× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7b7a4ecf14ba448aef1353d9bdaa5f1374b01e1de6ad4b0ea6f5390ee37a100
File name: b7854dd809b2cc35327673de4f32fd31
Detection ratio: 31 / 57
Analysis date: 2015-02-02 08:55:38 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2106089 20150202
ALYac Trojan.GenericKD.2106089 20150202
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150202
Avast Win32:Malware-gen 20150202
AVG Inject2.BMDK 20150202
Avira (no cloud) TR/Crypt.ZPACK.120962 20150202
AVware Trojan.Win32.Generic!BT 20150202
Baidu-International Trojan.Win32.Zbot.Al 20150202
BitDefender Trojan.GenericKD.2106089 20150202
Cyren W32/Trojan.FEJA-7216 20150202
Emsisoft Trojan.GenericKD.2106089 (B) 20150202
ESET-NOD32 Win32/Spy.Zbot.ACB 20150202
F-Secure Trojan.GenericKD.2106089 20150201
Fortinet W32/Zbot.ACB!tr 20150202
GData Trojan.GenericKD.2106089 20150202
K7AntiVirus Spyware ( 004a08e61 ) 20150202
K7GW DoS-Trojan ( 200c23c21 ) 20150130
Kaspersky Trojan-Spy.Win32.Zbot.uwmc 20150202
Malwarebytes Trojan.Zbot.VX 20150202
McAfee RDN/Generic PWS.y!bcp 20150202
McAfee-GW-Edition BehavesLike.Win32.Downloader.fc 20150202
eScan Trojan.GenericKD.2106089 20150202
NANO-Antivirus Trojan.Win32.Zbot.dmuree 20150202
nProtect Trojan.GenericKD.2106089 20150130
Panda Trj/Zbot.M 20150201
Qihoo-360 Win32/Trojan.aed 20150202
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150130
Sophos AV Mal/Generic-S 20150202
TrendMicro TROJ_FORUCON.BMC 20150202
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150202
VIPRE Trojan.Win32.Generic!BT 20150202
AegisLab 20150202
Yandex 20150201
AhnLab-V3 20150202
Alibaba 20150201
Bkav 20150202
ByteHero 20150202
CAT-QuickHeal 20150202
ClamAV 20150202
CMC 20150202
Comodo 20150202
DrWeb 20150202
F-Prot 20150202
Ikarus 20150202
Jiangmin 20150131
Kingsoft 20150202
Microsoft 20150202
Norman 20150202
SUPERAntiSpyware 20150201
Symantec 20150202
Tencent 20150202
TheHacker 20150131
TotalDefense 20150201
VBA32 20150202
ViRobot 20150202
Zillya 20150202
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-22 12:21:28
Entry Point 0x000036E9
Number of sections 6
PE sections
PE imports
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
ImageList_DragLeave
Ord(17)
ImageList_ReplaceIcon
ImageList_Create
FindTextW
GetSaveFileNameW
CertGetNameStringA
GetDeviceCaps
CreateDCA
LineTo
EndPage
DeleteDC
RestoreDC
SelectObject
MoveToEx
GetStockObject
SaveDC
SetWindowExtEx
EndDoc
StartPage
Rectangle
SetTextAlign
TextOutA
Ellipse
CreateFontA
SetMapMode
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
DecodePointer
MulDiv
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
SetLastError
LeaveCriticalSection
StrSpnA
PathGetArgsA
GetCursorPos
GetWindowLongA
CreateWindowExA
IsWindow
LoadIconA
GetMenuItemInfoA
LoadImageA
SendMessageA
CallWindowProcA
GetClientRect
FillRect
LoadCursorA
GetDC
RegisterClassExA
GdipDrawLineI
GdipDrawEllipseI
GdipCreateFromHDC
GdiplusStartup
GdipCreatePen1
GdipFree
GdipDrawRectangleI
GdipAlloc
GdiplusShutdown
GdipDeleteGraphics
GdipDeletePen
SnmpUtilAsnAnyCpy
PE exports
Number of PE resources by type
RT_CURSOR 14
RT_DIALOG 9
RT_STRING 6
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 30
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:22 13:21:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
101376

LinkerVersion
10.0

EntryPoint
0x36e9

InitializedDataSize
219648

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b7854dd809b2cc35327673de4f32fd31
SHA1 169c26b8916abe7d73bebb89cf602f37ae76c404
SHA256 b7b7a4ecf14ba448aef1353d9bdaa5f1374b01e1de6ad4b0ea6f5390ee37a100
ssdeep
6144:m2zxEQ53GEGz4LRu+YAOYqbZ634Vc2CPo//1E9ycHhBN:m29EUz244+Yb5VlCPktEzh7

authentihash 3fe30ba787c41acadffeacccbb4c4085e543e70fa42794822a5ab6f2ec3c0290
imphash 58525331fd227217f6c6e4a3402a2b07
File size 314.5 KB ( 322048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 08:55:38 UTC ( 4 years, 1 month ago )
Last submission 2015-02-02 08:55:38 UTC ( 4 years, 1 month ago )
File names b7854dd809b2cc35327673de4f32fd31
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.