× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b49b83786e3145a94a782b9a6dd1d7fefa7ae2a5bdf03bc245847c410c6bea2
File name: vt-upload-00vDY
Detection ratio: 35 / 50
Analysis date: 2014-02-07 18:08:15 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.44 20140207
Yandex TrojanSpy.Zbot!jzfNHN2fGt8 20140207
AhnLab-V3 Spyware/Win32.Zbot 20140207
AntiVir TR/Crypt.ZPACK.Gen8 20140207
Avast Win32:Malware-gen 20140207
AVG PSW.Generic9.BSJV 20140207
Baidu-International Trojan.Win32.Generic.AhoI 20140207
BitDefender Gen:Variant.Barys.44 20140207
Bkav HW32.CDB.0c04 20140207
ClamAV Trojan.Zbot-19514 20140207
CMC Trojan-Spy.Win32.Zbot!O 20140122
Comodo UnclassifiedMalware 20140207
DrWeb Trojan.PWS.Panda.547 20140207
Emsisoft Gen:Variant.Barys.44 (B) 20140207
ESET-NOD32 a variant of Win32/Kryptik.ANOF 20140207
F-Secure Gen:Variant.Barys.44 20140207
Fortinet W32/Generic.ANOF!tr 20140207
GData Gen:Variant.Barys.44 20140207
Ikarus Trojan-Spy.Win32.Zbot 20140207
Jiangmin TrojanSpy.Zbot.atrk 20140207
K7AntiVirus Spyware ( 00372ae61 ) 20140207
K7GW Spyware ( 00372ae61 ) 20140207
Kaspersky HEUR:Trojan.Win32.Generic 20140207
Kingsoft Win32.Troj.Zbot.(kcloud) 20140207
McAfee Artemis!CA45E00B2608 20140207
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!87 20140207
eScan Gen:Variant.Barys.44 20140207
NANO-Antivirus Trojan.Win32.Panda.crdvce 20140207
nProtect Trojan/W32.Agent.127082 20140207
Panda Suspicious file 20140207
Qihoo-360 Malware.QVM07.Gen 20140207
Sophos Mal/Zbot-FY 20140207
TheHacker Trojan/Spy.Zbot.dnwx 20140205
VBA32 TrojanSpy.Zbot 20140207
ViRobot Trojan.Win32.A.Zbot.127082 20140207
Antiy-AVL 20140207
ByteHero 20140207
CAT-QuickHeal 20140207
Commtouch 20140207
F-Prot 20140207
Malwarebytes 20140207
Microsoft 20140207
Norman 20140207
Rising 20140207
SUPERAntiSpyware 20140207
Symantec 20140207
TotalDefense 20140207
TrendMicro 20140207
TrendMicro-HouseCall 20140207
VIPRE 20140207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-08 22:17:29
Entry Point 0x00004CC4
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetTempPathA
GetModuleHandleA
TlsAlloc
TlsSetValue
WriteConsoleW
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??1Init@ios_base@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
strncmp
_except_handler3
malloc
_acmdln
__p__fmode
_exit
__p__commode
__setusermatherr
free
_onexit
__dllonexit
exit
_XcptFilter
__getmainargs
calloc
_initterm
_controlfp
strlen
_adjust_fdiv
__set_app_type
VariantChangeType
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
Ord(106)
Ord(204)
Ord(203)
Ord(120)
Ord(605)
Ord(606)
Ord(401)
Ord(603)
Ord(604)
Ord(900)
Ord(901)
Ord(402)
Ord(500)
Ord(501)
Ord(902)
Ord(903)
Ord(502)
Ord(107)
Ord(904)
Ord(905)
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:08 23:17:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileAccessDate
2014:02:07 19:22:00+01:00

EntryPoint
0x4cc4

InitializedDataSize
720896

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:07 19:22:00+01:00

UninitializedDataSize
0

File identification
MD5 ca45e00b260800740c563234480ff3dc
SHA1 f4ec9d99e93edcce11f53a580adfa4e6fba3f3e3
SHA256 9b49b83786e3145a94a782b9a6dd1d7fefa7ae2a5bdf03bc245847c410c6bea2
ssdeep
1536:dXFWMKEo91iGB9/litKkyp3Us84iFhqDZ8vglEgsFo6PBciq7N+mFcpdO6Lqwjk4:lAyGB9EtKfJGqteHgsFo6POzUjaWXP9

imphash eca69e4226af99ac752e7338903ee739
File size 124.1 KB ( 127082 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-07 18:08:15 UTC ( 3 years, 1 month ago )
Last submission 2014-02-07 18:08:15 UTC ( 3 years, 1 month ago )
File names vt-upload-00vDY
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!