× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a364419097cbd8298b314723c4c141dd9d3c0ad2dab8dad8f101cba1d90aacb9
File name: b1887fed0e7c457a423adda58058ed1c
Detection ratio: 34 / 57
Analysis date: 2015-03-06 03:01:51 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.12804207 20150306
Yandex TrojanSpy.Zbot!Cw0pAjfPzcQ 20150228
AhnLab-V3 Trojan/Win32.Chanitor 20150305
ALYac Trojan.Generic.12804207 20150306
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150305
Avast Win32:Malware-gen 20150306
AVG Crypt3.CEGZ 20150305
Avira (no cloud) TR/Zbot.A.1344 20150306
AVware Trojan.Win32.Generic!BT 20150306
BitDefender Trojan.Generic.12804207 20150306
Comodo UnclassifiedMalware 20150306
Cyren W32/Trojan.VSIJ-4192 20150306
Emsisoft Trojan.Generic.12804207 (B) 20150306
ESET-NOD32 a variant of Win32/Kryptik.DALN 20150306
F-Secure Trojan.Generic.12804207 20150306
GData Trojan.Generic.12804207 20150306
Jiangmin TrojanSpy.Zbot.hqmf 20150306
K7AntiVirus Trojan ( 004b68d21 ) 20150305
K7GW Trojan ( 004b68d21 ) 20150306
Kaspersky Trojan-Spy.Win32.Zbot.vayc 20150306
Malwarebytes Trojan.Ransom.FW 20150306
McAfee Generic-FAVQ!B1887FED0E7C 20150306
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20150306
Microsoft PWS:Win32/Zbot.gen!VM 20150306
eScan Trojan.Generic.12804207 20150306
NANO-Antivirus Trojan.Win32.Zbot.dobfiz 20150306
nProtect Trojan.Generic.12804207 20150305
Panda Trj/Genetic.gen 20150305
Qihoo-360 Win32/Trojan.BO.4ac 20150306
Sophos AV Mal/Generic-S 20150306
Symantec Trojan.Gen 20150306
TrendMicro TROJ_GEN.R021C0EBP15 20150306
TrendMicro-HouseCall TROJ_GEN.R021C0EBP15 20150306
VIPRE Trojan.Win32.Generic!BT 20150306
AegisLab 20150306
Alibaba 20150306
Baidu-International 20150305
Bkav 20150305
ByteHero 20150306
CAT-QuickHeal 20150305
ClamAV 20150306
CMC 20150304
DrWeb 20150306
F-Prot 20150305
Fortinet 20150306
Ikarus 20150306
Kingsoft 20150306
Norman 20150305
Rising 20150305
SUPERAntiSpyware 20150306
Tencent 20150306
TheHacker 20150303
TotalDefense 20150306
VBA32 20150305
ViRobot 20150305
Zillya 20150305
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-18 12:06:45
Entry Point 0x00002360
Number of sections 5
PE sections
PE imports
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
capGetDriverDescriptionA
LineTo
CreateHalftonePalette
BitBlt
SelectObject
EnumFontFamiliesExA
DeleteObject
CreateCompatibleDC
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
UnhandledExceptionFilter
GetModuleHandleW
HeapQueryInformation
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
SetHandleCount
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
SetLastError
TlsSetValue
GetTickCount
OutputDebugStringA
IsBadReadPtr
WriteConsoleW
InterlockedIncrement
Ord(24)
OleCreatePictureIndirect
EnumDisplayMonitors
GetWindowTextLengthA
FillRect
CopyRect
SendMessageA
DefWindowProcA
ShowWindow
ModifyMenuA
GetDC
GdipCloneBrush
GdipFillEllipseI
GdipSetPathGradientCenterColor
GdipCreateFromHDC
GdipFree
GdipDeletePath
GdipGetPathGradientPointCount
GdipDeleteBrush
GdipAlloc
GdiplusStartup
GdipCreatePath
GdipSetPathGradientSurroundColorsWithCount
GdipDeleteGraphics
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
CoInitializeEx
CoInitializeSecurity
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 5
RT_GROUP_CURSOR 4
RT_STRING 4
RT_BITMAP 4
RT_HTML 1
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:02:18 13:06:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
197632

LinkerVersion
10.0

EntryPoint
0x2360

InitializedDataSize
164352

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b1887fed0e7c457a423adda58058ed1c
SHA1 d08ed815f702ef9404f6f661c3361a66d5c69898
SHA256 a364419097cbd8298b314723c4c141dd9d3c0ad2dab8dad8f101cba1d90aacb9
ssdeep
6144:14OpwHDYDk2OjP4/Gl7eVEjryX1V71omyR66eg8PME0e1NQE5omehjSWwCS3:6OpwHDYDDOXpSsmX3+FPnSJ3

authentihash 81818aa870f7a53da54d9cfda4649fb8ed7c2943dcc1f157c74a87b2cb24222d
imphash d11195939276a7ed70531bcad2af7ecc
File size 354.5 KB ( 363008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-06 03:01:51 UTC ( 4 years ago )
Last submission 2015-03-06 03:01:51 UTC ( 4 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications