× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: baec22480f544a0e855d8cff681d9ce639f7cb3cf3b51ee47851721327200630
File name: VirusShare_602c3f8117a5989e6b4d9bee58067ec5
Detection ratio: 49 / 54
Analysis date: 2014-08-05 04:04:07 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.165 20140805
Yandex TrojanSpy.Zbot!HC8O58DOFiM 20140804
AhnLab-V3 Trojan/Win32.Zbot 20140804
AntiVir TR/Kazy.MK 20140805
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140805
Avast Win32:Zbot-NRC [Trj] 20140805
AVG PSW.Generic9.BJAK 20140805
AVware Trojan-PWS.Win32.Zbot.aac (v) 20140805
Baidu-International Trojan.Win32.Zbot.auy 20140804
BitDefender Gen:Variant.Kazy.165 20140805
Bkav W32.JayfoF.Trojan 20140804
CAT-QuickHeal TrojanPWS.Zbot.Y3 20140804
ClamAV Trojan.Spy.Zbot-142 20140804
CMC Packed.Win32.Toggaf.4!O 20140804
Commtouch W32/Zbot.BR.gen!Eldorado 20140805
Comodo TrojWare.Win32.Kazy.MKD 20140805
DrWeb Trojan.PWS.Panda.547 20140805
Emsisoft Gen:Variant.Kazy.165 (B) 20140805
ESET-NOD32 Win32/Spy.Zbot.YW 20140805
F-Prot W32/Zbot.BR.gen!Eldorado 20140805
F-Secure Trojan-Spy:W32/Zbot.AVTH 20140805
Fortinet W32/Zbot.AT!tr 20140805
GData Gen:Variant.Kazy.165 20140805
Ikarus Trojan-Spy.Win32.Zbot 20140805
Jiangmin Trojan/Generic.xqxl 20140804
K7AntiVirus Backdoor ( 04c4ee7b1 ) 20140804
K7GW Backdoor ( 04c4ee7b1 ) 20140804
Kaspersky Trojan-Spy.Win32.Zbot.dkuo 20140805
Kingsoft Win32.Troj.Zbot.(kcloud) 20140805
Malwarebytes Trojan.Zbot 20140805
McAfee PWS-Zbot.gen.ds 20140805
Microsoft PWS:Win32/Zbot.gen!CI 20140805
eScan Gen:Variant.Kazy.165 20140805
NANO-Antivirus Trojan.Win32.Zbot.wlyrm 20140805
Panda Trj/WLT.A 20140804
Qihoo-360 Malware.QVM20.Gen 20140805
Rising PE:Stealer.Zbot!1.648A 20140804
Sophos AV Mal/Zbot-HX 20140805
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140804
Symantec Trojan.Zbot 20140805
Tencent Win32.Trojan-spy.Zbot.Wklw 20140805
TheHacker Trojan/Spy.Zbot.yw 20140803
TotalDefense Win32/Zbot.CXZ 20140804
TrendMicro TROJ_FORUCON.BMC 20140805
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20140805
VBA32 SScope.Trojan.FakeAV.01110 20140804
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20140805
ViRobot Trojan.Win32.A.Zbot.139035 20140805
Zoner Trojan.Zbot.YW 20140729
AegisLab 20140805
ByteHero 20140805
McAfee-GW-Edition 20140804
Norman 20140804
nProtect 20140804
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-24 13:03:24
Entry Point 0x0000E0F1
Number of sections 3
PE sections
File identification
MD5 602c3f8117a5989e6b4d9bee58067ec5
SHA1 5c69a5eba7a9d1c6a1ad8995e75c7538ceb82254
SHA256 baec22480f544a0e855d8cff681d9ce639f7cb3cf3b51ee47851721327200630

imphash cc1c8e87ca79bdf902cbaeda84aac151
File size 140.5 KB ( 143877 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)

VirusTotal metadata
First submission 2014-08-05 04:04:07 UTC ( 4 years, 5 months ago )
Last submission 2014-08-05 04:04:07 UTC ( 4 years, 5 months ago )
File names VirusShare_602c3f8117a5989e6b4d9bee58067ec5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections