× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae793e5709a07f6c37e815b8b0e5cc363b9ded4fa355bd2757700e58c553890b
File name: 01b106198e544edb7de617f48105dd32
Detection ratio: 27 / 57
Analysis date: 2015-09-17 15:16:31 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.56369 20150917
ALYac Gen:Variant.Symmi.56369 20150917
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150917
Arcabit Trojan.Symmi.DDC31 20150917
Avast Win32:Malware-gen 20150917
AVG Zbot.AHCE 20150917
Avira (no cloud) TR/Spy.ZBot.225280.4 20150917
AVware Trojan.Win32.Generic!BT 20150917
BitDefender Gen:Variant.Symmi.56369 20150917
Bkav HW32.Packed.E322 20150917
CAT-QuickHeal Ransom.TesCrypt.MUE.A4 20150916
DrWeb Trojan.PWS.Panda.8087 20150917
Emsisoft Gen:Variant.Symmi.56369 (B) 20150917
ESET-NOD32 Win32/Spy.Zbot.ACB 20150917
F-Secure Gen:Variant.Symmi.56369 20150917
Fortinet W32/Zbot.ACB!tr.spy 20150917
GData Gen:Variant.Symmi.56369 20150917
Kaspersky Trojan-Spy.Win32.Zbot.vzdd 20150917
Microsoft Trojan:Win32/Dynamer!ac 20150917
eScan Gen:Variant.Symmi.56369 20150917
NANO-Antivirus Trojan.Win32.Zbot.dwwfxu 20150917
Panda Trj/Genetic.gen 20150917
Sophos AV Mal/Generic-S 20150917
Tencent Win32.Trojan.Symmi.Eof 20150917
TrendMicro TROJ_FORUCON.BMC 20150917
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150917
VIPRE Trojan.Win32.Generic!BT 20150917
AegisLab 20150917
Yandex 20150916
AhnLab-V3 20150917
Alibaba 20150917
Baidu-International 20150917
ByteHero 20150917
ClamAV 20150917
CMC 20150916
Comodo 20150917
Cyren 20150917
F-Prot 20150917
Ikarus 20150917
Jiangmin 20150916
K7AntiVirus 20150917
K7GW 20150917
Kingsoft 20150917
Malwarebytes 20150917
McAfee 20150917
McAfee-GW-Edition 20150916
nProtect 20150917
Qihoo-360 20150917
Rising 20150916
SUPERAntiSpyware 20150917
Symantec 20150916
TheHacker 20150916
TotalDefense 20150917
VBA32 20150916
ViRobot 20150917
Zillya 20150916
Zoner 20150917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-03-04 13:06:20
Entry Point 0x0002CFEC
Number of sections 4
PE sections
PE imports
CreatePrivateObjectSecurity
GetLastError
DosDateTimeToFileTime
FindFirstChangeNotificationA
GetNumberOfConsoleInputEvents
GetThreadLocale
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
GetShortPathNameA
FreeEnvironmentStringsA
DisconnectNamedPipe
GetStartupInfoA
FlushConsoleInputBuffer
GetEnvironmentStrings
GetCurrentDirectoryW
GetConsoleMode
FindClose
GetModuleHandleW
GetCurrentDirectoryA
EnumSystemLocalesW
HeapSize
GetLogicalDrives
GlobalLock
GetPrivateProfileIntW
FlushInstructionCache
EnumResourceLanguagesW
CompareStringW
FindResourceExA
GetFileAttributesExW
GetModuleHandleA
GetAtomNameA
EnumResourceNamesA
CloseHandle
FindNextFileA
ClearCommError
GetACP
HeapReAlloc
GetWindowsDirectoryA
EscapeCommFunction
GetPrivateProfileSectionW
GetDiskFreeSpaceExA
ConnectNamedPipe
FreeLibraryAndExitThread
GetEnvironmentVariableA
GetThreadContext
FindAtomA
GetEnvironmentVariableW
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
BlockInput
VerLanguageNameW
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 4
RT_VERSION 1
RT_FONT 1
RT_FONTDIR 1
Number of PE resources by language
BASQUE DEFAULT 6
ENGLISH EIRE 6
SPANISH VENEZUELA 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.68.126.163

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1056768

EntryPoint
0x2cfec

OriginalFileName
Swims.exe

MIMEType
application/octet-stream

LegalCopyright
Squinted 2010

FileVersion
0,85,119,216

TimeStamp
2008:03:04 14:06:20+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Thresholds

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GentleSecurity S.a.r.l.

CodeSize
184320

ProductName
Thrombosis Vascular

ProductVersionNumber
0.191.106.132

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 01b106198e544edb7de617f48105dd32
SHA1 04728b229e471a6cf6b14943b0f0be27d40a7e63
SHA256 ae793e5709a07f6c37e815b8b0e5cc363b9ded4fa355bd2757700e58c553890b
ssdeep
6144:DCU4Gyfd5qKe8glSdWM0qk2FcEpbVprb61pvn:DCU4lde8gOWpqf9VBkp

authentihash c2780ab33b94e91747024f7b9c394f967195df7647d927bd01a6bd0fa3891ec3
imphash bc288a27205273a94e3bbe6c251b2722
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-17 15:16:31 UTC ( 3 years, 6 months ago )
Last submission 2015-09-17 15:16:31 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened service managers
Runtime DLLs