× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b972b44778af67664ffdc644d47590a9c3fde047279c069bb4fe47e6b938d4e
File name: 9b972b44778af67664ffdc644d47590a9c3fde047279c069bb4fe47e6b938d4e.vir
Detection ratio: 47 / 56
Analysis date: 2015-12-14 14:38:17 UTC ( 2 years, 12 months ago )
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.4 20151214
Yandex Trojan.Injector!Oy28xaRakZY 20151213
AhnLab-V3 Trojan/Win32.Zbot 20151214
ALYac Trojan.Lethic.Gen.4 20151214
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151214
Arcabit Trojan.Lethic.Gen.4 20151214
Avast Win32:Crypt-REG [Trj] 20151214
AVG Inject2.ADRQ 20151214
Avira (no cloud) TR/Dropper.Gen 20151214
AVware Trojan.Win32.Generic!BT 20151214
Baidu-International Trojan.Win32.Injector.BDYC 20151214
BitDefender Trojan.Lethic.Gen.4 20151214
Bkav HW32.Packed.58DD 20151214
CAT-QuickHeal TrojanPWS.Zbot.AP4 20151214
ClamAV Win.Trojan.Symmi-866 20151214
Comodo UnclassifiedMalware 20151214
Cyren W32/Zbot.RS.gen!Eldorado 20151214
DrWeb Trojan.DownLoad3.32895 20151214
Emsisoft Trojan.Lethic.Gen.4 (B) 20151214
ESET-NOD32 a variant of Win32/Injector.BDGB 20151214
F-Prot W32/Zbot.RS.gen!Eldorado 20151214
F-Secure Trojan.Lethic.Gen.4 20151214
Fortinet W32/ZBOT.QU!tr 20151214
GData Trojan.Lethic.Gen.4 20151214
Ikarus Trojan.Inject2 20151214
Jiangmin TrojanSpy.Zbot.hlnh 20151213
K7AntiVirus Trojan ( 00499e231 ) 20151214
K7GW Trojan ( 00499e231 ) 20151214
Kaspersky HEUR:Trojan.Win32.Generic 20151214
Malwarebytes Trojan.Zbot 20151214
McAfee Generic-FAUT!38C351FF3802 20151214
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20151214
Microsoft Trojan:Win32/Bagsu!rfn 20151214
eScan Trojan.Lethic.Gen.4 20151214
NANO-Antivirus Trojan.Win32.Inject.cxirqs 20151214
nProtect Trojan.Lethic.Gen.4 20151214
Panda Trj/Dtcontx.L 20151213
Qihoo-360 Win32/Trojan.439 20151214
Sophos AV Mal/Zbot-QU 20151214
Symantec Trojan.ADH 20151214
Tencent Win32.Trojan-spy.Zbot.Lmkx 20151214
TrendMicro TROJ_MALKRYP.SM2 20151214
TrendMicro-HouseCall TROJ_MALKRYP.SM2 20151214
VBA32 OScope.Malware-Cryptor.Hlux 20151214
VIPRE Trojan.Win32.Generic!BT 20151214
ViRobot Trojan.Win32.A.Zbot.336896.IW[h] 20151214
Zillya Trojan.Zbot.Win32.155876 20151213
AegisLab 20151214
Alibaba 20151208
ByteHero 20151214
CMC 20151214
Rising 20151212
SUPERAntiSpyware 20151214
TheHacker 20151214
TotalDefense 20151214
Zoner 20151214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2014

Product Editor
Original name Editor.exe
Internal name Editor
File version 1, 0, 0, 1
Description Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-06 16:55:35
Entry Point 0x0000AA54
Number of sections 4
PE sections
Overlays
MD5 edcaba74f42156ba2a05e7b61eb5f851
File type data
Offset 335872
Size 1024
Entropy 7.80
PE imports
CreatePolygonRgn
GetTextExtentPoint32A
OffsetRgn
CreatePen
CreateSolidBrush
CreateRectRgnIndirect
PtInRegion
CombineRgn
Ellipse
GetStartupInfoA
ReadFile
GetFileSize
GetModuleHandleA
GetModuleFileNameW
GlobalFree
CreateFileW
GlobalAlloc
CopyFileA
CreateDirectoryA
GlobalUnlock
GlobalLock
CloseHandle
Ord(1775)
Ord(4129)
Ord(4080)
Ord(2362)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(6052)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(1842)
Ord(6383)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(5440)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4303)
Ord(2556)
Ord(5442)
Ord(5301)
Ord(807)
Ord(4163)
Ord(1979)
Ord(6215)
Ord(6625)
Ord(4953)
Ord(1725)
Ord(517)
Ord(2915)
Ord(5787)
Ord(4529)
Ord(2652)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(922)
Ord(641)
Ord(5788)
Ord(2494)
Ord(1175)
Ord(796)
Ord(5277)
Ord(2514)
Ord(986)
Ord(4402)
Ord(4425)
Ord(6385)
Ord(3454)
Ord(3092)
Ord(567)
Ord(1134)
Ord(941)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(2379)
Ord(6175)
Ord(6216)
Ord(5265)
Ord(338)
Ord(6336)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2011)
Ord(2982)
Ord(617)
Ord(3172)
Ord(3394)
Ord(4526)
Ord(4055)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(1746)
Ord(4441)
Ord(2542)
Ord(4424)
Ord(540)
Ord(6119)
Ord(5260)
Ord(3706)
Ord(4078)
Ord(4464)
Ord(3059)
Ord(2554)
Ord(693)
Ord(2510)
Ord(6027)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2587)
Ord(6374)
Ord(4406)
Ord(2117)
Ord(3755)
Ord(1727)
Ord(3370)
Ord(823)
Ord(5653)
Ord(2642)
Ord(5186)
Ord(5503)
Ord(2725)
Ord(4133)
Ord(4998)
Ord(5472)
Ord(4376)
Ord(4436)
Ord(4457)
Ord(800)
Ord(4262)
Ord(4615)
Ord(2512)
Ord(470)
Ord(4427)
Ord(4274)
Ord(4224)
Ord(2859)
Ord(5683)
Ord(6131)
Ord(4079)
Ord(6069)
Ord(3058)
Ord(1146)
Ord(3147)
Ord(2582)
Ord(2124)
Ord(2370)
Ord(924)
Ord(3749)
Ord(4077)
Ord(2086)
Ord(1669)
Ord(3262)
Ord(2446)
Ord(2289)
Ord(674)
Ord(975)
Ord(1576)
Ord(2754)
Ord(5065)
Ord(4353)
Ord(3748)
Ord(4299)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(6453)
Ord(3663)
Ord(562)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(5243)
Ord(5280)
Ord(5214)
Ord(4612)
Ord(3825)
Ord(2635)
Ord(2976)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(4297)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(652)
Ord(4151)
Ord(2649)
Ord(3346)
Ord(3521)
Ord(2818)
Ord(6329)
Ord(3499)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(1920)
Ord(6404)
Ord(5572)
Ord(6000)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(816)
Ord(6394)
Ord(4349)
Ord(2878)
Ord(4589)
Ord(5875)
Ord(3079)
Ord(4899)
Ord(6334)
Ord(6880)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(520)
Ord(2399)
Ord(5450)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(6402)
Ord(6785)
Ord(3403)
Ord(5740)
Ord(4622)
Ord(561)
Ord(2390)
Ord(4960)
Ord(5261)
Ord(355)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(3908)
Ord(3729)
Ord(2879)
Ord(2298)
Ord(3573)
Ord(6696)
Ord(4486)
Ord(2535)
Ord(529)
Ord(3640)
Ord(4698)
Ord(4696)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(5710)
Ord(4889)
Ord(4432)
Ord(4467)
Ord(804)
Ord(5302)
Ord(1825)
Ord(5461)
Ord(860)
Ord(5731)
__p__fmode
_acmdln
_ftol
memset
strcat
__dllonexit
fopen
strlen
_except_handler3
sqrt
_onexit
abs
exit
_XcptFilter
__setusermatherr
_controlfp
_adjust_fdiv
__CxxFrameHandler
__p__commode
atoi
__getmainargs
memcpy
_setmbcp
memmove
strcpy
_initterm
_exit
strcmp
__set_app_type
Ord(251)
ReleaseDC
LoadCursorA
InvalidateRect
UpdateWindow
EnableWindow
GetWindowRect
OffsetRect
CopyRect
SendMessageA
GetClientRect
InvalidateRgn
PtInRect
SetRect
GetDC
SetCursor
CreateStreamOnHGlobal
Number of PE resources by type
RT_STRING 14
RT_DIALOG 8
Struct(240) 2
Struct(241) 2
RT_MENU 2
RT_BITMAP 2
RT_VXD 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 32
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Spanish (Mexican)

FileFlagsMask
0x003f

CharacterSet
Windows, Arabic

InitializedDataSize
286720

EntryPoint
0xaa54

OriginalFileName
Editor.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2014

FileVersion
1, 0, 0, 1

TimeStamp
2014:05:06 16:55:35+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Editor

ProductVersion
1, 0, 0, 1

FileDescription
Editor

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
45056

ProductName
Editor

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 38c351ff38026be0dc1ba3973fc9d3a6
SHA1 672a330156ea32302759b5f82b21aef52512c071
SHA256 9b972b44778af67664ffdc644d47590a9c3fde047279c069bb4fe47e6b938d4e
ssdeep
6144:YULt/18fSuErzwNazE4yh59sG34gV7qFqwLbPxZH9cgGQjohmt:v16fSuqzwaEDlsseFqwTH9c6joh0

authentihash d307194c6e68e6ec265bcb9837d9bf531236ad247d38e965b3b9030237481fa8
imphash c0d93601a8d4f0aee8d17493e940ac10
File size 329.0 KB ( 336896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-07 13:44:57 UTC ( 4 years, 7 months ago )
Last submission 2015-12-14 14:38:17 UTC ( 2 years, 12 months ago )
File names Editor.exe
12-57-51.07817859-s-0000.Manual.exe
Editor
Manual.gxe
Manual.exe
9b972b44778af67664ffdc644d47590a9c3fde047279c069bb4fe47e6b938d4e.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.