× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a542f62501df56c93a432586cc37577925ea6943a359c7addcb3ba82fc751a5
File name: a
Detection ratio: 50 / 56
Analysis date: 2015-07-27 17:02:50 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Dropper.UZA 20150727
Yandex TrojanSpy.Zbot!CwbsN6FvcGo 20150727
AhnLab-V3 Win-Trojan/Zbot.324608.N 20150727
ALYac Trojan.Dropper.UZA 20150727
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150727
Arcabit Trojan.Dropper.UZA 20150727
Avast Win32:Malware-gen 20150727
AVG PSW.Generic10.BKGT 20150727
Avira (no cloud) TR/PSW.Zbot.8322 20150727
AVware Trojan.Win32.Generic!BT 20150727
Baidu-International Trojan.Win32.Zbot.aUZ 20150727
BitDefender Trojan.Dropper.UZA 20150727
Bkav HW32.Packed.3B34 20150727
ByteHero Virus.Win32.Heur.p 20150727
CAT-QuickHeal VirTool.VBInject 20150727
Comodo UnclassifiedMalware 20150727
Cyren W32/Zbot.QEUP-6109 20150727
DrWeb Trojan.PWS.Panda.3035 20150727
Emsisoft Trojan.Dropper.UZA (B) 20150727
ESET-NOD32 Win32/Spy.Zbot.AAO 20150727
F-Prot W32/Zbot.BMX 20150727
F-Secure Trojan.Dropper.UZA 20150727
Fortinet W32/Zbot.AAO!tr 20150727
GData Trojan.Dropper.UZA 20150727
Ikarus Trojan-PWS.Win32.Zbot 20150727
Jiangmin TrojanSpy.Zbot.dafv 20150726
K7AntiVirus Spyware ( 0029a43a1 ) 20150727
K7GW Spyware ( 0029a43a1 ) 20150727
Kaspersky Trojan-Spy.Win32.Zbot.ijzk 20150727
Kingsoft Win32.Troj.Zbot.ij.(kcloud) 20150727
Malwarebytes Trojan.Agent.SZ 20150727
McAfee PWS-Zbot.gen.oj 20150727
McAfee-GW-Edition BehavesLike.Win32.VBObfus.fc 20150726
Microsoft PWS:Win32/Zbot 20150727
eScan Trojan.Dropper.UZA 20150727
NANO-Antivirus Trojan.Win32.Panda.bfmmjo 20150727
nProtect Trojan-Spy/W32.ZBot.324608.AK 20150727
Panda Trj/Agent.IVN 20150727
Qihoo-360 HEUR/Malware.QVM03.Gen 20150727
Rising PE:Trojan.Win32.Generic.140B306D!336277613 20150722
Sophos AV Troj/Agent-ZTX 20150727
Symantec Trojan.Zbot 20150727
Tencent Win32.Trojan-spy.Zbot.Wrqh 20150727
TotalDefense Win32/Zbot.GUR 20150727
TrendMicro TSPY_ZBOT.JFI 20150727
TrendMicro-HouseCall TSPY_ZBOT.JFI 20150727
VBA32 TrojanSpy.Zbot 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
Zillya Trojan.Zbot.Win32.100335 20150727
Zoner Trojan.Zbot.AAO 20150727
AegisLab 20150727
Alibaba 20150727
ClamAV 20150727
SUPERAntiSpyware 20150727
TheHacker 20150723
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Can anyone test

Publisher you have a pm
Product Unread 0
Original name a.exe
Internal name a
File version 1.01.0407
Comments I m in computer class now
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-20 19:18:50
Entry Point 0x000012F8
Number of sections 3
PE sections
Overlays
MD5 8d939bae3014c79ee1b289cbbebce0f8
File type data
Offset 323584
Size 1024
Entropy 7.82
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaFpUI1
__vbaCyI2
_CIcos
EVENT_SINK_QueryInterface
__vbaI4Cy
Ord(713)
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaAryMove
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaRefVarAry
_adj_fdivr_m16i
__vbaUbound
EVENT_SINK_Release
Ord(581)
_adj_fdiv_r
Ord(100)
__vbaAryLock
_CItan
__vbaFreeVar
__vbaObjSetAddref
__vbaFixstrConstruct
__vbaAryConstruct2
__vbaInStr
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_allmul
__vbaStrVarVal
__vbaLsetFixstr
Ord(595)
_adj_fptan
__vbaVarDup
Ord(628)
__vbaAryUnlock
__vbaVar2Vec
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 8
RESB 1
RT_BITMAP 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
I m in computer class now

InitializedDataSize
278528

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.407

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x12f8

OriginalFileName
a.exe

MIMEType
application/octet-stream

LegalCopyright
Can anyone test

FileVersion
1.01.0407

TimeStamp
2013:01:20 20:18:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
a

ProductVersion
1.01.0407

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
you have a pm

CodeSize
45056

ProductName
Unread 0

ProductVersionNumber
1.1.0.407

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 dc2b9b72189957c8d3ce9d15d0f35bf1
SHA1 7d5d1d90f7e1ad1d124e1ead3f8ceaed84c480b3
SHA256 9a542f62501df56c93a432586cc37577925ea6943a359c7addcb3ba82fc751a5
ssdeep
6144:iU+GqlVb8kAVRg7YIN0DzsQR1SN+cO1AI9oRomFCU+Gqk:ylVblAVR8NxQRAN+c+AI9Lk

authentihash 3adee522c31b1668183f21f4486cd6a00900c0193a4b8887391051b79d605241
imphash 3a47f73b00220f0a3f9baf5a55428e26
File size 317.0 KB ( 324608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-01-22 12:59:40 UTC ( 5 years, 5 months ago )
Last submission 2015-06-12 10:30:00 UTC ( 3 years ago )
File names a
ssl_cert_logmein.scr.txt
test23335423819911.bin
test2531636179111.bin
850590.malware
ssl_cert_logmein.scr
ssl_cert_logmein.exe
contact.php-x-msdownload
test31126183814074.bin
005124976
test76183642683891.bin
dc2b9b72189957c8d3ce9d15d0f35bf1
ssl_cert_logmein.scr
test63077211094663.bin
a.exe
test35664042080929.bin
test94086885402978.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.