× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bfcbe3f59e676e68d9d821b5ba56b1ce916c045680fd05a02d3bf5113e4de323
File name: vt-upload-1jvJ8
Detection ratio: 40 / 50
Analysis date: 2014-05-28 01:17:32 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.14350 20140528
Yandex TrojanSpy.Zbot!4LjsHDZ0JNM 20140527
AntiVir TR/PSW.Zbot.5751 20140528
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140527
Avast Win32:Malware-gen 20140528
AVG PSW.Generic11.DSD 20140527
Baidu-International Trojan.Win32.Zbot.Ada 20140527
BitDefender Trojan.GenericKDZ.14350 20140528
Bkav W32.Clod232.Trojan.e5e2 20140527
DrWeb Trojan.PWS.Panda.2977 20140528
Emsisoft Trojan.GenericKDZ.14350 (B) 20140528
ESET-NOD32 a variant of Win32/Kryptik.AYVL 20140527
F-Secure Trojan.GenericKDZ.14350 20140528
Fortinet W32/Zbot.LQMR!tr 20140527
GData Trojan.GenericKDZ.14350 20140528
Ikarus Trojan-PWS.Win32.Zbot 20140528
K7AntiVirus Backdoor ( 04c4f22b1 ) 20140527
K7GW Backdoor ( 04c4f22b1 ) 20140527
Kaspersky Trojan-Spy.Win32.Zbot.kiqd 20140528
Kingsoft Win32.Troj.Zbot.ki.(kcloud) 20140528
Malwarebytes Virus.Expiro 20140528
McAfee RDN/PWS-Zbot.vo!f 20140528
McAfee-GW-Edition RDN/PWS-Zbot.vo!f 20140527
Microsoft PWS:Win32/Zbot 20140527
eScan Trojan.GenericKDZ.14350 20140528
NANO-Antivirus Trojan.Win32.Zbot.bslakq 20140528
Norman ZBot.IYCS 20140527
nProtect Trojan-Spy/W32.ZBot.241664.AK 20140527
Panda Generic Malware 20140527
Qihoo-360 HEUR/Malware.QVM07.Gen 20140528
Sophos AV Mal/Generic-S 20140528
SUPERAntiSpyware Trojan.Agent/Gen-Festo 20140528
Symantec Trojan.Gen 20140528
Tencent Win32.Trojan-Spy.Zbot.demn 20140528
TheHacker Trojan/Kryptik.ayvl 20140527
TrendMicro TSPY_ZBOT.PDA 20140528
TrendMicro-HouseCall TSPY_ZBOT.PDA 20140528
VBA32 TrojanSpy.Zbot 20140527
VIPRE Trojan.Win32.Generic!BT 20140528
ViRobot Trojan.Win32.S.Zbot.241664.C 20140527
AhnLab-V3 20140527
ByteHero 20140528
CAT-QuickHeal 20140527
ClamAV 20140527
CMC 20140526
Commtouch 20140527
F-Prot 20140527
Jiangmin 20140527
Rising 20140527
TotalDefense 20140527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-11 14:52:43
Entry Point 0x00004109
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
CreateWaitableTimerA
lstrcmpiA
EndUpdateResourceW
MoveFileWithProgressW
CreateMailslotW
GetOEMCP
LCMapStringA
HeapDestroy
GlobalGetAtomNameA
GetEnvironmentStringsW
LoadLibraryA
EndUpdateResourceA
RtlUnwind
lstrlenW
FreeEnvironmentStringsA
GetStartupInfoA
GetPriorityClass
SwitchToThread
GetEnvironmentStrings
WritePrivateProfileStringA
MapViewOfFileEx
UnhandledExceptionFilter
SetTapePosition
DeleteFileA
WideCharToMultiByte
ExitProcess
MultiByteToWideChar
GetAtomNameW
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
CancelIo
WriteFileGather
SetStdHandle
EnumResourceNamesW
GetModuleHandleA
GetBinaryTypeW
WaitForDebugEvent
SetFilePointer
GetSystemTimeAdjustment
FindNextFileW
GlobalAddAtomA
_hwrite
WriteFile
GetCurrentProcess
CreateMutexW
QueryInformationJobObject
GetACP
HeapReAlloc
GetStringTypeW
FreeResource
QueryDosDeviceA
TerminateProcess
GetProcessAffinityMask
GetModuleFileNameA
WaitNamedPipeA
ConvertThreadToFiber
ReadDirectoryChangesW
HeapCreate
VirtualFree
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
BeginUpdateResourceA
ShowScrollBar
EnumDesktopsA
wsprintfW
SendDlgItemMessageW
OpenWindowStationA
GetMenuStringW
Number of PE resources by type
RT_DIALOG 13
RT_MENU 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:04:11 15:52:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40448

LinkerVersion
6.0

FileAccessDate
2014:05:28 02:20:02+01:00

EntryPoint
0x4109

InitializedDataSize
201216

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:28 02:20:02+01:00

UninitializedDataSize
0

File identification
MD5 d9cd3b5676169489c6519aa2c786cc3c
SHA1 b813880b3e1e7786513ed95133e1188daf5f9f7a
SHA256 bfcbe3f59e676e68d9d821b5ba56b1ce916c045680fd05a02d3bf5113e4de323
ssdeep
6144:nAs3gissxeWxzgy0VEyv2xuTZYCg9eVODxK:nAsdsA1J0VEyvPyeVOVK

imphash 462f82f9b2691e1913f1fc2ed10c47ed
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-12 11:11:55 UTC ( 5 years, 7 months ago )
Last submission 2013-04-12 11:11:55 UTC ( 5 years, 7 months ago )
File names vt-upload-1jvJ8
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Deleted keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications