× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b22548b82b36380459a2298f186079e7343f1fab8f75e4080feae468cdf0cc8e
File name: b22548b82b36380459a2298f186079e7343f1fab8f75e4080feae468cdf0cc8e.bin
Detection ratio: 62 / 71
Analysis date: 2019-02-02 14:01:01 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Gen:Variant.Kazy.80167 20190202
AegisLab Trojan.Win32.Zbot.l!c 20190202
AhnLab-V3 Spyware/Win32.Zbot.R30584 20190202
ALYac Gen:Variant.Kazy.80167 20190202
Antiy-AVL Trojan[Spy]/Win32.Zbot 20190202
Arcabit Trojan.Kazy.D13927 20190202
Avast Win32:Karagany 20190202
AVG Win32:Karagany 20190202
Avira (no cloud) TR/Crypt.XPACK.Gen 20190202
Baidu Win32.Trojan.Kryptik.gg 20190201
BitDefender Gen:Variant.Kazy.80167 20190202
CAT-QuickHeal Trojan.Boaxxe.E 20190202
ClamAV Win.Trojan.Zbot-64730 20190202
CMC Trojan-Spy.Win32.Zbot!O 20190202
Comodo TrojWare.Win32.Kryptik.AHUG@4piebd 20190202
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181023
Cybereason malicious.55487f 20190109
Cylance Unsafe 20190202
Cyren W32/Zbot.FL.gen!Eldorado 20190202
DrWeb Trojan.PWS.Panda.2363 20190202
eGambit Unsafe.AI_Score_96% 20190202
Emsisoft Gen:Variant.Kazy.80167 (B) 20190202
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Spy.Zbot.AAN 20190202
F-Prot W32/Zbot.FL.gen!Eldorado 20190202
F-Secure Trojan-Spy:W32/Zbot.BBGJ 20190202
Fortinet W32/Kryptik.WDV!tr 20190201
GData Gen:Variant.Kazy.80167 20190202
Ikarus Trojan-Spy.Win32.Zbot 20190202
Sophos ML heuristic 20181128
Jiangmin TrojanSpy.Zbot.buba 20190202
K7AntiVirus Spyware ( 0040ae601 ) 20190202
K7GW Spyware ( 0040ae601 ) 20190201
Kaspersky Trojan-Spy.Win32.Zbot.ecvg 20190202
Kingsoft Win32.Troj.Zbot.(kcloud) 20190202
Malwarebytes Spyware.Zbot.DG 20190202
MAX malware (ai score=100) 20190202
McAfee PWS-Zbot.gen.uh 20190202
McAfee-GW-Edition PWS-Zbot.gen.uh 20190201
Microsoft PWS:Win32/Zbot.gen!AF 20190201
eScan Gen:Variant.Kazy.80167 20190202
NANO-Antivirus Trojan.Win32.Crypted.txyoo 20190202
Palo Alto Networks (Known Signatures) generic.ml 20190202
Panda Bck/Qbot.AO 20190202
Qihoo-360 Malware.Radar01.Gen 20190202
Rising Trojan.Zbot!1.6487 (CLOUD) 20190202
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Troj/Zbot-DHN 20190202
SUPERAntiSpyware Trojan.Agent/Gen-Spy 20190130
Symantec Packed.Generic.459 20190201
TACHYON Trojan-Spy/W32.ZBot.387232 20190201
TheHacker Trojan/Spy.Zbot.aan 20190131
TotalDefense Win32/Zbot.AK!generic 20190201
Trapmine malicious.high.ml.score 20190123
TrendMicro TSPY_ZBOT.SMIO 20190202
TrendMicro-HouseCall TSPY_ZBOT.SMIO 20190202
VBA32 Trojan.Kript.6705 20190201
Webroot W32.Trojan.Gen 20190202
Yandex TrojanSpy.Zbot!9UjyKExZ96M 20190201
Zillya Trojan.Zbot.Win32.64664 20190201
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.ecvg 20190202
Alibaba 20180921
Avast-Mobile 20190202
Babable 20180917
Bkav 20190201
Tencent 20190202
Trustlook 20190202
VIPRE 20190131
ViRobot 20190201
Zoner 20190201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:01 AM 2/2/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-05 16:25:05
Entry Point 0x00001260
Number of sections 8
PE sections
Overlays
MD5 47d45a4cc37f938f12f66781f0c2cd98
File type data
Offset 385024
Size 2208
Entropy 6.65
PE imports
RegCloseKey
GetWindowsDirectoryW
VirtualAllocEx
LoadLibraryA
CreateFileW
CloseHandle
lstrcatW
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:05 09:25:05-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1260

InitializedDataSize
331776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 76b3cb955487f1665040c5647bf12f56
SHA1 6840405767e8af443346933daed0897ce111a73e
SHA256 b22548b82b36380459a2298f186079e7343f1fab8f75e4080feae468cdf0cc8e
ssdeep
6144:JqoqGOLIK/+y+g6/RBn3ttNRTsj+cGEciws6O+:JqzGOLr/+g6/RPtnTskJO+

authentihash 564ee22a3c5aeaccfae09e493ce16ce493050aaabe839e6f6bb9c822b6b265a2
imphash 9ddd94444ea7156217169d9ad049369b
File size 378.2 KB ( 387232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-07-05 16:49:44 UTC ( 6 years, 7 months ago )
Last submission 2019-02-02 14:01:01 UTC ( 2 weeks, 2 days ago )
File names Jo0pg.xdp
b22548b82b36380459a2298f186079e7343f1fab8f75e4080feae468cdf0cc8e.vir
b22548b82b36380459a2298f186079e7343f1fab8f75e4080feae468cdf0cc8e.bin
76B3CB955487F1665040C5647BF12F56
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications