× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aabd29358f7229614548ff89adf820e28303519afac7d4bf786c48e8d97de7f8
File name: aabd29358f7229614548ff89adf820e28303519afac7d4bf786c48e8d97de7f8.vir
Detection ratio: 48 / 54
Analysis date: 2016-01-01 09:52:04 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.32859 20151224
Yandex TrojanSpy.Zbot!eods1DC/PZQ 20151231
AhnLab-V3 Trojan/Win32.OnlineGameHack 20151231
Antiy-AVL Trojan/Win32.Inject 20160101
Arcabit Trojan.Symmi.D805B 20160101
Avast Win32:Malware-gen 20160101
AVG Zbot.CVC 20160101
Avira (no cloud) TR/Spy.ZBot.4496925 20151231
AVware Trojan.Win32.Generic!BT 20160101
Baidu-International Trojan.Win32.Zbot.qljb 20160101
BitDefender Gen:Variant.Symmi.32859 20160101
Bkav W32.DocyniLTI.Trojan 20151231
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160101
ClamAV Win.Trojan.Zbot-40398 20160101
CMC Trojan-Spy.Win32.Zbot!O 20151231
Comodo TrojWare.Win32.Injector.AOXL 20151231
Cyren W32/Trojan.ZRVE-0632 20160101
DrWeb Trojan.DownLoader9.22851 20160101
Emsisoft Gen:Variant.Symmi.32859 (B) 20160101
ESET-NOD32 Win32/Spy.Zbot.AAO 20151231
F-Prot W32/Trojan2.NXIY 20160101
F-Secure Gen:Variant.Symmi.32859 20160101
Fortinet W32/SpyZbot.PVJV!tr 20160101
GData Gen:Variant.Symmi.32859 20160101
Ikarus Trojan-Spy.Zbot 20151231
Jiangmin Trojan/Inject.apkp 20160101
K7AntiVirus Trojan ( 0048cafb1 ) 20160101
K7GW Trojan ( 0048cafb1 ) 20160101
Kaspersky Trojan-Spy.Win32.Zbot.qljb 20160101
Malwarebytes Trojan.Zbot 20160101
McAfee PWSZbot-FHW!8F0CB02CF968 20160101
McAfee-GW-Edition BehavesLike.Win32.Downloader.fh 20160101
Microsoft VirTool:Win32/CeeInject.gen!KK 20160101
eScan Gen:Variant.Symmi.32859 20160101
NANO-Antivirus Trojan.Win32.Zbot.cqkgxh 20160101
Panda Trj/CI.A 20151231
Rising PE:Malware.Obscure!1.9C59 [F] 20160101
Sophos Troj/Zbot-GPB 20160101
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20160101
Symantec Trojan.Zbot!gen63 20151231
Tencent Win32.Trojan-spy.Zbot.Ebhc 20160101
TotalDefense Win32/CInject.WH 20160101
TrendMicro TROJ_MALKRYPT.SM 20160101
TrendMicro-HouseCall TROJ_MALKRYPT.SM 20160101
VBA32 Malware-Cryptor.FCM.2123 20151231
VIPRE Trojan.Win32.Generic!BT 20160101
Zillya Trojan.ZBot.Win32.879 20151231
Zoner Trojan.Fynloski.AA 20160101
AegisLab 20160101
Alibaba 20151208
ByteHero 20160101
nProtect 20151231
TheHacker 20151231
ViRobot 20160101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-18 14:29:39
Entry Point 0x0000431E
Number of sections 4
PE sections
Overlays
MD5 59a83b3cf97407c9d97de0467f0d5a2f
File type data
Offset 208896
Size 167637
Entropy 7.99
PE imports
RegQueryValueExW
GetTextExtentPoint32A
GetCharWidth32A
GetCharABCWidthsFloatW
CreateCompatibleBitmap
GetCharacterPlacementW
GetStartupInfoA
GetTimeZoneInformation
SetCurrentDirectoryW
HeapCreate
VirtualProtect
GetCurrentDirectoryA
WriteFile
Sleep
CreateFileA
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(4524)
Ord(459)
Ord(4533)
Ord(4950)
Ord(4589)
Ord(6052)
Ord(1894)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(1979)
Ord(1725)
Ord(4494)
Ord(5501)
Ord(2723)
Ord(641)
Ord(2514)
Ord(2058)
Ord(5199)
Ord(5244)
Ord(3060)
Ord(4546)
Ord(3407)
Ord(1168)
Ord(617)
Ord(4646)
Ord(6831)
Ord(4234)
Ord(4154)
Ord(5000)
Ord(5076)
Ord(747)
Ord(3417)
Ord(5252)
Ord(5106)
Ord(6376)
Ord(335)
Ord(4626)
Ord(5475)
Ord(4825)
Ord(5956)
Ord(5472)
Ord(268)
Ord(4436)
Ord(5654)
Ord(470)
Ord(5752)
Ord(4416)
Ord(6009)
Ord(4855)
Ord(4957)
Ord(4446)
Ord(3748)
Ord(6117)
Ord(4159)
Ord(6651)
Ord(4529)
Ord(2976)
Ord(4937)
Ord(2558)
Ord(3514)
Ord(4927)
Ord(4510)
Ord(4520)
Ord(2445)
Ord(4692)
Ord(2510)
Ord(1776)
Ord(1781)
Ord(4491)
Ord(2391)
Ord(4460)
Ord(3830)
Ord(2385)
Ord(3353)
Ord(5255)
Ord(2055)
Ord(5241)
Ord(5012)
Ord(4246)
Ord(2793)
Ord(561)
Ord(6523)
Ord(4563)
Ord(4345)
Ord(5102)
Ord(4645)
Ord(4610)
Ord(364)
Ord(4241)
Ord(296)
Ord(5075)
Ord(6872)
Ord(4432)
Ord(5302)
Ord(2382)
Ord(2104)
Ord(354)
Ord(3250)
Ord(6375)
Ord(3259)
Ord(2563)
Ord(1133)
Ord(2635)
Ord(5105)
Ord(3281)
Ord(5824)
Ord(4717)
Ord(436)
Ord(2652)
Ord(815)
Ord(5627)
Ord(5277)
Ord(4425)
Ord(3454)
Ord(5037)
Ord(4932)
Ord(3738)
Ord(4517)
Ord(5500)
Ord(5127)
Ord(825)
Ord(3081)
Ord(4697)
Ord(5090)
Ord(2542)
Ord(2858)
Ord(2036)
Ord(4998)
Ord(4245)
Ord(1265)
Ord(2394)
Ord(4467)
Ord(5101)
Ord(2124)
Ord(5283)
Ord(4892)
Ord(2879)
Ord(1669)
Ord(3262)
Ord(6081)
Ord(736)
Ord(4437)
Ord(4407)
Ord(2101)
Ord(986)
Ord(3922)
Ord(2649)
Ord(5108)
Ord(6329)
Ord(4337)
Ord(6055)
Ord(4995)
Ord(1205)
Ord(402)
Ord(4956)
Ord(2014)
Ord(3147)
Ord(5020)
Ord(4861)
Ord(450)
Ord(3172)
Ord(4492)
Ord(2390)
Ord(411)
Ord(4543)
Ord(2548)
Ord(4962)
Ord(4698)
Ord(5254)
Ord(976)
Ord(4153)
Ord(3066)
Ord(5731)
Ord(3318)
Ord(3597)
Ord(2175)
Ord(3136)
Ord(665)
Ord(3350)
Ord(5006)
Ord(755)
Ord(4303)
Ord(5301)
Ord(2383)
Ord(4470)
Ord(4686)
Ord(738)
Ord(5128)
Ord(3254)
Ord(1992)
Ord(3449)
Ord(3261)
Ord(6698)
Ord(4441)
Ord(5104)
Ord(5284)
Ord(6175)
Ord(4724)
Ord(4853)
Ord(2127)
Ord(4526)
Ord(4531)
Ord(5656)
Ord(4424)
Ord(5260)
Ord(6194)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(1859)
Ord(2371)
Ord(4480)
Ord(401)
Ord(1727)
Ord(823)
Ord(5186)
Ord(6704)
Ord(5503)
Ord(2725)
Ord(5981)
Ord(4554)
Ord(3787)
Ord(2512)
Ord(4274)
Ord(4990)
Ord(6395)
Ord(2402)
Ord(6352)
Ord(6336)
Ord(1747)
Ord(2171)
Ord(4640)
Ord(975)
Ord(1576)
Ord(6344)
Ord(5002)
Ord(4590)
Ord(6374)
Ord(5280)
Ord(4612)
Ord(4653)
Ord(2991)
Ord(3198)
Ord(2985)
Ord(3187)
Ord(4469)
Ord(5742)
Ord(4376)
Ord(1694)
Ord(6849)
Ord(2878)
Ord(4623)
Ord(324)
Ord(4720)
Ord(3079)
Ord(4837)
Ord(2648)
Ord(5289)
Ord(4428)
Ord(5021)
Ord(4994)
Ord(5019)
Ord(4958)
Ord(1841)
Ord(3869)
Ord(1882)
Ord(6054)
Ord(4588)
Ord(5163)
Ord(2437)
Ord(5265)
Ord(4945)
Ord(4254)
Ord(5122)
Ord(1003)
Ord(5017)
Ord(4690)
Ord(5826)
Ord(4483)
Ord(4860)
Ord(4493)
Ord(5677)
Ord(4669)
Ord(4963)
Ord(4501)
Ord(5237)
Ord(5455)
Ord(5577)
Ord(4512)
Ord(5092)
Ord(4423)
Ord(3798)
Ord(971)
Ord(4508)
Ord(4152)
Ord(3442)
Ord(5495)
Ord(5652)
Ord(6215)
Ord(4912)
Ord(4647)
Ord(4657)
Ord(4155)
Ord(4605)
Ord(3351)
Ord(4353)
Ord(4382)
Ord(456)
Ord(6137)
Ord(4465)
Ord(4430)
Ord(5300)
Ord(1823)
Ord(5285)
Ord(5914)
Ord(4627)
Ord(6571)
Ord(5460)
Ord(650)
Ord(3256)
Ord(4628)
Ord(5307)
Ord(6600)
Ord(2091)
Ord(5031)
Ord(5025)
Ord(4537)
Ord(2379)
Ord(3749)
Ord(1199)
Ord(4899)
Ord(4427)
Ord(4038)
Ord(5261)
Ord(4250)
Ord(4079)
Ord(1858)
Ord(441)
Ord(336)
Ord(4077)
Ord(1567)
Ord(674)
Ord(2880)
Ord(4037)
Ord(5065)
Ord(784)
Ord(5022)
Ord(3346)
Ord(439)
Ord(4490)
Ord(2396)
Ord(3831)
Ord(4545)
Ord(4960)
Ord(3825)
Ord(4916)
Ord(1089)
Ord(3298)
Ord(5240)
Ord(4980)
Ord(5003)
Ord(1729)
Ord(4347)
Ord(4993)
Ord(2982)
Ord(5103)
Ord(4388)
Ord(5281)
Ord(748)
Ord(733)
Ord(4387)
Ord(4340)
Ord(6824)
Ord(743)
Ord(5100)
Ord(4468)
Ord(5714)
Ord(2955)
Ord(3403)
Ord(4622)
Ord(2440)
Ord(4486)
Ord(4826)
Ord(4370)
Ord(6481)
Ord(4889)
Ord(3280)
_except_handler3
__p__fmode
malloc
_XcptFilter
_acmdln
__CxxFrameHandler
??1type_info@@UAE@XZ
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_exit
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
GetCursorPos
SetFocus
UpdateWindow
EnableWindow
IsZoomed
GetClientRect
SystemParametersInfoW
DialogBoxParamA
GetClipboardData
Number of PE resources by type
RT_STRING 14
RT_ICON 8
RT_ACCELERATOR 4
RT_DIALOG 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 20
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:18 15:29:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x431e

InitializedDataSize
188416

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8f0cb02cf9680ffd5942d5298b54ee26
SHA1 855ac17d82767fd38d676752d332d35408e37e6f
SHA256 aabd29358f7229614548ff89adf820e28303519afac7d4bf786c48e8d97de7f8
ssdeep
6144:Sh16BVey6o1aagUNXuRxdk6VtG23/JqljHAa5R1MRnf7m:Caey6o1aagUNXuRgYtLRQHAa5gRnC

authentihash 49d33e09097305ceea96478c231564a565330e9d0df72d5d3ec7ad3120341269
imphash ad1a9a0858faafae9cabd4d15e4df32e
File size 367.7 KB ( 376533 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-10-21 02:47:23 UTC ( 3 years, 7 months ago )
Last submission 2016-01-01 09:52:04 UTC ( 1 year, 4 months ago )
File names c-e297d-405-1382385303
aabd29358f7229614548ff89adf820e28303519afac7d4bf786c48e8d97de7f8.vir
c-e297d-405-1382385303
aabd29358f7229614548ff89adf820e28303519afac7d4bf786c48e8d97de7f8
file-6109962_scr
PAYMENT DETAILS.scr
DRAWING.scr
855ac17d82767fd38d676752d332d35408e37e6f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!