× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af20f837cbe32b2979d36306f61e9e7ca5b72ddc1553016e38dab255db1d7894
File name: 9c8071c8d2a43c1cff51a8d3eaa246b3
Detection ratio: 40 / 46
Analysis date: 2013-01-16 10:19:24 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Yandex TrojanSpy.Zbot!p30pHj5sxhw 20130116
AhnLab-V3 Spyware/Win32.Zbot 20130116
AntiVir TR/Dldr.Andromeda.D 20130116
Avast Win32:MalOb-KV [Trj] 20130116
AVG Zbot.RE 20130116
BitDefender Gen:Variant.TDss.79 20130116
CAT-QuickHeal TrojanSpy.Zbot.ghqt 20130116
Commtouch W32/Zbot.GQ.gen!Eldorado 20130116
Comodo TrojWare.Win32.Kryptik.SES 20130116
DrWeb Trojan.Inject1.13364 20130116
eSafe Win32.Trojan 20130116
ESET-NOD32 Win32/Spy.Zbot.AAN 20130116
F-Prot W32/Zbot.GQ.gen!Eldorado 20130116
F-Secure Gen:Variant.Symmi.4187 20130116
Fortinet W32/Kryptik.WDV!tr 20130116
GData Gen:Variant.TDss.79 20130116
Ikarus Trojan.Signed 20130116
Jiangmin TrojanSpy.Zbot.cppa 20121221
K7AntiVirus Riskware 20130115
Kaspersky Trojan-Spy.Win32.Zbot.ghqt 20130116
Malwarebytes Spyware.Zbot 20130116
McAfee PWS-Zbot.gen.aln 20130116
McAfee-GW-Edition PWS-Zbot.gen.aln 20130116
Microsoft PWS:Win32/Zbot 20130116
eScan Gen:Variant.TDss.79 20130116
NANO-Antivirus Trojan.Win32.Zbot.bbklbq 20130116
Norman W32/Kryptik.AI 20130116
nProtect Trojan/W32.Agent.347408 20130116
Panda Trj/Genetic.gen 20130115
PCTools Trojan.ADH 20130116
Rising Malware.Symmi!49C6 20130116
Sophos Troj/Zbot-CYL 20130116
SUPERAntiSpyware Trojan.Agent/Gen-MultiD 20130116
Symantec Trojan.ADH.2 20130116
TheHacker Trojan/Spy.Zbot.ghud 20130115
TrendMicro TROJ_GEN.RCBCCKQ 20130116
TrendMicro-HouseCall TROJ_GEN.RCBCCKQ 20130116
VBA32 BScope.TrojanPSW.Zbot.2716 20130116
VIPRE Trojan.Win32.Reveto.Ac (v) 20130116
ViRobot Trojan.Win32.A.Zbot.347408.S 20130116
Antiy-AVL 20130116
ByteHero 20130111
ClamAV 20130116
Emsisoft 20130116
Kingsoft 20130115
TotalDefense 20130116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-07 22:30:12
Entry Point 0x00051E80
Number of sections 7
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
CreateToolbarEx
CreateStatusWindowW
ChooseFontW
ChooseColorW
GetSystemPaletteEntries
GetMapMode
PatBlt
GetSystemPaletteUse
GetTextExtentPointA
StretchBlt
GetLastError
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReleaseMutex
GetSystemInfo
lstrlenA
lstrcmpiA
WaitForSingleObject
SetEvent
CopyFileA
GetTickCount
SetFileTime
GetVersionExA
ConvertDefaultLocale
FlushFileBuffers
RemoveDirectoryA
GetCurrentProcess
LoadLibraryExA
CreateEventA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
CreateMutexA
GetModuleHandleA
GetTempPathA
CreateThread
SetFilePointer
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
SetFileAttributesA
FreeLibrary
TerminateProcess
WriteFile
CreateFileW
SetCurrentDirectoryA
LocalFileTimeToFileTime
FindClose
Sleep
SetEndOfFile
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ShellAboutW
SetFocus
DdeAbandonTransaction
GetClipboardData
DdeConnect
UpdateWindow
DdeCmpStringHandles
BeginPaint
DefWindowProcW
FindWindowW
KillTimer
GetMessageW
PostQuitMessage
ShowWindow
MessageBeep
FlashWindow
SetWindowPos
MoveWindow
DdeCreateDataHandle
GetSystemMetrics
IsIconic
MessageBoxW
DdeUninitialize
DdeGetData
DestroyWindow
EndPaint
SetWindowPlacement
DdeAddData
CharUpperW
DialogBoxParamW
DdeKeepStringHandle
DrawIcon
DdePostAdvise
GetSystemMenu
DdeCreateStringHandleW
TranslateMessage
PostMessageW
GetSysColor
SendMessageW
RegisterClipboardFormatW
DispatchMessageW
GetWindowLongW
ReleaseDC
CheckMenuItem
GetMenu
EndDialog
RegisterClassW
SendDlgItemMessageW
DdeDisconnect
WinHelpW
GetWindowPlacement
LoadStringW
GetClientRect
DdeNameService
DdeGetLastError
DdeClientTransaction
GetDC
SetWindowLongW
InvalidateRect
IsClipboardFormatAvailable
SetTimer
CallWindowProcW
DdeQueryStringW
DdeFreeStringHandle
OpenClipboard
SetWindowTextW
EnableMenuItem
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
wsprintfW
CloseClipboard
DdeInitializeW
CheckDlgButton
CharNextW
AppendMenuW
TranslateAcceleratorW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
GERMAN SWISS 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:07 22:30:12+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
334336

LinkerVersion
2.5

EntryPoint
0x51e80

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9c8071c8d2a43c1cff51a8d3eaa246b3
SHA1 57d8166cf00d35fdc0381ce9fc26cb0d86be47d8
SHA256 af20f837cbe32b2979d36306f61e9e7ca5b72ddc1553016e38dab255db1d7894
ssdeep
6144:mXH0Z7U0kBNDpJyBNCoHyXWIpEsMTN7fNeSy9mcOANiLUZ9:mXx0MN1E5HXDp1y9iAsLa

File size 339.3 KB ( 347408 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-07 23:11:19 UTC ( 4 years, 6 months ago )
Last submission 2012-11-12 21:16:08 UTC ( 4 years, 6 months ago )
File names 9c8071c8d2a43c1cff51a8d3eaa246b3
G0J.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.