× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac68ebb42234adc396755fc719aab4d7d531d5e88f09fbd2e2b20f4bdb2c94fc
File name: 1ad6922777553e387c7baafd9ecb4e13
Detection ratio: 36 / 55
Analysis date: 2014-12-04 10:17:32 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.116338 20141204
AhnLab-V3 Trojan/Win32.FakeMS 20141203
ALYac Gen:Variant.Zusy.116338 20141204
Antiy-AVL Trojan/Win32.Inject 20141204
Avast Win32:Trojan-gen 20141204
AVG Inject2.BGGU 20141204
Avira (no cloud) TR/Spy.ZBot.418304 20141204
AVware Trojan.Win32.Generic!BT 20141204
Baidu-International Trojan.Win32.Zbot.aJmx 20141204
BitDefender Gen:Variant.Zusy.116338 20141204
Comodo UnclassifiedMalware 20141204
Cyren W32/Trojan.QVVL-3018 20141204
DrWeb Trojan.DownLoader9.43701 20141204
ESET-NOD32 a variant of Win32/Injector.BQME 20141204
F-Prot W32/Trojan5.LDC 20141204
F-Secure Gen:Variant.Zusy.116338 20141204
Fortinet W32/BPPH!tr 20141204
GData Gen:Variant.Zusy.116338 20141204
Ikarus Trojan-Spy.Zbot 20141204
K7AntiVirus Riskware ( 0040eff71 ) 20141203
K7GW Riskware ( 0040eff71 ) 20141204
Kaspersky Trojan-Spy.Win32.Zbot.uqft 20141204
Malwarebytes Trojan.Zbot 20141204
McAfee RDN/Spybot.bfr!o 20141204
McAfee-GW-Edition RDN/Spybot.bfr!o 20141204
Microsoft VirTool:Win32/CeeInject.gen!KK 20141204
eScan Gen:Variant.Zusy.116338 20141204
NANO-Antivirus Trojan.Win32.Zbot.djqfje 20141204
Norman Injector.HMAP 20141204
Panda Trj/CI.A 20141204
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20141204
Sophos Troj/Zbot-JHH 20141204
Symantec Trojan.Gen 20141204
Tencent Win32.Trojan.Inject.Auto 20141204
TrendMicro-HouseCall TROJ_GEN.R047H09KT14 20141204
VIPRE Trojan.Win32.Generic!BT 20141204
AegisLab 20141204
Yandex 20141203
Bkav 20141204
ByteHero 20141204
CAT-QuickHeal 20141204
ClamAV 20141204
CMC 20141204
Jiangmin 20141203
Kingsoft 20141204
nProtect 20141204
Rising 20141203
SUPERAntiSpyware 20141204
TheHacker 20141201
TotalDefense 20141203
TrendMicro 20141204
VBA32 20141204
ViRobot 20141204
Zillya 20141203
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1996

Product CDIBStatic
Original name CDIBStatic.EXE
Internal name CDIBStatic
File version 1, 0, 0, 1
Description CDIBStatic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-27 18:59:31
Entry Point 0x000201C2
Number of sections 6
PE sections
PE imports
GetDeviceCaps
SetDIBitsToDevice
CreatePalette
GetStockObject
SelectPalette
CreateSolidBrush
SetStretchBltMode
RealizePalette
Rectangle
StretchDIBits
GlobalSize
LocalFree
LocalLock
GetCurrentProcessId
OpenProcess
GlobalFree
GetModuleHandleW
GlobalLock
GetStartupInfoW
GlobalUnlock
LocalUnlock
GlobalAlloc
LocalAlloc
GlobalHandle
Ord(3820)
Ord(2406)
Ord(1863)
Ord(6113)
Ord(5573)
Ord(4621)
Ord(537)
Ord(4710)
Ord(5298)
Ord(1634)
Ord(354)
Ord(506)
Ord(2980)
Ord(4292)
Ord(6371)
Ord(2374)
Ord(1971)
Ord(2438)
Ord(2350)
Ord(5237)
Ord(665)
Ord(4629)
Ord(4073)
Ord(4602)
Ord(4240)
Ord(2362)
Ord(5006)
Ord(4381)
Ord(5736)
Ord(4422)
Ord(2430)
Ord(4523)
Ord(6372)
Ord(4582)
Ord(5727)
Ord(5010)
Ord(2093)
Ord(2579)
Ord(5236)
Ord(3711)
Ord(4148)
Ord(4616)
Ord(3744)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(3917)
Ord(517)
Ord(355)
Ord(5787)
Ord(4852)
Ord(3313)
Ord(1569)
Ord(4539)
Ord(3494)
Ord(3687)
Ord(4128)
Ord(815)
Ord(4744)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(5233)
Ord(861)
Ord(3449)
Ord(2388)
Ord(3716)
Ord(5256)
Ord(4947)
Ord(338)
Ord(5099)
Ord(4343)
Ord(567)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(1637)
Ord(6127)
Ord(5285)
Ord(4617)
Ord(4462)
Ord(3649)
Ord(2293)
Ord(5061)
Ord(1767)
Ord(6330)
Ord(1165)
Ord(4831)
Ord(4828)
Ord(2859)
Ord(825)
Ord(2644)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(2502)
Ord(6212)
Ord(5261)
Ord(2874)
Ord(786)
Ord(2556)
Ord(4883)
Ord(3706)
Ord(2858)
Ord(4335)
Ord(4692)
Ord(4886)
Ord(4431)
Ord(4211)
Ord(289)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(472)
Ord(2294)
Ord(401)
Ord(4215)
Ord(823)
Ord(2505)
Ord(4269)
Ord(4537)
Ord(1560)
Ord(1851)
Ord(6076)
Ord(5286)
Ord(795)
Ord(6166)
Ord(6048)
Ord(4369)
Ord(268)
Ord(4401)
Ord(1912)
Ord(800)
Ord(5157)
Ord(5468)
Ord(5250)
Ord(470)
Ord(2875)
Ord(6051)
Ord(4224)
Ord(5784)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(6107)
Ord(2047)
Ord(535)
Ord(3688)
Ord(4846)
Ord(6193)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4957)
Ord(1718)
Ord(6266)
Ord(2641)
Ord(283)
Ord(3864)
Ord(3053)
Ord(1850)
Ord(5095)
Ord(674)
Ord(293)
Ord(975)
Ord(5070)
Ord(4954)
Ord(6237)
Ord(5922)
Ord(4606)
Ord(1826)
Ord(4347)
Ord(1257)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(2453)
Ord(4688)
Ord(3346)
Ord(5783)
Ord(2504)
Ord(1662)
Ord(4461)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(6370)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(4435)
Ord(2640)
Ord(1089)
Ord(5180)
Ord(4421)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(2354)
Ord(3341)
Ord(540)
Ord(4257)
Ord(562)
Ord(1761)
Ord(976)
Ord(5273)
Ord(402)
Ord(2437)
Ord(5871)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(3724)
Ord(1658)
Ord(324)
Ord(5257)
Ord(2391)
Ord(5296)
Ord(4992)
Ord(790)
Ord(1768)
Ord(4704)
Ord(2385)
Ord(3793)
Ord(816)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(4298)
Ord(5096)
Ord(1720)
Ord(5985)
Ord(4075)
Ord(4147)
Ord(652)
Ord(5094)
Ord(3389)
Ord(4420)
Ord(3087)
Ord(4400)
Ord(2507)
Ord(353)
Ord(4364)
Ord(3733)
Ord(1172)
Ord(5303)
Ord(755)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(5280)
Ord(4601)
Ord(519)
Ord(561)
Ord(6263)
Ord(411)
Ord(4717)
Ord(1143)
Ord(3054)
Ord(3658)
Ord(2286)
Ord(3131)
Ord(2375)
Ord(4154)
Ord(5059)
Ord(3397)
Ord(2377)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(613)
Ord(4270)
Ord(5142)
Ord(5649)
Ord(5239)
Ord(784)
Ord(2634)
Ord(2576)
Ord(804)
Ord(2382)
Ord(4690)
Ord(3621)
Ord(783)
Ord(5098)
__p__fmode
rand
__wgetmainargs
??1type_info@@UAE@XZ
srand
__dllonexit
_stricmp
memset
strlen
_except_handler3
log
fabs
__p__commode
sqrt
_onexit
abs
exit
_XcptFilter
_ftol
__setusermatherr
log10
_controlfp
_wcmdln
__CxxFrameHandler
_CxxThrowException
atan
_adjust_fdiv
memcpy
_wfopen
_initterm
cos
sin
strcpy
time
_exit
__set_app_type
GetModuleFileNameExW
GetSubMenu
GetSystemMetrics
SetScrollPos
SetScrollRange
SendMessageW
GetWindowRect
InflateRect
FillRect
UpdateWindow
GetScrollPos
GetClientRect
GetFocus
EnableWindow
GetSysColor
ClientToScreen
LoadMenuW
InvalidateRect
Number of PE resources by type
RT_STRING 12
RT_DIALOG 11
RT_MENU 3
RAR 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 26
CHINESE SIMPLIFIED 2
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
274432

ImageVersion
0.0

ProductName
CDIBStatic

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Turkish

FileFlagsMask
0x003f

CharacterSet
Windows, Turkish

LinkerVersion
6.0

OriginalFilename
CDIBStatic.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2014:11:27 19:59:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CDIBStatic

FileAccessDate
2014:12:04 11:17:45+01:00

ProductVersion
1, 0, 0, 1

FileDescription
CDIBStatic

OSVersion
4.0

FileCreateDate
2014:12:04 11:17:45+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 1996

MachineType
Intel 386 or later, and compatibles

CodeSize
139264

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x201c2

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1ad6922777553e387c7baafd9ecb4e13
SHA1 f5b1d0a4ca849f8db8b578b6848d72617a41d6a5
SHA256 ac68ebb42234adc396755fc719aab4d7d531d5e88f09fbd2e2b20f4bdb2c94fc
ssdeep
12288:1aXY+7P/dLWXrWSXWlL7hjqz0ARwqbPbwWtWyz8NeCjfSuh0Gqi:tiIL8WtWyXCjfSA0GB

authentihash 9f7bdda1c7824ac7b206c2e938b774898c880c2e8298f2c6ebd5d75b6c552cac
imphash 2f97658708abf3ea9cc64a1dd731345b
File size 408.5 KB ( 418304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (78.5%)
Win32 Executable (generic) (11.3%)
Generic Win/DOS Executable (5.0%)
DOS Executable Generic (5.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-29 18:00:53 UTC ( 2 years, 4 months ago )
Last submission 2014-12-04 10:17:32 UTC ( 2 years, 3 months ago )
File names CDIBStatic
c-0f6c1-625-1417305602
GBTaxReturn.exe
ac68ebb42234adc396755fc719aab4d7d531d5e88f09fbd2e2b20f4bdb2c94fc.exe
1ad6922777553e387c7baafd9ecb4e13
CDIBStatic.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.