× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0e7b775408bd7644009eb223328f69ed338687d792d5b539cd55e7a73fa47b3
File name: a022bc31742da5755e616baa559ad0038533c842_mysql.ex
Detection ratio: 50 / 55
Analysis date: 2015-07-26 10:34:40 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Krypt.22 20150726
Yandex TrojanSpy.Zbot!6pnAuRD3d6Y 20150725
AhnLab-V3 Win-Trojan/Zbot10.Gen 20150725
ALYac Spyware.Zbot.mg 20150725
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150726
Arcabit Trojan.Krypt.22 20150726
Avast Win32:Rootkit-gen [Rtk] 20150726
AVG Win32/Cryptor 20150726
Avira (no cloud) TR/Crypt.XPACK.Gen 20150725
AVware Trojan-Spy.Win32.Zbot.gen (v) 20150726
Baidu-International Trojan.Win32.Zbot.apbg 20150726
BitDefender Gen:Heur.Krypt.22 20150726
Bkav W32.Sdra64TPID.Rootkit 20150724
CAT-QuickHeal Win32.Packed.Krap.ao.7 20150725
ClamAV Trojan.Zbot-7636 20150726
Comodo TrojWare.Win32.PkdKrap.AO 20150726
Cyren W32/Zbot.U.gen!Eldorado 20150726
DrWeb Trojan.Winlock.967 20150726
Emsisoft Gen:Heur.Krypt.22 (B) 20150726
ESET-NOD32 Win32/Spy.Zbot.XJ 20150726
F-Prot W32/Trojan2.LPFS 20150726
F-Secure Gen:Heur.Krypt.22 20150725
Fortinet W32/Zbot.AD!tr.pws 20150726
GData Gen:Heur.Krypt.22 20150726
Ikarus Packed.Win32.Krap 20150726
Jiangmin TrojanSpy.Zbot.zgx 20150725
K7AntiVirus Backdoor ( 04c526261 ) 20150726
K7GW Backdoor ( 04c526261 ) 20150726
Kaspersky Trojan-Spy.Win32.Zbot.apbg 20150726
Kingsoft Win32.Troj.Zbot.(kcloud) 20150726
Malwarebytes Spyware.Passwords 20150724
McAfee PWS-Zbot.gen.ad 20150726
McAfee-GW-Edition PWS-Zbot.gen.ad 20150726
Microsoft PWS:Win32/Zbot.gen!R 20150726
eScan Gen:Heur.Krypt.22 20150726
NANO-Antivirus Trojan.Win32.FakeAV.lcjr 20150726
Panda Generic Malware 20150726
Qihoo-360 Malware.Radar01.Gen 20150726
Rising PE:Trojan.Win32.Generic.11F29644!301110852 20150722
Sophos AV Mal/FakeAV-BW 20150726
SUPERAntiSpyware Trojan.Agent/Gen 20150726
Symantec Trojan.Zbot 20150726
Tencent Win32.Trojan-spy.Zbot.Swve 20150726
TheHacker Trojan/Spy.Zbot.adua 20150723
TrendMicro TROJ_RANSOM.SMJ 20150726
TrendMicro-HouseCall TROJ_RANSOM.SMJ 20150726
VBA32 BScope.Trojan-Spy.Zbot 20150725
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20150726
ViRobot Spyware.Zbot.119296.E[h] 20150726
Zillya Trojan.Zbot.Win32.15930 20150726
AegisLab 20150726
Alibaba 20150724
ByteHero 20150726
nProtect 20150723
Zoner 20150726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2004-2008 by Ronen Tzur

Publisher tzuk
Product Sandboxie
Original name Start.exe
Internal name Start
File version 3.26
Description Sandboxie Start
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-07 03:34:02
Entry Point 0x000010C9
Number of sections 7
PE sections
PE imports
EnumResourceTypesA
GetStartupInfoA
GetModuleHandleA
LockResource
VirtualQueryEx
ExitProcess
EnumResourceNamesA
FindResourceA
VirtualAlloc
CoRegisterMallocSpy
BindMoniker
CLIPFORMAT_UserFree
PropVariantChangeType
SendDlgItemMessageA
SetParent
MessageBoxA
SendMessageA
CallWindowProcA
DialogBoxParamA
setsockopt
bind
send
WSACleanup
WSAStartup
closesocket
listen
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.26.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
118272

EntryPoint
0x10c9

OriginalFileName
Start.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004-2008 by Ronen Tzur

FileVersion
3.26

TimeStamp
2006:04:07 04:34:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Start

ProductVersion
3.26

FileDescription
Sandboxie Start

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
tzuk

CodeSize
1536

ProductName
Sandboxie

ProductVersionNumber
3.26.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 51fe34d372d9ac9aa468f59aa0981055
SHA1 a022bc31742da5755e616baa559ad0038533c842
SHA256 c0e7b775408bd7644009eb223328f69ed338687d792d5b539cd55e7a73fa47b3
ssdeep
3072:FZYmUjgnohqN3ZyXn1bGkfyhUGWPkEhpqnAhEWU3:MphI3ZyXn1bGKGWPkEhSAhEWU3

authentihash fa653e945746fd3b87efe3cc484423e9af4d7e387fb316b8b44e926c0a569bf5
imphash 211e31f64ca52d22db0f4061baf54dad
File size 116.5 KB ( 119296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-01-14 17:58:15 UTC ( 9 years, 3 months ago )
Last submission 2015-07-26 10:34:40 UTC ( 3 years, 8 months ago )
File names a022bc31742da5755e616baa559ad0038533c842_mysql.ex
Start
atm0.dotx
aa
Start.exe
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!