× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b031a7362e4d0bcd6a4b526b2e2e3a44bdd764acdbaeffd5967389a18f3c72d8
File name: 4a2b3922ddf0a0ca381d229b0b41e341a983b8b2
Detection ratio: 39 / 57
Analysis date: 2015-08-16 05:32:37 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.165981 20150816
Yandex TrojanSpy.Zbot!pK4BgPQGpN4 20150815
AhnLab-V3 Trojan/Win32.ZBot 20150815
ALYac Gen:Variant.Graftor.165981 20150813
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150816
Arcabit Trojan.Graftor.D2885D 20150816
Avast Win32:Crypt-SAA [Trj] 20150816
AVG Crypt3.BIYL 20150816
Avira (no cloud) TR/Spy.ZBot.387072.4 20150815
AVware Trojan.Win32.Generic!BT 20150816
Baidu-International Trojan.Win32.Zbot.uqoc 20150815
BitDefender Gen:Variant.Graftor.165981 20150816
CAT-QuickHeal Trojan.Generic.B4 20150814
Comodo UnclassifiedMalware 20150816
DrWeb Trojan.Siggen6.26053 20150816
Emsisoft Gen:Variant.Graftor.165981 (B) 20150816
ESET-NOD32 a variant of Win32/Kryptik.CRVM 20150815
F-Secure Gen:Variant.Graftor.165981 20150815
Fortinet W32/Kryptik.CRVM!tr 20150813
GData Gen:Variant.Graftor.165981 20150816
Ikarus Trojan-Spy.Zbot 20150815
Jiangmin TrojanSpy.Zbot.hmwb 20150815
K7AntiVirus Riskware ( 0040eff71 ) 20150816
K7GW Riskware ( 0040eff71 ) 20150816
Kaspersky Trojan-Spy.Win32.Zbot.uqoc 20150816
Malwarebytes Trojan.Agent.ED 20150815
McAfee Generic-FAVR!2B6EF8CFDE4F 20150816
McAfee-GW-Edition Generic-FAVR!2B6EF8CFDE4F 20150816
Microsoft PWS:Win32/Zbot 20150816
eScan Gen:Variant.Graftor.165981 20150816
NANO-Antivirus Trojan.Win32.Zbot.djrwws 20150816
Panda Trj/CI.A 20150815
Qihoo-360 Win32/Trojan.Spy.4b1 20150816
Sophos AV Mal/Zbot-SY 20150816
Symantec Infostealer.Banker.C 20150815
TotalDefense Win32/Zbot.eaODEFC 20150815
VBA32 TrojanSpy.Zbot 20150815
VIPRE Trojan.Win32.Generic!BT 20150816
Zillya Trojan.ZBot.Win32.88 20150815
AegisLab 20150815
Alibaba 20150814
Bkav 20150815
ByteHero 20150816
ClamAV 20150816
CMC 20150814
Cyren 20150816
F-Prot 20150816
Kingsoft 20150816
nProtect 20150813
Rising 20150815
SUPERAntiSpyware 20150815
Tencent 20150816
TheHacker 20150814
TrendMicro 20150816
TrendMicro-HouseCall 20150816
ViRobot 20150816
Zoner 20150816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-02 07:26:44
Entry Point 0x00008AC8
Number of sections 5
PE sections
PE imports
RegCloseKey
GetOpenFileNameA
GetSaveFileNameA
CreateICA
SetMapMode
GetSystemPaletteEntries
SaveDC
TextOutA
GetTextMetricsA
CombineRgn
GetBitmapBits
CreateDCA
LineTo
DeleteDC
RestoreDC
EndDoc
CreateEllipticRgn
MoveToEx
GetStockObject
SetViewportOrgEx
SelectClipRgn
CreateRectRgn
DeleteObject
StartDocA
SetWindowExtEx
CreateSolidBrush
DPtoLP
SelectObject
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetOverlappedResult
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
CommConfigDialogA
GetLocaleInfoW
WaitCommEvent
SetStdHandle
WideCharToMultiByte
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ClearCommError
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
SetCommMask
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
lstrcpyW
GetCurrentThreadId
IsValidLocale
GetProcAddress
SetCommTimeouts
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
NetLocalGroupEnum
NetApiBufferFree
RpcErrorStartEnumeration
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
StrToIntA
SetFocus
GetCursorInfo
EndDialog
DestroyWindow
CreateIconIndirect
KillTimer
PostQuitMessage
DefWindowProcA
GetIconInfo
GetClipboardData
SetDlgItemInt
GetSystemMetrics
EndPaint
SetDlgItemTextA
SetRectEmpty
GetDlgItemTextA
MessageBoxA
SetWindowLongA
DialogBoxParamA
GetDlgItemInt
CheckDlgButton
GetDC
DrawCaption
ReleaseDC
BeginPaint
SetWindowTextA
SendMessageW
wsprintfA
PtInRect
SendMessageA
CloseClipboard
GetClientRect
GetDlgItem
DrawTextW
DrawTextA
SetRect
GetWindowLongA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
OemToCharA
CountClipboardFormats
FillRect
ShowCursor
GetDesktopWindow
LoadImageA
GetWindowTextLengthW
GetTopWindow
GetWindowTextA
OpenClipboard
SetCursor
SetWindowTheme
EndPagePrinter
OpenPrinterA
EnumPrintersA
ClosePrinter
EndDocPrinter
GdipLoadImageFromFile
GdipCreateBitmapFromScan0
GdipGraphicsClear
GdipFree
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipAlloc
GdipCreateFromHWND
GdipCloneImage
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 5
Struct(28) 2
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
114176

ImageVersion
0.0

ProductName
Fusion - HDR Software

FileVersionNumber
2.7.9.0

LanguageCode
Unknown (4090)

FileFlagsMask
0x003f

FileDescription
Fusion - HDR Software

CharacterSet
Unknown (4B0)

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
Fusion.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 7, 9

TimeStamp
2014:12:02 08:26:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Fusion

ProductVersion
2, 7, 9

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2014 NS-Point. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
271872

FileSubtype
0

ProductVersionNumber
2.7.9.0

EntryPoint
0x8ac8

ObjectFileType
Executable application

File identification
MD5 2b6ef8cfde4f625d4c349b1df48e6295
SHA1 4a2b3922ddf0a0ca381d229b0b41e341a983b8b2
SHA256 b031a7362e4d0bcd6a4b526b2e2e3a44bdd764acdbaeffd5967389a18f3c72d8
ssdeep
6144:uqq7HLFSE8Dpbv2lYk4uI7aIaq7wxLFZ4mItkCSF7SzsOu496kGs:uLAE8DpbBUPqEhFavmCWJAGs

authentihash cbbb58077f51c5b29bb5ac8591361d09f71338a6e8703da5915ea228938b26ef
imphash 2ec29691a26d554f81f9e4f63f2ccc55
File size 378.0 KB ( 387072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-16 05:32:37 UTC ( 3 years, 7 months ago )
Last submission 2015-08-16 05:32:37 UTC ( 3 years, 7 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs