× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5cb319741f229de8f22fea0a24c26e7f169a1d8bb08b7e3e6600fabecf79001
File name: a5e580285cf9257e41a0f1284b9b3a74
Detection ratio: 43 / 54
Analysis date: 2014-10-16 04:50:14 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.138849 20141016
Yandex TrojanSpy.Zbot!yCSI2O73/Y0 20141015
AhnLab-V3 Spyware/Win32.Zbot 20141016
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20141016
Avast Win32:Cbeplay-D [Trj] 20141016
AVG PSW.Generic10.BLKO 20141015
Avira (no cloud) TR/Crypt.ZPACK.Gen 20141016
AVware Trojan.Win32.Zbot.dhna (v) 20141016
BitDefender Gen:Variant.Kazy.138849 20141016
Bkav W32.Clod419.Trojan.d552 20141015
CAT-QuickHeal TrojanPWS.Zbot.Y 20141016
Comodo TrojWare.Win32.Injector.BR 20141016
DrWeb Trojan.PWS.Panda.2977 20141016
Emsisoft Gen:Variant.Kazy.138849 (B) 20141016
ESET-NOD32 Win32/Spy.Zbot.AAO 20141016
F-Prot W32/A-b5518362!Eldorado 20141016
F-Secure Trojan:W32/Kamala.A 20141016
Fortinet W32/ZBOT.QT!tr 20141016
GData Gen:Variant.Kazy.138849 20141016
Ikarus Trojan-Spy.Win32.Zbot 20141016
Jiangmin TrojanSpy.Zbot.dazb 20141015
K7AntiVirus Backdoor ( 04c4ba7b1 ) 20141015
K7GW Backdoor ( 04c4ba7b1 ) 20141015
Kaspersky HEUR:Trojan.Win32.Generic 20141016
Kingsoft Win32.Troj.Zbot.im.(kcloud) 20141016
Malwarebytes Spyware.Zbot.ED 20141016
McAfee PWS-Zbot-FAJJ 20141016
McAfee-GW-Edition PWS-Zbot-FAJJ!A5E580285CF9 20141015
Microsoft PWS:Win32/Zbot.gen!CI 20141016
eScan Gen:Variant.Kazy.138849 20141016
NANO-Antivirus Trojan.Win32.Agent.cnwqmg 20141016
Norman ZBot.EDGO 20141015
nProtect Trojan-Spy/W32.ZBot.298488 20141015
Qihoo-360 Win32/Trojan.Spy.e04 20141016
Sophos Troj/Zbot-DUZ 20141016
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20141016
Symantec Packed.Generic.459 20141016
Tencent Win32.Trojan-Spy.Zbot.ckvl 20141016
TotalDefense Win32/Zbot.AW!generic 20141015
TrendMicro TROJ_SPNR.14BB13 20141016
TrendMicro-HouseCall TROJ_SPNR.14BB13 20141016
VBA32 BScope.Malware-Cryptor.SB.01798 20141015
VIPRE Trojan.Win32.Zbot.dhna (v) 20141016
AegisLab 20141016
Baidu-International 20141015
ByteHero 20141016
ClamAV 20141015
CMC 20141013
Cyren 20141016
Rising 20141015
TheHacker 20141013
ViRobot 20141016
Zillya 20141015
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher 4121934816285761263948165618171472156875915888613241452236933967182751259851816682...
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-24 17:58:28
Entry Point 0x00045810
Number of sections 11
PE sections
PE imports
RegOpenKeyA
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CombineRgn
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetPixel
BitBlt
SetTextColor
GetTextExtentPoint32W
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
SetRectRgn
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetSystemInfo
VirtualAlloc
LoadLibraryA
UpdateWindow
LoadBitmapW
DefWindowProcW
KillTimer
PostQuitMessage
ShowWindow
MessageBeep
SetWindowPos
GetDesktopWindow
GetSystemMetrics
EnableMenuItem
MessageBoxW
GetMenu
GetWindowRect
EndPaint
SetCapture
ReleaseCapture
DialogBoxParamW
GetWindowDC
PostMessageW
GetSysColor
GetDlgItemInt
GetDC
ReleaseDC
BeginPaint
SendMessageW
RegisterClassW
WinHelpW
LoadStringW
SetWindowTextW
DrawMenuBar
SystemParametersInfoW
IsIconic
InvalidateRect
SetTimer
FlashWindow
ShowCursor
GetClientRect
SetDlgItemInt
LoadCursorW
LoadIconW
CreateWindowExW
wsprintfW
SetCursor
Number of PE resources by type
RT_STRING 3
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:24 18:58:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
281088

LinkerVersion
9.0

FileAccessDate
2014:10:16 05:49:01+01:00

EntryPoint
0x45810

InitializedDataSize
10752

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:10:16 05:49:01+01:00

UninitializedDataSize
0

File identification
MD5 a5e580285cf9257e41a0f1284b9b3a74
SHA1 6a3c36b7f48e671e2dace5b71a9c9c3f38238c84
SHA256 b5cb319741f229de8f22fea0a24c26e7f169a1d8bb08b7e3e6600fabecf79001
ssdeep
3072:ABBBBBBBUpxW7gs5ArVXSMufZxMwxMKx4qbfefJ8OC+gPT0VZhWtvVkp0DnAJPke:/8DmVXSMqXx4qTO8OPygOZLkPu9u

authentihash 874cc12f4825481b399c2d98246117518b5dd33d49ae7d33afb133030a665781
imphash 2caf2dafc57f88a5b01f0b4d8773958b
File size 291.5 KB ( 298488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-27 00:02:47 UTC ( 4 years, 2 months ago )
Last submission 2013-02-02 00:40:39 UTC ( 4 years, 1 month ago )
File names a5e580285cf9257e41a0f1284b9b3a74
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections