× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8f2c42af2d4da9e2dfb1032b7252fb8758b6b597ad0b46d2581a7effdc2ad7b
File name: bybtt.cc3
Detection ratio: 47 / 54
Analysis date: 2014-07-16 06:20:27 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Zegost.H 20140716
Yandex Trojan.PWS.Bjlog!8abkTEHimvk 20140715
AhnLab-V3 Win-Trojan/Zegost.Gen 20140715
AntiVir TR/Crypt.XPACK.Gen3 20140716
Antiy-AVL Trojan[PSW]/Win32.Bjlog 20140716
Avast Win32:Zegost-D [Drp] 20140716
AVG BackDoor.Agent.AICT 20140716
BitDefender Backdoor.Zegost.H 20140716
Bkav W32.BjlogQKB.Trojan 20140715
CAT-QuickHeal Backdoor.Zegost.B 20140716
ClamAV Trojan.Spy-78740 20140716
CMC Trojan-PSW.Win32.Bjlog!O 20140714
Commtouch W32/Zegost.D.gen!Eldorado 20140716
Comodo TrojWare.Win32.GameThief.Magania.~NWABI 20140716
DrWeb BackDoor.Zegost.48 20140716
Emsisoft Backdoor.Zegost.H (B) 20140716
ESET-NOD32 Win32/Agent.OGJ 20140716
F-Prot W32/MalwareS.BJRT 20140716
F-Secure Backdoor.Zegost.H 20140716
Fortinet W32/Bjlog.SMC!tr 20140716
GData Backdoor.Zegost.H 20140716
Ikarus Trojan-PWS.Win32.Bjlog 20140716
Jiangmin Trojan/PSW.Bjlog.re 20140716
K7AntiVirus Password-Stealer ( 001947491 ) 20140715
K7GW Password-Stealer ( 001947491 ) 20140715
Kaspersky Trojan-PSW.Win32.Bjlog.lfz 20140716
Kingsoft Win32.Malware.Heur_Generic.A.(kcloud) 20140716
Malwarebytes Trojan.ServiceHijacker 20140716
McAfee BackDoor-EMA.gen.b 20140716
McAfee-GW-Edition BackDoor-EMA.gen.b 20140715
Microsoft Backdoor:Win32/Zegost.B 20140716
eScan Backdoor.Zegost.H 20140716
NANO-Antivirus Trojan.Win32.Bjlog.uinca 20140716
Norman Bjlog.F 20140716
nProtect Backdoor.Zegost.H 20140715
Qihoo-360 Backdoor.Win32.BDX.K 20140716
Rising PE:Trojan.Win32.NoSorFo.s!1075333786 20140715
Sophos AV Mal/Zegost-E 20140716
Symantec Backdoor.Trojan 20140716
Tencent Backdoor.Win32.Bdx.a 20140716
TheHacker Trojan/PSW.Bjlog.lfz 20140714
TotalDefense Win32/Zegost.VK 20140716
TrendMicro BKDR_REDOSD.SMX 20140716
TrendMicro-HouseCall BKDR_REDOSD.SMX 20140716
VBA32 TrojanPSW.Bjlog 20140715
ViRobot Trojan.Win32.A.PSW-Bjlog.155648.H 20140716
Zillya Trojan.Agent.Win32.280302 20140715
AegisLab 20140716
Baidu-International 20140715
ByteHero 20140716
Panda 20140715
SUPERAntiSpyware 20140716
VIPRE 20140716
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-14 22:03:32
Entry Point 0x0000E810
Number of sections 4
PE sections
Overlays
MD5 4bd7309929c152fb54148eadeac40238
File type data
Offset 155648
Size 24046386
Entropy 0.04
PE imports
LsaFreeMemory
RegSaveKeyA
ChangeServiceConfigA
LookupPrivilegeValueA
OpenEventLogA
InitializeSecurityDescriptor
RegSetValueExA
LookupAccountSidA
AllocateAndInitializeSid
RegOpenKeyExA
OpenSCManagerA
RegQueryInfoKeyA
CreateCompatibleBitmap
ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
CreateToolhelp32Snapshot
GetSystemInfo
FreeLibrary
CopyFileA
ExitProcess
IsBadWritePtr
LoadLibraryA
SetConsoleOutputCP
SetConsoleScreenBufferSize
GetLocalTime
DeleteCriticalSection
GetVolumeInformationA
GetPrivateProfileStringA
SetConsoleCtrlHandler
GetFileSize
SetFileTime
GetConsoleTitleA
ReadConsoleOutputA
GetTempPathA
lstrcmpA
SetFileAttributesA
GetProcessHeap
MoveFileA
CreateProcessA
GetLogicalDriveStringsA
InitializeCriticalSection
IsBadReadPtr
GetCurrentThreadId
OpenEventA
GetCurrentProcessId
LeaveCriticalSection
??2@YAPAXI@Z
realloc
wcstombs
ceil
_strupr
_beginthreadex
_initterm
ICGetInfo
wsprintfA
GetSystemMetrics
OpenInputDesktop
BlockInput
SetClipboardData
SetWindowsHookExA
EnumWindows
CloseClipboard
MessageBoxA
SetProcessWindowStation
GetWindowTextA
OpenClipboard
GetDC
CallNextHookEx
GetProfilesDirectoryA
GetUserProfileDirectoryA
waveInGetDevCapsA
waveOutReset
waveInOpen
mixerOpen
waveOutOpen
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2010:07:14 23:03:32+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
102400

LinkerVersion
6.0

EntryPoint
0xe810

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c2f0ba16a767d839782a36f8f5bbfcbc
SHA1 8b4434f8a1ed013cdd7a3c2711dea08459d6e61f
SHA256 b8f2c42af2d4da9e2dfb1032b7252fb8758b6b597ad0b46d2581a7effdc2ad7b
ssdeep
6144:uBTyPRqyhYPbHcTBlhHrondnzYPbHcTBlhHrondnO:jJq8YPbHcT3+YPbHcT3N

authentihash 81b4ee85f8e84fcd031156dedf885703e715fdeca64676a8be8241bca9892b63
imphash 50a9ea4c81e9b9b361591eb492c4c7e6
File size 23.1 MB ( 24202034 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll overlay

VirusTotal metadata
First submission 2014-07-16 06:20:27 UTC ( 3 years, 2 months ago )
Last submission 2014-07-16 06:20:27 UTC ( 3 years, 2 months ago )
File names bybtt.cc3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!