× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0692d45de28a25aab14dcc7f1618462bb32a6ae1ab28f563a5f3e13b51a7180
File name: vt-upload-9TniQ
Detection ratio: 25 / 54
Analysis date: 2014-07-15 09:52:00 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.65713 20140715
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140715
Avast Win32:Kryptik-OAP [Trj] 20140715
AVG Zbot.LLW 20140715
Bkav HW32.CDB.Bd1e 20140714
CMC Trojan.Win32.Krap.1!O 20140714
Commtouch W32/PWS.YTKG-9153 20140715
DrWeb Trojan.Siggen6.20388 20140715
ESET-NOD32 Win32/Spy.Zbot.ABV 20140715
Fortinet W32/Zbot.ABV!tr 20140715
K7AntiVirus Trojan ( 0040f8c71 ) 20140714
K7GW Trojan ( 0040f8c71 ) 20140714
Kaspersky Trojan-Spy.Win32.Zbot.tmnd 20140715
Malwarebytes Spyware.Zbot.VXGen 20140715
McAfee RDN/Generic PWS.y!b2h 20140715
McAfee-GW-Edition BehavesLike.Win32.Worm.dh 20140715
Microsoft PWS:Win32/Zbot 20140715
NANO-Antivirus Trojan.Win32.Zbot.dcgcqu 20140715
Qihoo-360 HEUR/Malware.QVM20.Gen 20140715
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140715
Sophos AV Mal/Ransom-CV 20140715
Symantec WS.Reputation.1 20140715
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140715
TrendMicro-HouseCall TROJ_GEN.R011H08GB14 20140715
VIPRE Trojan.Win32.Generic!BT 20140715
Ad-Aware 20140715
AegisLab 20140715
Yandex 20140714
AhnLab-V3 20140715
Baidu-International 20140715
BitDefender 20140715
ByteHero 20140715
CAT-QuickHeal 20140715
ClamAV 20140714
Comodo 20140715
Emsisoft 20140715
F-Prot 20140715
F-Secure 20140715
GData 20140715
Ikarus 20140715
Jiangmin 20140715
Kingsoft 20140715
eScan 20140715
Norman 20140715
nProtect 20140714
Panda 20140714
SUPERAntiSpyware 20140715
TheHacker 20140714
TotalDefense 20140715
TrendMicro 20140715
VBA32 20140715
ViRobot 20140715
Zillya 20140714
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-31 06:14:18
Entry Point 0x00021CFE
Number of sections 4
PE sections
PE imports
SetMapMode
GetWindowOrgEx
GetGlyphOutlineW
SetColorSpace
CreateRectRgnIndirect
GdiGetSpoolFileHandle
GetMetaRgn
GetROP2
CombineRgn
InvertRgn
GetTextExtentPointA
SetLayout
SetWorldTransform
GetMetaFileA
DeviceCapabilitiesExW
CreateDCW
GetFontLanguageInfo
OffsetWindowOrgEx
CreateDIBPatternBrushPt
GdiGetPageCount
EnumFontsW
StrokePath
CreateDIBSection
ScaleViewportExtEx
DeleteObject
SetFontEnumeration
LineDDA
DeleteMetaFile
MaskBlt
GetVolumeNameForVolumeMountPointA
SetTimerQueueTimer
GetTimeFormatA
ProcessIdToSessionId
GlobalFix
RasQueryRedialOnLinkFailure
RasEnumConnectionsA
RasGetSubEntryPropertiesA
RasValidateEntryNameW
RasEnumConnectionsW
RasGetCredentialsA
RasConnectionNotificationW
RasClearLinkStatistics
RasAutodialEntryToNetwork
RasEditPhonebookEntryA
RasSetEntryDialParamsA
RasSetAutodialAddressA
RasGetEntryPropertiesW
RasSetCustomAuthDataW
RasGetProjectionInfoA
RasGetCustomAuthDataA
RasGetHport
RasGetAutodialParamA
RasGetEntryDialParamsW
RasDeleteEntryW
RasEnumDevicesW
RasSetSubEntryPropertiesW
RasSetAutodialParamA
RasGetErrorStringA
RasGetCustomAuthDataW
RasEnumAutodialAddressesA
RasDialA
GetClipCursor
CryptCATCDFEnumMembersByCDFTagEx
WintrustAddDefaultForUsage
WTHelperGetKnownUsages
SoftpubCheckCert
CryptCATAdminCalcHashFromFileHandle
WVTAsn1SpcLinkEncode
TrustIsCertificateSelfSigned
CryptCATGetAttrInfo
WVTAsn1SpcStatementTypeDecode
mscat32DllRegisterServer
WVTAsn1CatMemberInfoEncode
WTHelperCertIsSelfSigned
CryptCATCDFOpen
CryptCATAdminEnumCatalogFromHash
WTHelperCheckCertUsage
CryptSIPPutSignedDataMsg
DriverFinalPolicy
WVTAsn1SpcStatementTypeEncode
SoftpubLoadSignature
TrustDecode
Number of PE resources by type
RT_GROUP_CURSOR 5
RT_ICON 4
Struct(13) 4
Struct(15) 3
RT_MENU 3
RT_RCDATA 3
RT_FONT 2
RT_STRING 2
RT_CURSOR 2
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
DUTCH BELGIAN 22
ENGLISH AUS 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:05:31 07:14:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
143360

LinkerVersion
6.0

FileAccessDate
2014:07:29 06:41:14+01:00

EntryPoint
0x21cfe

InitializedDataSize
61952

SubsystemVersion
4.0

ImageVersion
7.3

OSVersion
4.0

FileCreateDate
2014:07:29 06:41:14+01:00

UninitializedDataSize
0

File identification
MD5 e3e76f373406941602fb090835d95e5b
SHA1 f3fe005c7d9fc9a449debb78b294b182bd23193c
SHA256 c0692d45de28a25aab14dcc7f1618462bb32a6ae1ab28f563a5f3e13b51a7180
ssdeep
3072:sa3eZCSeqLUEJUF7VR7lLebAvuYzcNV/mjjpz8j9m1f84bE+:53oRLiVR7NeSzWBgjpwQNb

imphash 6d0e31782f522ec30ff5848004d0e020
File size 201.5 KB ( 206336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-15 09:52:00 UTC ( 4 years, 8 months ago )
Last submission 2014-07-29 05:42:19 UTC ( 4 years, 7 months ago )
File names vt-upload-9TniQ
e3e76f373406941602fb090835d95e5b
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.