× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a482c52ad6069e05f9949c3e26eba9c1215078447d37119c500d922436736b69
File name: 4ec8100e7f7f9e4ca52e1926c75694c71a999a62
Detection ratio: 32 / 56
Analysis date: 2015-02-26 09:20:41 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.416325 20150226
AhnLab-V3 Trojan/Win32.Zbot 20150225
ALYac Gen:Variant.Kazy.416325 20150226
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150226
Avast Win32:Malware-gen 20150226
AVG Crypt3.AFCB 20150226
Avira (no cloud) TR/Kryptik.opmb 20150226
AVware Trojan.Win32.Generic!BT 20150226
BitDefender Gen:Variant.Kazy.416325 20150226
DrWeb Trojan.Inject1.43610 20150226
Emsisoft Gen:Variant.Kazy.416325 (B) 20150226
ESET-NOD32 Win32/Spy.Zbot.ABX 20150226
F-Secure Gen:Variant.Kazy.416325 20150226
Fortinet W32/Kryptik.CAHR!tr 20150226
GData Gen:Variant.Kazy.416325 20150226
Ikarus Trojan-Spy.Win32.Zbot 20150226
K7AntiVirus Trojan ( 004992dd1 ) 20150226
K7GW Trojan ( 004992dd1 ) 20150226
Kaspersky HEUR:Trojan.Win32.Generic 20150226
Malwarebytes Trojan.Zbot 20150226
McAfee PWSZbot-FABK!77AB60D644A8 20150226
McAfee-GW-Edition PWSZbot-FABK!77AB60D644A8 20150226
Microsoft PWS:Win32/Zbot 20150226
eScan Gen:Variant.Kazy.416325 20150226
NANO-Antivirus Trojan.Win32.Zbot.dcivyt 20150226
Panda Trj/CI.A 20150225
Sophos AV Mal/Generic-S 20150226
TrendMicro TSPY_ZBOT.SMXZ3 20150226
TrendMicro-HouseCall TSPY_ZBOT.SMXZ3 20150226
VBA32 TrojanSpy.Zbot 20150225
VIPRE Trojan.Win32.Generic!BT 20150226
Zillya Trojan.Zbot.Win32.162391 20150226
AegisLab 20150226
Yandex 20150225
Alibaba 20150225
Baidu-International 20150226
Bkav 20150225
ByteHero 20150226
CAT-QuickHeal 20150226
ClamAV 20150226
CMC 20150226
Comodo 20150226
Cyren 20150226
F-Prot 20150226
Kingsoft 20150226
Norman 20150226
nProtect 20150226
Qihoo-360 20150226
Rising 20150225
SUPERAntiSpyware 20150226
Symantec 20150226
Tencent 20150226
TheHacker 20150225
TotalDefense 20150226
ViRobot 20150226
Zoner 20150223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-09 22:47:30
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
GdiGetDC
AddFontResourceA
ScaleViewportExtEx
GdiGetPageCount
PaintRgn
PatBlt
CopyEnhMetaFileW
GetICMProfileA
GetWorldTransform
SetPolyFillMode
ResizePalette
FrameRgn
AnimatePalette
SetBkColor
CreateRectRgnIndirect
GetDCOrgEx
GetCharWidth32A
GetFontAssocStatus
CreateFontW
CreateMetaFileW
CallNamedPipeW
Toolhelp32ReadProcessMemory
OpenProcess
GetSystemInfo
GetDriveTypeA
IsBadWritePtr
FillConsoleOutputCharacterW
lstrcmpiW
CreatePipe
GetCurrentProcessId
Process32First
ClearCommBreak
SetErrorMode
GetDateFormatW
SetCommMask
MultiByteToWideChar
GetBinaryTypeA
ReadProcessMemory
WritePrivateProfileSectionA
GetCommandLineA
GetProcAddress
AssignProcessToJobObject
LocalFlags
GetQueuedCompletionStatus
SetNamedPipeHandleState
lstrcpyA
GetCommConfig
SetHandleInformation
SetThreadExecutionState
GetProcessAffinityMask
FindCloseChangeNotification
GetProcessShutdownParameters
GetEnvironmentVariableA
GetStringTypeExW
AllocConsole
GetProfileIntA
ReadFileEx
PrepareTape
GetSystemMetrics
GetDlgCtrlID
GetClipboardFormatNameA
ChangeMenuA
LoadCursorA
mouse_event
HideCaret
GetForegroundWindow
GetClientRect
PostQuitMessage
GetShellWindow
GetWindow
SetMenuItemInfoW
RemoveMenu
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:03:09 23:47:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
376832

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
74761

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 77ab60d644a8c3713de6b137397e20b1
SHA1 4ec8100e7f7f9e4ca52e1926c75694c71a999a62
SHA256 a482c52ad6069e05f9949c3e26eba9c1215078447d37119c500d922436736b69
ssdeep
3072:dKIIY9Jq3iO2dSIGi2sDylKnmH84l4ELmNHf0j8tSQB1NfDp1:dKIICmrvQJXmc46UmNsj8t

authentihash 15a007cd64795174d58eeb82eef18640e7d792416df2141970cd5dacad473d90
imphash 233efd52e5eaca6193d1842c7f6cc9a2
File size 490.0 KB ( 501760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-26 09:20:41 UTC ( 4 years ago )
Last submission 2015-03-11 07:26:30 UTC ( 4 years ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.