× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fdb2e471ea2c3be2e2ba3901721585c226e8c9f01124bfd7754a408db7a3c7d
File name: COMPLAINT_TO_THE_IRS.DOC.scr
Detection ratio: 40 / 51
Analysis date: 2014-04-08 01:16:18 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1441856 20140408
Yandex TrojanSpy.Zbot!D49/1n3XIno 20140407
AhnLab-V3 Spyware/Win32.Zbot 20140407
AntiVir TR/Spy.ZBot.aao.332 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140407
Avast Win32:Zbot-SEH [Trj] 20140407
AVG Win32/Cryptor 20140407
Baidu-International Trojan.Win32.Zbot.aF 20140407
BitDefender Trojan.GenericKD.1441856 20140408
Commtouch W32/Zbot.FHRJ-0659 20140408
Comodo TrojWare.Win32.Carberp.AV 20140408
DrWeb Trojan.Packed.25065 20140408
Emsisoft Trojan.GenericKD.1441856 (B) 20140408
ESET-NOD32 Win32/Spy.Zbot.AAO 20140408
F-Prot W32/Zbot.BWI 20140408
F-Secure Trojan.GenericKD.1441856 20140407
Fortinet W32/Zbot.AAO!tr 20140407
GData Trojan.GenericKD.1441856 20140408
Ikarus Virus.Win32.Cryptor 20140408
Jiangmin TrojanSpy.Zbot.fswi 20140407
K7AntiVirus Spyware ( 0029a43a1 ) 20140407
K7GW Spyware ( 0029a43a1 ) 20140407
Kaspersky HEUR:Trojan.Win32.Generic 20140408
Kingsoft Win32.Troj.Zbot.qv.(kcloud) 20140408
Malwarebytes Trojan.Backdoor.RV 20140408
McAfee PWSZbot-FMT!D0471B3FD1CD 20140408
McAfee-GW-Edition PWSZbot-FMT!D0471B3FD1CD 20140408
Microsoft PWS:Win32/Zbot 20140408
eScan Trojan.GenericKD.1441856 20140408
NANO-Antivirus Trojan.Win32.Zbot.cqwtbh 20140408
nProtect Trojan-Spy/W32.ZBot.280781 20140408
Panda Trj/Genetic.gen 20140407
Qihoo-360 Win32/Trojan.Spy.6ef 20140408
Sophos Troj/Zbot-HCX 20140408
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140408
Symantec Trojan.Zbot 20140408
TrendMicro TROJ_GEN.R047C0DLG13 20140408
TrendMicro-HouseCall TROJ_GEN.R047C0DLG13 20140407
VBA32 TrojanSpy.Zbot 20140407
VIPRE Trojan.Win32.Generic!BT 20140407
AegisLab 20140408
Bkav 20140407
ByteHero 20140408
CAT-QuickHeal 20140407
ClamAV 20140408
CMC 20140407
Norman 20140407
Rising 20140406
TheHacker 20140407
TotalDefense 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Announced 2004-2013

Publisher Screen castle introduced - www.Announced.com
Product Announced
File version 6.0.0.5
Description Tribe stretch affect Don Johnson seldom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-06 01:48:42
Entry Point 0x00008581
Number of sections 4
PE sections
PE imports
CloseMetaFile
ColorCorrectPalette
CombineRgn
CreateDCW
SetThreadLocale
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetCommandLineA
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetProcessHeaps
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WriteProfileSectionW
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
GetExitCodeProcess
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
GetStringTypeExA
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
GetSubMenu
DlgDirSelectComboBoxExA
CheckMenuItem
LookupIconIdFromDirectory
RegisterHotKey
SendDlgItemMessageW
DdeCreateStringHandleW
SetProcessWindowStation
CharPrevW
GetWindowContextHelpId
GetKeyState
SetWindowsHookA
SetCursor
UnlockUrlCacheEntryStream
InternetLockRequestFile
InternetConnectW
GopherGetLocatorTypeW
InternetSetOptionW
InternetSetOptionExA
FtpSetCurrentDirectoryW
GetSoftwareUpdateInfo
URLOpenBlockingStreamW
HlinkGoForward
Number of PE resources by type
JPEG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SAAMI ARABIC MOROCCO 2
PE resources
ExifTool file metadata
LegalTrademarks
Announced

FileDescription
Tribe stretch affect Don Johnson seldom

InitializedDataSize
219136

ImageVersion
0.0

ProductName
Announced

FileVersionNumber
1.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

OriginalFilename
Bee.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.0.0.5

TimeStamp
2013:12:06 02:48:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bee.exe

SubsystemVersion
5.0

FileAccessDate
2014:04:08 02:16:52+01:00

ProductVersion
3.0

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:04:08 02:16:52+01:00

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) Announced 2004-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Screen castle introduced - www.Announced.com

CodeSize
59392

FileSubtype
0

ProductVersionNumber
7.3.0.0

EntryPoint
0x8581

ObjectFileType
Executable application

File identification
MD5 d0471b3fd1cd9fb3eff947880eb306a3
SHA1 0aa778548c07726da3a9fd1a480aa5ac0fa90f57
SHA256 9fdb2e471ea2c3be2e2ba3901721585c226e8c9f01124bfd7754a408db7a3c7d
ssdeep
3072:hn8WR/hfAaA0UXKHYxaYOY0+y/jxXUmcSi1prQsaOWIAEV5vBNQF3TVtXyAt003a:h5R/dCXwYMV8Usa3ILvBNy3TjtJ3a

imphash 43b383dd57cb3b9252a7c76a66045f90
File size 274.2 KB ( 280781 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-06 10:51:08 UTC ( 3 years, 6 months ago )
Last submission 2013-12-06 10:51:08 UTC ( 3 years, 6 months ago )
File names COMPLAINT_TO_THE_IRS.DOC.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs