× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb64f31f58aec07410faae9becf93cabbd25216f79142bed0cd5c831b8334dff
File name: Forgetab
Detection ratio: 43 / 55
Analysis date: 2014-09-04 12:24:18 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.153241 20140904
Yandex TrojanSpy.Zbot!V8Ak6gjVn5g 20140903
AhnLab-V3 Trojan/Win32.Zbot 20140903
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140904
Avast Win32:Malware-gen 20140904
AVG Inject2.ATFB 20140904
AVware Trojan.Win32.Generic!BT 20140904
Baidu-International Trojan.Win32.Zbot.aOG 20140904
BitDefender Gen:Variant.Graftor.153241 20140904
Bkav HW32.CDB.D886 20140904
CAT-QuickHeal VirTool.VBInject.LE3 20140904
CMC Heur.Win32.Veebee.1!O 20140904
Comodo UnclassifiedMalware 20140904
Cyren W32/Trojan.GEVT-9079 20140904
DrWeb Trojan.PWS.Panda.655 20140904
Emsisoft Gen:Variant.Graftor.153241 (B) 20140904
ESET-NOD32 a variant of Win32/Injector.BKYD 20140904
F-Prot W32/Zbot.CDC 20140904
F-Secure Gen:Variant.Graftor.153241 20140904
Fortinet W32/Zbot.TXCN!tr 20140904
GData Gen:Variant.Graftor.153241 20140904
Ikarus Trojan-Spy.Win32.Zbot 20140904
K7AntiVirus Trojan ( 004a0cfe1 ) 20140903
K7GW Trojan ( 004a0cfe1 ) 20140903
Kaspersky Trojan-Spy.Win32.Zbot.txcn 20140904
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140904
Malwarebytes Trojan.FakeTool.MR 20140904
McAfee Artemis!0FCD71B75DFF 20140904
McAfee-GW-Edition Artemis 20140903
Microsoft PWS:Win32/Zbot 20140904
eScan Gen:Variant.Graftor.153241 20140904
Panda Trj/Chgt.D 20140904
Qihoo-360 HEUR/Malware.QVM03.Gen 20140904
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140904
Sophos AV Troj/VB-HNG 20140904
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20140904
Symantec Trojan.Zbot 20140904
Tencent Win32.Trojan-spy.Zbot.Kgj 20140904
TrendMicro TSPY_ZBOT.YYDAS 20140904
TrendMicro-HouseCall TSPY_ZBOT.YYDAS 20140904
VBA32 TScope.Trojan.VB 20140903
VIPRE Trojan.Win32.Generic!BT 20140904
Zillya Trojan.ZBot.Win32.49 20140903
AegisLab 20140904
Avira (no cloud) 20140904
ByteHero 20140904
ClamAV 20140904
Jiangmin 20140903
NANO-Antivirus 20140904
Norman 20140904
nProtect 20140904
TheHacker 20140904
TotalDefense 20140904
ViRobot 20140904
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Publisher Copyright © 1998-2005 Mark Russinovich and Bryce Cogswell
Product Eleostea
Original name Forgetab.exe
Internal name Forgetab
File version 1.08.0005
Description Beshlik twange
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-25 01:45:51
Entry Point 0x00001438
Number of sections 3
PE sections
Number of PE resources by type
Number of PE resources by language
PE resources
File identification
MD5 0fcd71b75dff6da1fd7fa86e6964b733
SHA1 55a65471f170f625833d282ce81d59f73af4a7aa
SHA256 bb64f31f58aec07410faae9becf93cabbd25216f79142bed0cd5c831b8334dff

imphash 053f98ab5cec37b07ba91659b49488e5
File size 206.5 KB ( 211473 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)

VirusTotal metadata
First submission 2014-08-25 06:23:00 UTC ( 4 years, 4 months ago )
Last submission 2014-08-25 06:23:00 UTC ( 4 years, 4 months ago )
File names Forgetab
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.