× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9f2dfd1b8fe93e1eeba24f44b2f54fbbb6761751b743fb76377be348911ae46
File name: fd5400091d46388f3ae2844f1b46bcfb56711bd7
Detection ratio: 36 / 56
Analysis date: 2015-10-30 11:13:08 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2820235 20151030
Yandex Trojan.Kryptik!m4mIdPkhk5U 20151029
ALYac Trojan.GenericKD.2820235 20151030
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151030
Arcabit Trojan.Generic.D2B088B 20151030
Avast Win32:Agent-BBDY [Trj] 20151030
AVG Crypt5.GKT 20151030
Avira (no cloud) TR/Crypt.EPACK.3974 20151030
AVware Trojan.Win32.Generic!BT 20151030
Baidu-International Trojan.Win32.Zbot.wcft 20151030
BitDefender Trojan.GenericKD.2820235 20151030
CAT-QuickHeal (Suspicious) - DNAScan 20151030
DrWeb Trojan.PWS.Panda.7708 20151030
Emsisoft Trojan.GenericKD.2820235 (B) 20151030
ESET-NOD32 a variant of Win32/Kryptik.DKBB 20151030
F-Secure Trojan.GenericKD.2820235 20151030
Fortinet W32/Zbot.DKBB!tr 20151030
GData Trojan.GenericKD.2820235 20151030
Ikarus Trojan.Win32.Crypt 20151030
Jiangmin TrojanSpy.Zbot.idyl 20151030
K7AntiVirus Trojan ( 004d4cdf1 ) 20151030
K7GW Trojan ( 004d4cdf1 ) 20151030
Kaspersky Trojan-Spy.Win32.Zbot.wcft 20151030
Malwarebytes Trojan.Kazy 20151030
McAfee Artemis!FAAD16BB5023 20151030
McAfee-GW-Edition Artemis!Trojan 20151030
Microsoft PWS:Win32/Zbot!VM 20151030
eScan Trojan.GenericKD.2820235 20151030
NANO-Antivirus Trojan.Win32.Zbot.dygivd 20151030
nProtect Trojan.GenericKD.2820235 20151030
Panda Trj/Genetic.gen 20151030
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20151030
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151029
TrendMicro TSPY_ZBOT.CPH15AT 20151030
TrendMicro-HouseCall TSPY_ZBOT.CPH15AT 20151030
VIPRE Trojan.Win32.Generic!BT 20151030
AegisLab 20151030
AhnLab-V3 20151029
Alibaba 20151030
Bkav 20151029
ByteHero 20151030
ClamAV 20151030
CMC 20151029
Comodo 20151030
Cyren 20151030
F-Prot 20151030
Sophos AV 20151030
SUPERAntiSpyware 20151030
Symantec 20151029
Tencent 20151030
TheHacker 20151028
TotalDefense 20151030
VBA32 20151030
ViRobot 20151030
Zillya 20151029
Zoner 20151030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-27 05:11:07
Entry Point 0x00001000
Number of sections 16
PE sections
PE imports
DdeSetQualityOfService
RegisterWindowMessageW
DdeDisconnectList
GetForegroundWindow
GetParent
SendNotifyMessageA
AttachThreadInput
GetPriorityClipboardFormat
DrawIcon
GetCapture
CloseDesktop
FindWindowA
DrawTextExA
GetSysColorBrush
GetWindowRect
GetThreadDesktop
RegisterClipboardFormatA
MoveWindow
GetClipboardFormatNameW
IsWindowEnabled
SetActiveWindow
CharNextExA
GetDlgCtrlID
GetListBoxInfo
PaintDesktop
IsWindowVisible
GetMessageTime
BroadcastSystemMessageA
InvertRect
InSendMessage
AnimateWindow
GetMouseMovePointsEx
GetWindowTextLengthA
LoadIconA
GetKeyboardLayout
GetTopWindow
IsDlgButtonChecked
CharNextA
RegisterClipboardFormatW
GetDesktopWindow
CopyAcceleratorTableW
GetKeyboardType
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:02:27 06:11:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
186368

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
30720

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 faad16bb5023d5557a87043ecdd925bb
SHA1 c8b422b0f0b5c4faca0f47219f53e28a65344c52
SHA256 b9f2dfd1b8fe93e1eeba24f44b2f54fbbb6761751b743fb76377be348911ae46
ssdeep
1536:hz4nsYX5/YxBQSSg1B0kkhoHM+g8H+Ai+1RwJylrgi:hUsjxBQSx1k378Hc1QlEi

authentihash 957fb7dd94b2d95a44db16074444678c07b57178f0c0d26292aca988cc222cd1
imphash 6bf8e12abe43482172c0d278e2bd4ff8
File size 235.5 KB ( 241152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-23 11:06:44 UTC ( 3 years, 4 months ago )
Last submission 2015-10-23 11:06:44 UTC ( 3 years, 4 months ago )
File names fd5400091d46388f3ae2844f1b46bcfb56711bd7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs