× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b0527619045586eec68d1f814ebab6a4ceae60421e2ecdc43834aed8bcdee25
File name: 56656_f74aa623206050c2c959d2c93d9061a784257f27_file.ex
Detection ratio: 36 / 42
Analysis date: 2012-09-06 11:09:26 UTC ( 6 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 Win32/Ircbot.worm.variant 20120905
AntiVir TR/Agent.160256 20120906
Avast Win32:Malware-gen 20120906
AVG SHeur3.AVN 20120906
BitDefender Trojan.Zbot.HME 20120906
CAT-QuickHeal TrojanSpy.Zbot.afze.cw6 20120906
ClamAV Trojan.Zbot-8195 20120906
Commtouch W32/Zbot.ASX 20120906
Comodo TrojWare.Win32.TrojanSpy.Zbot.Gen 20120906
DrWeb Trojan.PWS.Panda.244 20120906
Emsisoft Trojan-Spy.Win32.Zbot!IK 20120906
ESET-NOD32 Win32/Spy.Zbot.UN 20120906
F-Prot W32/Zbot.ASX 20120906
F-Secure Trojan.Zbot.HME 20120906
Fortinet W32/Zbot.AFZE!tr 20120830
GData Trojan.Zbot.HME 20120906
Ikarus Trojan-Spy.Win32.Zbot 20120906
Jiangmin TrojanSpy.Zbot.bpa 20120906
K7AntiVirus Spyware 20120905
Kaspersky Trojan-Spy.Win32.Zbot.afze 20120906
McAfee Generic PWS.y!cct 20120906
McAfee-GW-Edition Generic PWS.y!cct 20120905
Microsoft PWS:Win32/Zbot 20120906
Norman ZBot.PHM 20120905
nProtect Trojan.Zbot.HME 20120906
Panda Suspicious file 20120905
PCTools Trojan.Gen 20120905
Rising Trojan.Win32.Generic.11F25677 20120906
Sophos AV Mal/FakeAV-CH 20120906
Symantec Trojan.Gen 20120906
TotalDefense Win32/Zbot.ALH 20120905
TrendMicro TROJ_FAKEAL.SMDT 20120906
TrendMicro-HouseCall TROJ_FAKEAL.SMDT 20120906
VIPRE BehavesLike.Win32.Malware.mmu (mx-v) 20120906
ViRobot Spyware.Zbot.160256.B 20120906
VirusBuster TrojanSpy.Zbot!ywE7DwVNcNU 20120905
Antiy-AVL 20120906
ByteHero 20120822
eSafe 20120904
SUPERAntiSpyware 20120906
TheHacker 20120906
VBA32 20120905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
IOBB

Publisher gRzTlspdajppb
Product gRzTlspdajppb
Original name gRzTlspdajppb.exe
Internal name gRzTlspdajppb.exe
File version 2.0.0.1
Description vfLYPMBJpJlj
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-25 17:57:28
Entry Point 0x0000BFBF
Number of sections 6
PE sections
PE imports
OpenServiceW
RegCloseKey
CloseServiceHandle
QueryServiceStatus
OpenSCManagerW
OpenThreadToken
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExA
GetStartupInfoA
GetLastError
GetCurrentProcess
HeapFree
ReadFile
Sleep
GetModuleHandleA
CreateFileW
GetCommandLineW
VirtualFree
ExitProcess
FormatMessageW
HeapAlloc
GetFileType
CloseHandle
TerminateProcess
GetVersion
HeapReAlloc
VirtualAlloc
GetModuleHandleW
GetProcessHeap
_except_handler3
_acmdln
_adjust_fdiv
__p__fmode
_exit
__p__commode
fclose
__dllonexit
memcpy
_controlfp
exit
_XcptFilter
__getmainargs
__setusermatherr
_onexit
_initterm
memchr
__set_app_type
EmptyClipboard
DispatchMessageA
SetClipboardData
TranslateMessage
DrawMenuBar
PostQuitMessage
CloseClipboard
CheckMenuRadioItem
RemoveMenu
ExitWindowsEx
OpenClipboard
Ord(22)
Ord(23)
Ord(55)
Ord(54)
Ord(56)
Ord(21)
Ord(116)
Ord(115)
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ExifTool file metadata
CodeSize
50176

FileDescription
vfLYPMBJpJlj

InitializedDataSize
174592

ImageVersion
0.0

ProductName
gRzTlspdajppb

FileVersionNumber
2.0.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x001f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
gRzTlspdajppb.exe

PrivateBuild
IOBB gRzTlspdajppb

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.0.1

TimeStamp
2010:02:25 18:57:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gRzTlspdajppb.exe

SubsystemVersion
4.0

ProductVersion
2.0.0.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
IOBB

MachineType
Intel 386 or later, and compatibles

CompanyName
gRzTlspdajppb

LegalTrademarks
vfLYPMBJpJlj

FileSubtype
0

ProductVersionNumber
2.0.0.5

EntryPoint
0xbfbf

ObjectFileType
Executable application

File identification
MD5 69b30727462f25b85545097b02df143b
SHA1 f74aa623206050c2c959d2c93d9061a784257f27
SHA256 9b0527619045586eec68d1f814ebab6a4ceae60421e2ecdc43834aed8bcdee25
ssdeep
3072:Z41fHgbczbMfu7moHP2HCbD53VJTB/kldD9kUL3/yAlO:Zcf8sbMG7tHP2HCbljJm9B/yA

File size 156.5 KB ( 160256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2010-02-27 18:14:00 UTC ( 9 years, 2 months ago )
Last submission 2012-09-06 11:09:26 UTC ( 6 years, 8 months ago )
File names gRzTlspdajppb.exe
zStYbvITN.xls
56656_f74aa623206050c2c959d2c93d9061a784257f27_file.ex
aa
zltAAL.cpl
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!