× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac81dc130e331d6e0f09e58b520981776aebfaf8e3dab68e96d4e2252b0a6f7c
File name: ac81dc130e331d6e0f09e58b520981776aebfaf8e3dab68e96d4e2252b0a6f7c.vir
Detection ratio: 47 / 54
Analysis date: 2016-01-23 11:39:41 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7991423 20160123
AegisLab Troj.W32.Inject.ekhi!c 20160122
Yandex Trojan.Tepfer!Euc6UUJ4sFI 20160123
AhnLab-V3 Spyware/Win32.Zbot 20160123
ALYac Trojan.Generic.7991423 20160123
Antiy-AVL Trojan/Win32.Inject 20160123
Arcabit Trojan.Generic.D79F07F 20160123
Avast Win32:MalOb-KU [Cryp] 20160123
AVG Win32/Cryptor 20160123
Baidu-International Trojan.Win32.Agent.NTM 20160123
BitDefender Trojan.Generic.7991423 20160123
CMC Trojan.Win32.Jorik.Tepfer!O 20160111
Comodo TrojWare.Win32.Injector.UAE 20160123
Cyren W32/Zbot.GH.gen!Eldorado 20160123
DrWeb Trojan.Winlock.3333 20160123
Emsisoft Trojan.Generic.7991423 (B) 20160123
ESET-NOD32 Win32/PSW.Agent.NTM 20160123
F-Prot W32/Zbot.GH.gen!Eldorado 20160123
F-Secure Trojan.Generic.7991423 20160123
Fortinet W32/Kryptik.AJHU!tr 20160123
GData Trojan.Generic.7991423 20160123
Ikarus P2P-Worm.Win32.Palevo 20160123
Jiangmin Trojan/Buzus.bhlj 20160123
K7AntiVirus Trojan ( 003eb2601 ) 20160123
K7GW Trojan ( 003eb2601 ) 20160123
Kaspersky HEUR:Trojan.Win32.Generic 20160123
Malwarebytes Spyware.Zbot.FH 20160123
McAfee PWS-Zbot.gen.alg 20160123
McAfee-GW-Edition BehavesLike.Win32.ZBot.fz 20160123
Microsoft Trojan:Win32/Dorv.B!rfn 20160123
eScan Trojan.Generic.7991423 20160123
NANO-Antivirus Trojan.Win32.Inject.vrkvh 20160123
nProtect Trojan.Generic.7991423 20160122
Panda Trj/Genetic.gen 20160123
Qihoo-360 HEUR/Malware.QVM01.Gen 20160123
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160122
Sophos Troj/Agent-XJX 20160123
Symantec Infostealer 20160122
Tencent Win32.Trojan.Inject.bddf 20160123
TheHacker Trojan/Jorik.Tepfer.xj 20160119
TotalDefense Win32/CInject.N!generic 20160123
TrendMicro TSPY_ZBOT.BD 20160123
TrendMicro-HouseCall TSPY_ZBOT.BD 20160123
VBA32 suspected of Malware-Cryptor.General.5 20160123
VIPRE Trojan.Win32.Zbot.afu (v) 20160123
ViRobot Trojan.Win32.A.Inject.348672.G[h] 20160123
Zillya Trojan.Jorik.Win32.117384 20160122
Alibaba 20160122
Bkav 20160122
ByteHero 20160123
CAT-QuickHeal 20160123
ClamAV 20160123
SUPERAntiSpyware 20160123
Zoner 20160123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-05 21:09:29
Entry Point 0x00001240
Number of sections 5
PE sections
PE imports
GetAtomNameA
AddAtomA
SetUnhandledExceptionFilter
FindAtomA
GetStartupInfoA
ExitProcess
GetCommandLineA
GetModuleHandleA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
_cexit
__p__fmode
malloc
__p__environ
signal
memset
free
_onexit
atexit
abort
_setmode
__getmainargs
fprintf
fflush
_iob
strcmp
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:08:05 22:09:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
2.56

EntryPoint
0x1240

InitializedDataSize
347136

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 4ce73d6a52bfa3f56c67942f8ebf2c69
SHA1 6ce4f9bbf786f69a51d7f54e2cc190e438eb1c24
SHA256 ac81dc130e331d6e0f09e58b520981776aebfaf8e3dab68e96d4e2252b0a6f7c
ssdeep
1536:Qy23ZX+7rtoub3aBsUV+xhhD2a4ToJsQ0fd3AonLa:Qy2Ngr3Ev+tya99

authentihash 45f01c378b94a18b27ac46a65bf0da05d91eda04e3b6ff75c4c19ddd422dd209
imphash 15e8f850c72460ba326f86a870daa687
File size 340.5 KB ( 348672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-06 10:39:11 UTC ( 4 years, 7 months ago )
Last submission 2016-01-23 11:39:41 UTC ( 1 year, 2 months ago )
File names 4ce73d6a52bfa3f56c67942f8eb
4ce73d6a52bfa3f56c67942f8ebf2c69
28238d8.exe
4ce73d6a52bfa3f56c67942f8ebf2c69.exe
file
mor.exe
ac81dc130e331d6e0f09e58b520981776aebfaf8e3dab68e96d4e2252b0a6f7c.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs