× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1bb866bd00b906339578e78bd0228bf523ca7295c54a81dc70c8c8e49eca31a
File name: be2b3a71549e9e80b731c71fa59d3135fc0aef60
Detection ratio: 15 / 55
Analysis date: 2014-10-06 19:26:51 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.109655 20141006
AhnLab-V3 Dropper/Win32.Necurs 20141006
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141006
AVG Zbot.OTA 20141006
Avira (no cloud) TR/Crypt.Xpack.98056 20141006
BitDefender Gen:Variant.Zusy.109655 20141006
Bkav HW32.Paked.2CC3 20141006
Emsisoft Gen:Variant.Zusy.109655 (B) 20141006
ESET-NOD32 a variant of Win32/Injector.BMZR 20141006
F-Secure Gen:Variant.Zusy.109655 20141006
GData Gen:Variant.Zusy.109655 20141006
Kaspersky Trojan-Spy.Win32.Zbot.uigh 20141006
Malwarebytes Trojan.Agent.ED 20141006
eScan Gen:Variant.Zusy.109655 20141006
Panda Trj/CI.A 20141006
AegisLab 20141006
Yandex 20141006
Avast 20141006
AVware 20141006
Baidu-International 20141006
ByteHero 20141006
CAT-QuickHeal 20141004
ClamAV 20141006
CMC 20141004
Comodo 20141006
Cyren 20141006
DrWeb 20141004
F-Prot 20141006
Fortinet 20141006
Ikarus 20141006
Jiangmin 20141006
K7AntiVirus 20141006
K7GW 20141006
Kingsoft 20141006
McAfee 20141006
McAfee-GW-Edition 20141006
Microsoft 20141006
NANO-Antivirus 20141006
Norman 20141006
nProtect 20141006
Qihoo-360 20141006
Rising 20141006
Sophos AV 20141006
SUPERAntiSpyware 20141006
Symantec 20141006
Tencent 20141006
TheHacker 20141006
TotalDefense 20141006
TrendMicro 20141006
TrendMicro-HouseCall 20141006
VBA32 20141006
VIPRE 20141006
ViRobot 20141006
Zillya 20141006
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1989-09-21 05:40:44
Entry Point 0x001CDC23
Number of sections 5
PE sections
Overlays
MD5 c05430602afcff1f6b45fdfa4ff24bbb
File type data
Offset 270336
Size 512
Entropy 7.57
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
OutputDebugStringA
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1989:09:21 06:40:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16807424

LinkerVersion
10.0

EntryPoint
0x1cdc23

InitializedDataSize
239104

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
0.257

UninitializedDataSize
0

Execution parents
File identification
MD5 062710603496f4f1c832d8751535f872
SHA1 f09d7e6d2804f03e290f31d72ad2337b695f790c
SHA256 b1bb866bd00b906339578e78bd0228bf523ca7295c54a81dc70c8c8e49eca31a
ssdeep
6144:oh9P2t/hNGIw4/JyVZ1pXqvEIvu0Iqr0V5CazskiZ7oiSOu4:ofet5UIb/JyVZmvEk/qtsLtoNz4

authentihash ea54b8e570bc50778e088f3f817682e56486e3f230efe0ae01323514c60f4eea
imphash 759b3c70e49933144be33f6ac33937c7
File size 264.5 KB ( 270848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-10-05 16:05:09 UTC ( 4 years, 5 months ago )
Last submission 2015-12-21 06:10:38 UTC ( 3 years, 3 months ago )
File names b1bb866bd00b906339578e78bd0228bf523ca7295c54a81dc70c8c8e49eca31a.exe
b1bb866bd00b906339578e78bd0228bf523ca7295c54a81dc70c8c8e49eca31a.vir
be2b3a71549e9e80b731c71fa59d3135fc0aef60
flash.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.