot!c 20161008
AhnLab-V3 Trojan/Win32.MDA.N1422530785 20161008
ALYac Gen:Variant.Symmi.64402 20161008
Antiy-AVL Trojan[Spy]/Win32.Zbot 20161008
Arcabit Trojan.Symmi.DFB92 20161008
Avast Win32:Evo-gen [Susp] 20161008
AVG Zbot.ZQX 20161008
Avira (no cloud) TR/Spy.ZBot.233624 20161008
AVware Trojan.Win32.Generic.pak!cobra 20161008
Baidu Win32.Trojan.WisdomEyes.151026.9950.9986 20161001
BitDefender Gen:Variant.Symmi.64402 20161008
CAT-QuickHeal TrojanPWS.Zbot.LB8 20161008
Comodo UnclassifiedMalware 20161007
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.LEDI-2297 20161008
Emsisoft Gen:Variant.Symmi.64402 (B) 20161008
ESET-NOD32 Win32/Spy.Zbot.YW 20161008
F-Secure Gen:Variant.Symmi.64402 20161008
Fortinet W32/Zbot.UZDY!tr 20161008
GData Gen:Variant.Symmi.64402 20161008
Ikarus Trojan-Spy.Agent 20161008
Sophos ML worm.win32.rebhip.z 20160928
Jiangmin TrojanSpy.Zbot.ewoo 20161008
K7AntiVirus Spyware ( 004b8a241 ) 20161008
K7GW Spyware ( 004b8a241 ) 20161008
Kaspersky Trojan-Spy.Win32.Zbot.uzdy 20161008
McAfee Generic-FAWI!65379E466920 20161008
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20161008
Microsoft Backdoor:Win32/NetWiredRC 20161008
eScan Gen:Variant.Symmi.64402 20161008
NANO-Antivirus Trojan.Win32.Zbot.dnqjlh 20161008
Panda Trj/Genetic.gen 20161008
Qihoo-360 Win32/Trojan.Spy.85f 20161008
Rising Malware.Generic!ll1K6UuJazP@4 (thunder) 20161008
Sophos AV Mal/Generic-S 20161008
Symantec Heur.AdvML.B 20161008
Tencent Win32.Trojan.Inject.Auto 20161008
VIPRE Trojan.Win32.Generic.pak!cobra 20161008
Yandex TrojanSpy.Zbot!YINcunN7J4o 20161008
Zillya Trojan.Zbot.Win32.185532 20161007
Alibaba 20161008
Bkav 20161011
ClamAV 20161008
CMC 20161003
DrWeb 20161008
F-Prot 20161008
Kingsoft 20161008
Malwarebytes 20161008
nProtect 20161008
SUPERAntiSpyware 20161007
TheHacker 20161008
TrendMicro 20161008
TrendMicro-HouseCall 20161008
VBA32 20161007
ViRobot 20161008
Zoner 20161008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009684
Number of sections 8
PE sections
Overlays
MD5 f0cf4259b9d84b096c5292c4a68ca0b0
File type data
Offset 230912
Size 2712
Entropy 7.73
PE imports
FreeLibrary
HeapAlloc
HeapFree
RaiseException
RtlUnwind
WritePrivateProfileStringA
LocalAlloc
GetModuleHandleA
GetPrivateProfileIntA
Beep
TlsGetValue
ExitProcess
TlsSetValue
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
VirtualAlloc
GetCurrentThreadId
GetProcessHeap
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
InitCommonControls
SetROP2
DeleteDC
SetBkMode
GetTextExtentPoint32A
MoveToEx
GetStockObject
CreateFontIndirectA
ExtTextOutA
CreateSolidBrush
SelectObject
SetBkColor
SelectClipRgn
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
BitBlt
SetFocus
EndPaint
UpdateWindow
SetPropA
DestroyWindow
CreateAcceleratorTableA
OffsetRect
GetCapture
RemovePropA
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
FillRect
GetPropA
SetWindowPos
EnableMenuItem
IsWindow
GetWindowRect
InflateRect
ScreenToClient
SetMenu
PostMessageA
SetMenuItemInfoA
CreatePopupMenu
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetSysColor
CheckMenuRadioItem
GetDC
InsertMenuItemA
ReleaseDC
WaitMessage
SetWindowTextA
GetKeyState
DestroyIcon
UnregisterClassA
DeleteMenu
CopyImage
IsWindowVisible
IsZoomed
SendMessageA
GetWindowTextA
GetClientRect
CreateMenu
GetClassInfoA
BeginPaint
IsIconic
RegisterClassA
GetClassLongA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
ClientToScreen
TranslateAcceleratorA
DestroyAcceleratorTable
DispatchMessageA
CallWindowProcA
GetSystemMenu
GetFocus
GetMenuItemInfoA
SetForegroundWindow
WindowFromDC
SetCursor
ioctlsocket
htons
socket
closesocket
inet_addr
send
WSAAsyncSelect
WSAStartup
gethostbyname
ntohs
inet_ntoa
connect
WSASetLastError
WSACleanup
recv
gethostbyaddr
WSAGetLastError
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34816

LinkerVersion
2.25

EntryPoint
0x9684

InitializedDataSize
11776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 65379e466920c3da19bb0f6f54703b9b
SHA1 74b246619a58c3a7f3a0808502cb803451633b80
SHA256 98e29282d322a55238379042d3c683e0f7e59829d2a3d51f0659322e07e5443f
ssdeep
6144:DddYfFsxT+VNwxOlWPD0kB2n3876SV8qKjWB6VL8Klj4rg/SClR:Dduf2SGxOkUns7qqlB6xl2g/SCr

authentihash 63c5131b6ab5568cb7946f83e01a06882bba0d113590f0ef9ee65ff5604a66a0
imphash 7cd269c9b6026d2f1c4e9d24d746bf5e
File size 228.1 KB ( 233624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.2%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.8%)
Win16/32 Executable Delphi generic (6.8%)
Generic Win/DOS Executable (6.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-17 19:51:55 UTC ( 4 years ago )
Last submission 2015-03-23 07:17:50 UTC ( 3 years, 11 months ago )
File names 98e29282d322a55238379042d3c683e0f7e59829d2a3d51f0659322e07e5443f.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs