× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a93c4b22a8a053c5bfe1d2c7c2c0f1e7fd8466215e8d25fbec1fa214a0d8a09d
File name: cd2f95710e081dcde6b2a4e1a7e5607b.vir
Detection ratio: 57 / 68
Analysis date: 2018-07-21 08:35:37 UTC ( 6 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware MemScan:Trojan.Spy.Zbot.FQL 20180721
AegisLab Troj.Spy.W32.Zbot!c 20180721
AhnLab-V3 Spyware/Win32.Generic.C858104 20180720
ALYac MemScan:Trojan.Spy.Zbot.FQL 20180721
Antiy-AVL Trojan[Spy]/Win32.Zbot 20180721
Arcabit Trojan.Spy.Zbot.FQL 20180721
Avast Sf:Crypt-BR [Trj] 20180721
AVG Sf:Crypt-BR [Trj] 20180721
Avira (no cloud) TR/Spy.Gen 20180721
AVware Trojan.Win32.Zbot.n (v) 20180721
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender MemScan:Trojan.Spy.Zbot.FQL 20180721
Bkav W32.eHeur.Malware11 20180719
CAT-QuickHeal Trojan.Generic.21003 20180720
ClamAV Win.Spyware.Zbot-1275 20180721
Comodo TrojWare.Win32.Zbot.NEWA 20180721
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.10e081 20180225
Cylance Unsafe 20180721
Cyren W32/Zbot.BR.gen!Eldorado 20180721
DrWeb Trojan.PWS.Panda.2401 20180721
Emsisoft MemScan:Trojan.Spy.Zbot.FQL (B) 20180721
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Spy.Zbot.AAQ 20180721
F-Prot W32/Zbot.BR.gen!Eldorado 20180721
Fortinet W32/Generic.AP.142DA!tr 20180721
GData MemScan:Trojan.Spy.Zbot.FQL 20180721
Ikarus Trojan-Spy.Banker.Citadel 20180721
Sophos ML heuristic 20180717
Jiangmin Trojan/Generic.bjscx 20180720
K7AntiVirus Spyware ( 0029a43a1 ) 20180721
K7GW Spyware ( 0029a43a1 ) 20180721
Kaspersky Trojan-Spy.Win32.Zbot.wuuc 20180721
MAX malware (ai score=100) 20180721
McAfee PWS-Zbot.gen.uo 20180721
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20180721
Microsoft PWS:Win32/Zbot 20180721
eScan MemScan:Trojan.Spy.Zbot.FQL 20180721
NANO-Antivirus Trojan.Win32.Panda.dykrlv 20180721
Palo Alto Networks (Known Signatures) generic.ml 20180721
Panda Trj/Genetic.gen 20180721
Qihoo-360 Win32/Trojan.097 20180721
Rising Stealer.Zbot!1.648A (CLOUD) 20180721
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Behav-010 20180721
SUPERAntiSpyware Trojan.Agent/Gen-MalPE 20180721
Symantec ML.Attribute.HighConfidence 20180720
TACHYON Trojan-Spy/W32.ZBot.270336.CW 20180721
Tencent Win32.Trojan-spy.Zbot.Szbr 20180721
TrendMicro Cryp_Xin1 20180721
TrendMicro-HouseCall Cryp_Xin1 20180721
VBA32 BScope.TrojanSpy.Zbot 20180720
VIPRE Trojan.Win32.Zbot.n (v) 20180721
ViRobot Trojan.Win32.Zbot.270336.D 20180721
Webroot W32.Infostealer.Zeus 20180721
Yandex TrojanSpy.Zbot!RhlXvvitwlM 20180720
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.wuuc 20180721
Alibaba 20180713
Avast-Mobile 20180720
Babable 20180406
CMC 20180721
eGambit 20180721
F-Secure 20180721
Kingsoft 20180721
Malwarebytes 20180721
TheHacker 20180720
TotalDefense 20180721
Trustlook 20180721
Zillya 20180720
Zoner 20180720
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-12 15:42:38
Entry Point 0x0003F4D4
Number of sections 3
PE sections
Overlays
MD5 5e59987598bcd4d7b0cc40e8c2d7c5af
File type data
Offset 269312
Size 1024
Entropy 7.79
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
RegQueryValueExA
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityInfo
SetSecurityDescriptorSacl
CheckTokenMembership
GetTokenInformation
CryptReleaseContext
RegQueryInfoKeyW
CreateProcessAsUserA
GetSecurityDescriptorDacl
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegEnumValueW
RegSetValueExW
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CryptUnprotectData
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
SetEvent
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
CreatePipe
GetCurrentProcess
GetDriveTypeW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
WaitForSingleObject
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
ResumeThread
CreateEventW
GetLogicalDriveStringsW
FindClose
QueryDosDeviceW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
CopyFileW
WriteProcessMemory
RemoveDirectoryW
ExitProcess
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
CreateThread
MoveFileExW
GetExitCodeThread
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
SetHandleInformation
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetProcAddress
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
GetExitCodeProcess
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
GetWindowsDirectoryW
GetFileSize
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
CreateFileMappingA
Thread32Next
DuplicateHandle
WaitForMultipleObjects
GetTempPathW
GetTimeZoneInformation
CreateFileW
CreateEventA
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
VirtualAllocEx
GlobalUnlock
lstrlenW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
lstrcpynW
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
StrStrIA
PathIsDirectoryW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
SHDeleteKeyW
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathIsURLW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetCursorPos
CharLowerA
LoadImageW
PeekMessageW
GetKeyboardState
CharToOemW
TranslateMessage
GetMessageW
CharUpperW
DrawIcon
GetIconInfo
MessageBoxA
CharLowerW
ToUnicode
MsgWaitForMultipleObjects
CharLowerBuffA
GetForegroundWindow
DispatchMessageW
ExitWindowsEx
GetDC
GetClipboardData
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetSetStatusCallbackW
HttpOpenRequestA
HttpEndRequestW
HttpSendRequestExW
InternetSetStatusCallbackA
HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestW
InternetReadFileExA
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetConnectA
InternetGetCookieA
InternetQueryOptionA
GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoA
InternetSetFilePointer
HttpSendRequestA
InternetSetOptionA
InternetCrackUrlW
InternetOpenA
HttpSendRequestW
InternetCrackUrlA
getaddrinfo
WSASocketA
WSAConnect
WSARecv
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
shutdown
WSAResetEvent
WSASetLastError
WSAGetLastError
closesocket
WSACloseEvent
inet_addr
send
WSASend
WSAWaitForMultipleEvents
select
getsockname
listen
WSAEventSelect
WSAGetOverlappedResult
gethostbyname
getpeername
WSACreateEvent
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
WSAEnumNetworkEvents
sendto
NtQueryKey
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoGetObject
CLSIDFromString
StringFromGUID2
CoSetProxyBlanket
File identification
MD5 cd2f95710e081dcde6b2a4e1a7e5607b
SHA1 2d78de10cb1acd76c546da3db27973ad0a465b87
SHA256 a93c4b22a8a053c5bfe1d2c7c2c0f1e7fd8466215e8d25fbec1fa214a0d8a09d
ssdeep
6144:5qXXiVtzuv86ZlbCrowOwnVfF4d5bt8HD27ZjQB2u/:0XXiVZuE6bpwOwnVNW5bt8j2I28

authentihash 7c3b2634729eae2dba2b63fed382dcae1cf277886b3c51b52157a84581b6044c
imphash 4a3e896b295785cf8d7280a6d79ca0e8
File size 264.0 KB ( 270336 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (38.8%)
DOS Executable Borland Pascal 7.0x (17.5%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Music Craft Score (8.6%)
Tags
mz overlay

VirusTotal metadata
First submission 2017-10-25 10:50:50 UTC ( 1 year, 3 months ago )
Last submission 2018-07-21 08:35:37 UTC ( 6 months, 4 weeks ago )
File names cd2f95710e081dcde6b2a4e1a7e5607b.vir
a93c4b22a8a053c5bfe1d2c7c2c0f1e7fd8466215e8d25fbec1fa214a0d8a09d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!