× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a00c60c145fa4fed38f244e7a3c55425fd00c272cd54b59ce9c9fcc4894e0662
File name: 8802d13595da8294c84821e5e3086442.exe
Detection ratio: 32 / 49
Analysis date: 2014-02-22 15:51:14 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.165 20140222
AhnLab-V3 Spyware/Win32.Zbot 20140222
AntiVir TR/Spy.Gen 20140222
Avast Win32:Zbot-NRC [Trj] 20140222
BitDefender Gen:Variant.Kazy.165 20140222
ClamAV Trojan.Spy.Zbot-142 20140222
Commtouch W32/Zbot.BR.gen!Eldorado 20140222
DrWeb DLOADER.Trojan 20140222
Emsisoft Gen:Variant.Kazy.165 (B) 20140222
ESET-NOD32 a variant of Win32/Spy.Zbot.YW 20140222
F-Prot W32/Zbot.BR.gen!Eldorado 20140222
F-Secure Gen:Variant.Kazy.165 20140222
Fortinet W32/Zbot.AT!tr 20140222
GData Gen:Variant.Kazy.165 20140222
Ikarus Trojan-Spy.Win32.Zbot 20140222
K7AntiVirus Riskware ( 5e2046950 ) 20140221
Kaspersky HEUR:Trojan.Win32.Generic 20140222
Malwarebytes Trojan.Agent.ED 20140222
McAfee PWS-Zbot.gen.aov 20140222
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20140222
Microsoft PWS:Win32/Zbot.gen!Y 20140222
eScan Gen:Variant.Kazy.165 20140222
Norman ZBot.VAL 20140222
Panda Trj/CI.A 20140222
Rising PE:Stealer.Zbot!1.648A 20140222
Sophos Troj/PWS-BSF 20140222
Symantec Trojan.Zbot 20140222
TotalDefense Win32/Zbot.CXZ 20140222
TrendMicro Cryp_Xin1 20140222
TrendMicro-HouseCall Cryp_Xin1 20140222
VBA32 BScope.Trojan.Zbot.6713 20140221
VIPRE Trojan.Win32.Zbot.n (v) 20140222
Yandex 20140221
Antiy-AVL 20140219
AVG 20140222
Baidu-International 20140222
Bkav 20140222
ByteHero 20140222
CAT-QuickHeal 20140222
CMC 20140220
Comodo 20140222
Jiangmin 20140222
K7GW 20140220
Kingsoft 20140222
NANO-Antivirus 20140222
nProtect 20140221
Qihoo-360 20140220
SUPERAntiSpyware 20140222
TheHacker 20140220
ViRobot 20140222
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-22 10:39:07
Entry Point 0x0000876E
Number of sections 3
PE sections
Overlays
MD5 f55c04febce45e793f234d4000740614
File type data
Offset 162304
Size 512
Entropy 7.65
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegNotifyChangeKeyValue
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
CryptAcquireContextW
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
OpenThreadToken
RegSetValueExW
CryptGetHashParam
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CryptUnprotectData
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
CreatePipe
GetDriveTypeW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
GlobalMemoryStatusEx
Thread32First
HeapReAlloc
SetEvent
LocalFree
InitializeCriticalSection
FindClose
InterlockedDecrement
FindNextChangeNotification
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
lstrcmpiW
GetVolumeInformationA
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
RegisterWaitForSingleObject
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
CreateEventW
SetEndOfFile
InterlockedIncrement
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
PeekNamedPipe
lstrcmpiA
GetVersionExW
FreeLibrary
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
GetWindowsDirectoryW
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
GetComputerNameW
VirtualAllocEx
OpenEventW
GlobalUnlock
FindFirstChangeNotificationW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
UnregisterWait
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetProcAddress
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
StrStrIA
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathFileExistsW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
SHDeleteKeyW
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetCursorPos
GetWindowThreadProcessId
CharLowerA
LoadImageW
PeekMessageW
GetKeyboardState
CharToOemW
TranslateMessage
CharUpperW
DrawIcon
CharLowerW
ToUnicode
MsgWaitForMultipleObjects
CharLowerBuffA
GetShellWindow
GetIconInfo
DispatchMessageW
ExitWindowsEx
GetClipboardData
InternetSetStatusCallbackW
HttpOpenRequestA
HttpSendRequestExW
HttpSendRequestExA
InternetReadFileExA
InternetQueryOptionW
InternetConnectW
HttpAddRequestHeadersA
InternetCloseHandle
InternetConnectA
InternetReadFileExW
InternetQueryOptionA
GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA
DeleteUrlCacheEntryA
InternetCrackUrlW
InternetOpenA
InternetSetOptionW
HttpSendRequestW
InternetCrackUrlA
getaddrinfo
getsockname
WSARecv
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
htons
getpeername
WSAGetLastError
closesocket
WSACloseEvent
send
WSASend
select
listen
WSAStringToAddressA
WSAEventSelect
WSASetLastError
ioctlsocket
recv
WSAIoctl
setsockopt
WSASetEvent
socket
bind
recvfrom
WSAEnumNetworkEvents
sendto
WSACreateEvent
CoInitializeEx
CoUninitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
CoSetProxyBlanket
ExifTool file metadata
FileAccessDate
2014:02:22 16:51:50+01:00

FileCreateDate
2014:02:22 16:51:50+01:00

File identification
MD5 8802d13595da8294c84821e5e3086442
SHA1 feb291353b7160e7376ce3229e33dd5a5766cd40
SHA256 a00c60c145fa4fed38f244e7a3c55425fd00c272cd54b59ce9c9fcc4894e0662
ssdeep
3072:7sl7LBPb10UmWaM0Dlv0yQc+e6Up/y+mObBiCuS1NHPjU/u4OT9rfVH:7sVhPaMy50yQc+e6UpL/BitS1NvjMuJd

authentihash 5155e4c1ed5238d0216cb66a2fb7627090b9d8ab5ed25d8280bdb1978f029e42
imphash 3b838a51b02a4899a4c052d076890879
File size 159.0 KB ( 162816 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
mz overlay

VirusTotal metadata
First submission 2014-02-22 15:30:13 UTC ( 3 years, 2 months ago )
Last submission 2016-09-10 06:13:06 UTC ( 7 months, 3 weeks ago )
File names 8802d13595da8294c84821e5e3086442.exe
ZeuS_binary_8802d13595da8294c84821e5e3086442.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!