× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b797171c85462f4d132e2d2a73f52f6a14b96ec810fe1254d056ce1004cfeebe
File name: 9a9d600a0f1aa04510241e6c64b1a02e96c976a7
Detection ratio: 3 / 51
Analysis date: 2014-04-13 18:47:23 UTC ( 4 years, 8 months ago )
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.AAO 20140413
Jiangmin TrojanDropper.Necurs.bqn 20140413
Malwarebytes Trojan.Inject.ED 20140413
Ad-Aware 20140413
AegisLab 20140413
Yandex 20140413
AhnLab-V3 20140413
AntiVir 20140413
Antiy-AVL 20140413
Avast 20140413
AVG 20140413
Baidu-International 20140413
BitDefender 20140413
Bkav 20140412
ByteHero 20140413
CAT-QuickHeal 20140413
ClamAV 20140413
CMC 20140411
Commtouch 20140413
Comodo 20140413
DrWeb 20140413
Emsisoft 20140413
F-Prot 20140413
F-Secure 20140413
Fortinet 20140413
GData 20140413
Ikarus 20140413
K7AntiVirus 20140411
K7GW 20140411
Kaspersky 20140413
Kingsoft 20140413
McAfee 20140413
McAfee-GW-Edition 20140413
Microsoft 20140413
eScan 20140413
NANO-Antivirus 20140413
Norman 20140412
nProtect 20140413
Panda 20140413
Qihoo-360 20140413
Rising 20140412
Sophos AV 20140413
SUPERAntiSpyware 20140413
Symantec 20140413
TheHacker 20140411
TotalDefense 20140413
TrendMicro 20140413
TrendMicro-HouseCall 20140413
VBA32 20140411
VIPRE 20140413
ViRobot 20140413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-25 13:40:34
Entry Point 0x00001041
Number of sections 4
PE sections
PE imports
GetModuleFileNameW
VirtualAlloc
Ord(3820)
Ord(2438)
Ord(4621)
Ord(537)
Ord(5298)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(693)
Ord(665)
Ord(4073)
Ord(6048)
Ord(2362)
Ord(5257)
Ord(4435)
Ord(755)
Ord(5436)
Ord(5727)
Ord(940)
Ord(389)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4155)
Ord(3917)
Ord(1165)
Ord(2388)
Ord(6379)
Ord(567)
Ord(3076)
Ord(6390)
Ord(3210)
Ord(5285)
Ord(6330)
Ord(356)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5237)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5706)
Ord(4692)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(2047)
Ord(2504)
Ord(3142)
Ord(800)
Ord(5157)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(1197)
Ord(4269)
Ord(535)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(369)
Ord(858)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(5446)
Ord(5180)
Ord(3365)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(2574)
Ord(5273)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(1768)
Ord(4704)
Ord(2385)
Ord(3793)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(4396)
Ord(3313)
Ord(668)
Ord(1131)
Ord(3635)
Ord(3733)
Ord(5303)
Ord(2546)
Ord(861)
Ord(561)
Ord(1143)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(3827)
Ord(5059)
Ord(4370)
Ord(5286)
Ord(860)
__CxxFrameHandler
??1type_info@@UAE@XZ
memset
strcat
wcscmp
fopen
memcpy
GetSystemMetrics
SetWindowLongW
SendMessageW
GetWindowRect
EnableWindow
LoadIconW
DrawIcon
GetClientRect
GetSystemMenu
GetWindowLongW
IsIconic
AppendMenuW
Number of PE resources by type
RT_ICON 1
RT_STRING 1
AVI 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:25 14:40:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
1.0

FileAccessDate
2014:04:13 19:50:06+01:00

EntryPoint
0x1041

InitializedDataSize
270336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:13 19:50:06+01:00

UninitializedDataSize
0

File identification
MD5 0998038d9fd0736b63994e25e121dba4
SHA1 9a9d600a0f1aa04510241e6c64b1a02e96c976a7
SHA256 b797171c85462f4d132e2d2a73f52f6a14b96ec810fe1254d056ce1004cfeebe
ssdeep
6144:CkfMdoDNci4zUs3/TzM2MD418Aih6lNoIrIrXR4U0W2MiHYCkQ8O5:Uuc5zUgM2MD4jih6TErEfMi4CkLO5

imphash a139cefde05a5d42b1f0fb2f2b0bf6ac
File size 277.0 KB ( 283648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-13 18:47:23 UTC ( 4 years, 8 months ago )
Last submission 2014-04-13 18:47:23 UTC ( 4 years, 8 months ago )
File names 9a9d600a0f1aa04510241e6c64b1a02e96c976a7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.