× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a464ba227b41681917a52e625c8f0b7a91910aa47a54788668ee7586b77d79d7
File name: ee2e14e2684b4c4be64b54a00b681f7f6ffced30_bot.ex
Detection ratio: 50 / 56
Analysis date: 2014-11-26 18:15:34 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.6108469 20141126
Yandex Backdoor.Kbot.FL 20141126
AhnLab-V3 Win-Trojan/Downloader.22016.CO 20141126
ALYac Trojan.Generic.6108469 20141126
Antiy-AVL Trojan[Backdoor]/Win32.Kbot 20141126
Avast Win32:Small-JGP [Trj] 20141126
AVG Flooder.EQA 20141126
Avira (no cloud) WORM/Rbot.Gen 20141126
AVware BehavesLike.Win32.Malware.ssc (mx-v) 20141121
Baidu-International Trojan.Win32.Agent.BNGC 20141126
BitDefender Trojan.Generic.6108469 20141126
Bkav W32.GenericBackdoorGTB.Worm 20141120
ClamAV Trojan.Downloader-11579 20141126
CMC Backdoor.Win32.Kbot!O 20141126
Comodo Backdoor.Win32.Agent.NGC 20141126
Cyren W32/Downloader.ZCUW-6731 20141126
DrWeb Trojan.DownLoader.26661 20141126
Emsisoft Trojan.Generic.6108469 (B) 20141126
ESET-NOD32 Win32/Agent.NGC 20141126
F-Prot W32/Downldr2.MDV 20141126
F-Secure Trojan.Generic.6108469 20141126
Fortinet W32/Kbot.S!tr.bdr 20141126
GData Trojan.Generic.6108469 20141126
Ikarus Backdoor.Win32.Kbot 20141126
Jiangmin TrojanDownloader.Dirat.a 20141125
K7AntiVirus Backdoor ( 04c4b59d1 ) 20141126
K7GW Backdoor ( 04c4b59d1 ) 20141126
Kaspersky Backdoor.Win32.Kbot.brj 20141126
Kingsoft Win32.Troj.Agent.(kcloud) 20141126
Malwarebytes Backdoor.Bot 20141126
McAfee FDoS-BEnergy 20141126
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.mh 20141126
Microsoft Backdoor:Win32/Phdet.gen!A 20141126
eScan Trojan.Generic.6108469 20141126
NANO-Antivirus Trojan.Win32.Dirat.ertk 20141126
Norman Malware 20141126
nProtect Backdoor/W32.KBot.22016.B 20141126
Qihoo-360 Malware.Radar05.Gen 20141126
Rising PE:Trojan.DL.Win32.Small.evl!1173777705 20141126
Sophos AV Troj/Bckdr-QYM 20141126
SUPERAntiSpyware Trojan.Agent/Gen-Kbot 20141126
Symantec Backdoor.Lancafdo 20141126
TheHacker Backdoor/Kbot.s 20141124
TotalDefense Win32/Phdet.T 20141125
TrendMicro BKDR_KBOT.CT 20141126
TrendMicro-HouseCall BKDR_KBOT.CT 20141126
VBA32 Trojan-Downloader.SvcHorse.0373 20141126
VIPRE BehavesLike.Win32.Malware.ssc (mx-v) 20141126
ViRobot Backdoor.Win32.Kbot.22016.B 20141126
Zillya Backdoor.Kbot.Win32.830 20141126
AegisLab 20141126
ByteHero 20141126
CAT-QuickHeal 20141126
Panda 20141126
Tencent 20141126
Zoner 20141125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-06-13 22:13:59
Entry Point 0x000034D0
Number of sections 3
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyA
DnsRecordListFree
DnsQuery_A
GetLastError
WriteProcessMemory
ReleaseMutex
VirtualAllocEx
TerminateThread
lstrlenA
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetStartupInfoA
GetVolumeInformationA
LoadLibraryExA
GetCurrentProcessId
lstrcatA
DeleteFileA
ReadProcessMemory
GetProcAddress
GetThreadContext
ExitThread
CreateMutexA
CreateThread
GetModuleHandleA
lstrcmpA
lstrcpyA
GetCurrentProcess
CloseHandle
GetComputerNameA
GetSystemDirectoryA
SetPriorityClass
SetThreadContext
TerminateProcess
ResumeThread
CreateProcessA
VirtualProtectEx
VirtualFree
Sleep
CreateFileA
GetTickCount
VirtualAlloc
wsprintfA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
setsockopt
htonl
socket
inet_addr
send
WSAStartup
gethostbyname
connect
sendto
gethostname
inet_ntoa
htons
closesocket
NtQuerySystemInformation
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:06:13 23:13:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
19968

LinkerVersion
7.1

FileAccessDate
2014:11:26 19:15:34+01:00

EntryPoint
0x34d0

InitializedDataSize
6656

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:11:26 19:15:34+01:00

UninitializedDataSize
0

File identification
MD5 906b7e1d89dc657e348506d6a2a14e9f
SHA1 ee2e14e2684b4c4be64b54a00b681f7f6ffced30
SHA256 a464ba227b41681917a52e625c8f0b7a91910aa47a54788668ee7586b77d79d7
ssdeep
384:Ymy52PZgQFB9GK04aJ7XU8v9Otwloy0Vm2Xj2XBPpl87x:ZypFK0407XU5MoE2Tq1p8

authentihash ac39285e36dd52391690cf95d6daa5fa644a35ee450d58151db7a0d4b2aab794
imphash ab8883ae9fe0c42e0c691958f137c7e2
File size 21.5 KB ( 22016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2010-10-02 13:32:55 UTC ( 7 years, 4 months ago )
Last submission 2014-11-26 18:15:34 UTC ( 3 years, 2 months ago )
File names _bot.exe
bot.ex
ee2e14e2684b4c4be64b54a00b681f7f6ffced30_bot.ex
aa
4hAL5.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!