× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ab715239fde372eeea369b5f6cdd297220a0ed3a4723fdf1d2b6f9ace34601f
File name: vt-upload-sXTWn
Detection ratio: 27 / 53
Analysis date: 2014-08-14 08:18:46 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.150732 20140814
Yandex TrojanSpy.Zbot!zBEfgCLNblk 20140813
AhnLab-V3 Trojan/Win32.ZBot 20140814
AntiVir TR/PSW.Zbot.16249 20140814
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140814
Avast Win32:Malware-gen 20140814
AVG Zbot.MMO 20140814
AVware Trojan.Win32.Generic!BT 20140814
BitDefender Gen:Variant.Graftor.150732 20140814
Bkav HW32.Laneul.imcc 20140813
Commtouch W32/Trojan.JOYZ-7278 20140814
Emsisoft Gen:Variant.Graftor.150732 (B) 20140814
ESET-NOD32 Win32/Spy.Zbot.AAO 20140814
F-Secure Gen:Variant.Graftor.150732 20140814
Fortinet W32/Zbot.AAO!tr.spy 20140814
GData Gen:Variant.Graftor.150732 20140814
Kaspersky Trojan-Spy.Win32.Zbot.ttek 20140814
Kingsoft Win32.Troj.Zbot.tt.(kcloud) 20140814
Malwarebytes Trojan.FakeMS.ED 20140814
McAfee RDN/Spybot.bfr!n 20140814
Microsoft PWS:Win32/Zbot 20140814
eScan Gen:Variant.Graftor.150732 20140814
Qihoo-360 HEUR/Malware.QVM20.Gen 20140814
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140813
Sophos AV Mal/Generic-S 20140814
TrendMicro-HouseCall TROJ_GEN.R011C0DHB14 20140814
VIPRE Trojan.Win32.Generic!BT 20140814
AegisLab 20140814
Baidu-International 20140814
ByteHero 20140814
CAT-QuickHeal 20140814
ClamAV 20140813
CMC 20140814
Comodo 20140814
DrWeb 20140814
F-Prot 20140814
Ikarus 20140814
Jiangmin 20140814
K7AntiVirus 20140813
K7GW 20140813
McAfee-GW-Edition 20140813
NANO-Antivirus 20140814
Norman 20140814
nProtect 20140813
Panda 20140813
SUPERAntiSpyware 20140814
Symantec 20140814
Tencent 20140814
TheHacker 20140814
TotalDefense 20140813
TrendMicro 20140814
VBA32 20140813
ViRobot 20140814
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name NetEvent.Dll
Internal name NetEvent.Dll
File version 5.1.2600.0 (xpclient.010817-1148)
Description Net Event Handler
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-09 19:38:29
Entry Point 0x00001073
Number of sections 5
PE sections
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
File identification
MD5 da4ef8c893a27121e6d6e15ab7faad6b
SHA1 ffae12f67bc02c888a85c8f55eac0cee84867825
SHA256 9ab715239fde372eeea369b5f6cdd297220a0ed3a4723fdf1d2b6f9ace34601f
ssdeep
6144:ZXfaHUWgO5FvVdpcj+5gooNZcEVkACsp4lP:ZXfPHEfFg3/cVOk

imphash 0bcaf24396a67b786896d8bac442611e
File size 489.0 KB ( 500736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-14 08:18:46 UTC ( 4 years, 6 months ago )
Last submission 2014-08-14 08:18:46 UTC ( 4 years, 6 months ago )
File names vt-upload-sXTWn
NetEvent.Dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests