× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c09d2c4c31769ec1ee32e14e75b2170d19295094608da1c659bdab6999122a1d
File name: 38e714d5391f05d848fa1ab6b9db7527
Detection ratio: 41 / 56
Analysis date: 2015-06-24 21:37:44 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Foreign.2 20150624
Yandex TrojanSpy.Zbot!r5qHdnArGqY 20150624
AhnLab-V3 Malware/Win32.Generic 20150624
ALYac Trojan.Foreign.2 20150624
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150624
Arcabit Trojan.Foreign.2 20150624
Avast Win32:Malware-gen 20150624
AVG Crypt3.BLOP 20150624
Avira (no cloud) TR/Crypt.Xpack.116355 20150624
AVware Trojan.Win32.Generic!BT 20150624
Baidu-International Adware.Win32.iBryte.CTAX 20150624
BitDefender Trojan.Foreign.2 20150624
CAT-QuickHeal Trojan.Generic.B4 20150624
Comodo UnclassifiedMalware 20150624
Cyren W32/Trojan.BMCA-0475 20150624
DrWeb Trojan.PWS.Panda.7708 20150624
Emsisoft Trojan.Foreign.2 (B) 20150624
ESET-NOD32 a variant of Win32/Kryptik.CTAX 20150624
F-Secure Trojan.Foreign.2 20150624
Fortinet W32/Zbot.CTAX!tr 20150624
GData Trojan.Foreign.2 20150624
Ikarus Trojan-Spy.Zbot 20150624
K7AntiVirus Trojan ( 004b29581 ) 20150624
K7GW Trojan ( 004b29581 ) 20150624
Kaspersky Trojan-Spy.Win32.Zbot.ushd 20150624
Malwarebytes Trojan.Zbot 20150624
McAfee Generic-FAVU!38E714D5391F 20150624
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20150624
Microsoft PWS:Win32/Zbot!rfn 20150624
eScan Trojan.Foreign.2 20150624
NANO-Antivirus Trojan.Win32.Zbot.dknrze 20150624
nProtect Trojan-Spy/W32.ZBot.290304.AK 20150624
Panda Trj/Genetic.gen 20150624
Qihoo-360 Win32/Trojan.afb 20150624
Rising PE:Trojan.Win32.Generic.17D353A7!399725479 20150623
Sophos AV Mal/Generic-S 20150624
Symantec Trojan.Gen 20150624
TotalDefense Win32/Zbot.ZELUbIC 20150624
TrendMicro TROJ_GEN.F0C2C00LN14 20150624
VIPRE Trojan.Win32.Generic!BT 20150624
Zillya Trojan.Zbot.Win32.171573 20150624
AegisLab 20150624
Alibaba 20150624
Bkav 20150624
ByteHero 20150624
ClamAV 20150624
F-Prot 20150624
Jiangmin 20150624
Kingsoft 20150624
SUPERAntiSpyware 20150624
Tencent 20150624
TheHacker 20150624
TrendMicro-HouseCall 20150624
VBA32 20150624
ViRobot 20150624
Zoner 20150624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2014 Inkscape

Publisher inkscape.org
Product Inkscape
Internal name Inkscape
File version 0.48.5
Description Inkscape
Comments Published under the GNU GPL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-15 13:09:27
Entry Point 0x0000296C
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
RegQueryValueExW
InitCommonControlsEx
GetDeviceCaps
CreateDCA
CreateBitmapIndirect
CreateICA
TextOutW
DeleteDC
RestoreDC
SelectObject
CreatePalette
RealizePalette
SelectPalette
GetTextMetricsA
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
UpdateColors
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
ReadFile
SetHandleCount
LoadLibraryW
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
_lcreat
GetFileSize
RtlUnwind
lstrlenW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
_lwrite
GetConsoleMode
DecodePointer
GetCurrentProcessId
WriteConsoleW
GetProcessHeaps
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
EncodePointer
GetProcessHeap
SetStdHandle
GetTimeFormatW
lstrcpyW
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
_lclose
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
CreateFileW
FindClose
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
GetStartupInfoW
LocalAlloc
SetLastError
LeaveCriticalSection
GetPwrCapabilities
PathFileExistsW
SetFocus
BeginPaint
GetMonitorInfoA
ShowWindow
LoadBitmapA
SetWindowPos
EnumDisplayMonitors
GetSystemMetrics
IsWindow
GetWindowRect
AppendMenuW
GetDlgItemTextW
SetDlgItemTextW
GetDC
ReleaseDC
SetSysColors
CreatePopupMenu
SendMessageW
SendMessageA
LoadStringW
GetClientRect
CreateWindowExA
GetDlgItem
SystemParametersInfoW
GetClassLongA
GetWindowLongA
SetTimer
LoadImageW
LoadIconA
SetWindowTextW
GetWindowTextW
GetMenuState
GetSystemMenu
GetWindowTextLengthW
wsprintfW
IsAppThemed
GetThemeDocumentationProperty
CreateBindCtx
Number of PE resources by type
RT_BITMAP 9
RT_ICON 6
RT_STRING 6
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
FileDescription
Inkscape

Comments
Published under the GNU GPL

InitializedDataSize
94720

ImageVersion
0.0

ProductName
Inkscape

FileVersionNumber
0.48.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.48.5

TimeStamp
2014:12:15 14:09:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Inkscape

ProductVersion
0.48.5

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
2014 Inkscape

MachineType
Intel 386 or later, and compatibles

CompanyName
inkscape.org

CodeSize
194560

FileSubtype
0

ProductVersionNumber
0.48.5.0

EntryPoint
0x296c

ObjectFileType
Executable application

File identification
MD5 38e714d5391f05d848fa1ab6b9db7527
SHA1 4fe2018f4918b425a7613946202166f657f2d21d
SHA256 c09d2c4c31769ec1ee32e14e75b2170d19295094608da1c659bdab6999122a1d
ssdeep
6144:OiNSdRXJ2ZcLU2ruAVO+HKgeDvJnHCzICk/iDKF6+2222222J222Ztn:tSdR6EU2ruyHKnDvFCxON

authentihash 51d3d9112f5117fbaa0a7159773341fb2202d7ac196dfc9704aa4f4e629f76df
imphash 8a5a52d9f4a0a45caf8ffb4dac4068e4
File size 283.5 KB ( 290304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-24 21:37:44 UTC ( 3 years, 9 months ago )
Last submission 2015-06-24 21:37:44 UTC ( 3 years, 9 months ago )
File names Inkscape
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.