× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b5b2d3a2f3314d53cad5529435ad90d581143602455031af8283655ac60e6c0
File name: output.41249092.txt
Detection ratio: 22 / 55
Analysis date: 2014-09-27 15:08:37 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1873657 20140927
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140927
Avast Win32:Malware-gen 20140927
Avira (no cloud) TR/Zbot.A.1193 20140927
Baidu-International Trojan.Win32.Zbot.ag 20140927
BitDefender Trojan.GenericKD.1873657 20140927
Bkav HW32.Paked.F2B1 20140925
CAT-QuickHeal (Suspicious) - DNAScan 20140927
Comodo UnclassifiedMalware 20140927
Emsisoft Trojan.GenericKD.1873657 (B) 20140927
ESET-NOD32 a variant of Win32/Packed.Asprotect.DS 20140927
F-Secure Trojan.GenericKD.1873657 20140927
Fortinet PossibleThreat 20140927
GData Trojan.GenericKD.1873657 20140927
Ikarus Trojan.Win32.ASProtect 20140927
Kaspersky Trojan-Spy.Win32.Zbot.uexb 20140927
eScan Trojan.GenericKD.1873657 20140927
nProtect Trojan.GenericKD.1873657 20140926
Panda Trj/CI.A 20140926
Sophos AV Mal/Generic-S 20140927
Symantec WS.Reputation.1 20140927
TrendMicro-HouseCall TROJ_GEN.R011H07IQ14 20140927
AegisLab 20140927
Yandex 20140926
AhnLab-V3 20140927
AVG 20140927
AVware 20140927
ByteHero 20140927
ClamAV 20140927
CMC 20140925
Cyren 20140927
DrWeb 20140927
F-Prot 20140927
Jiangmin 20140926
K7AntiVirus 20140926
K7GW 20140926
Kingsoft 20140927
Malwarebytes 20140927
McAfee 20140927
McAfee-GW-Edition 20140926
Microsoft 20140927
NANO-Antivirus 20140927
Norman 20140927
Qihoo-360 20140927
Rising 20140927
SUPERAntiSpyware 20140927
Tencent 20140927
TheHacker 20140924
TotalDefense 20140926
TrendMicro 20140927
VBA32 20140926
VIPRE 20140927
ViRobot 20140927
Zillya 20140927
Zoner 20140925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-09 15:13:51
Entry Point 0x00001000
Number of sections 7
PE sections
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
PE resources
File identification
MD5 4695c7d36e62a5e37ad4933a95729047
SHA1 2b10238d80fe1002c7440b756eea9a6358a9d348
SHA256 9b5b2d3a2f3314d53cad5529435ad90d581143602455031af8283655ac60e6c0
ssdeep
12288:T1htAqgEQDy7qPRdAh9Lvuc+YXrO1CKFn0WEiw:TXtY0eAbvucVa1H6Wi

authentihash bfeaa1eb704c566c8c47ac766f14b65d8b9dc542afaa7e479baea22cc181ca0a
imphash b8b949414a1cbbc9af7d834ae8be805f
File size 500.0 KB ( 512000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2014-09-20 15:07:00 UTC ( 4 years, 6 months ago )
Last submission 2014-09-21 03:50:19 UTC ( 4 years, 6 months ago )
File names 41249092
output.41249092.txt
ZA1Ofs.rar
monvhal.exe
9b5b2d3a2f3314d53cad5529435ad90d581143602455031af8283655ac60e6c0.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.