× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3f8265bfcc61ef328a8f776318d74e588873047f51e0dc8e445c1f6d4334f30
File name: vti-rescan
Detection ratio: 38 / 56
Analysis date: 2015-10-06 08:57:59 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.4135 20151006
Yandex Trojan.ZBoter.Gen.VA 20151004
AhnLab-V3 Trojan/Win32.Zbot 20151006
ALYac Gen:Variant.Symmi.4135 20151006
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20151006
Arcabit Trojan.Symmi.D1027 20151006
Avast Win32:GenMalicious-HMV [Trj] 20151006
AVG Agent.7.BB 20151006
Avira (no cloud) TR/Kazy.MK 20151006
AVware Trojan-PWS.Win32.Zbot.aac (v) 20151006
BitDefender Gen:Variant.Symmi.4135 20151006
Bkav HW32.Packed.6E33 20151005
Comodo TrojWare.Win32.Kazy.MKD 20151006
Cyren W32/Zbot.BR.gen!Eldorado 20151006
Emsisoft Gen:Variant.Symmi.4135 (B) 20151006
ESET-NOD32 a variant of Win32/Spy.Zbot.YW 20151006
F-Prot W32/Zbot.BR.gen!Eldorado 20151006
F-Secure Gen:Variant.Symmi.4135 20151006
Fortinet W32/Zbot.YW!tr 20151006
GData Gen:Variant.Symmi.4135 20151006
Ikarus Trojan-Spy.Zbot 20151006
K7AntiVirus Spyware ( 002891031 ) 20151006
K7GW Spyware ( 002891031 ) 20151006
Kaspersky HEUR:Trojan.Win32.Generic 20151006
McAfee PWS-Zbot.gen.ds 20151006
McAfee-GW-Edition PWS-Zbot.gen.ds 20151006
Microsoft PWS:Win32/Zbot!CI 20151006
eScan Gen:Variant.Symmi.4135 20151006
NANO-Antivirus Trojan.Win32.Panda.dxmgiz 20151006
Panda Trj/Genetic.gen 20151005
Qihoo-360 Win32/Trojan.333 20151006
Rising PE:Stealer.Zbot!1.648A[F1] 20151005
Sophos AV Mal/Zbot-HX 20151006
Tencent Trojan.Win32.Zbot.aaw 20151006
TrendMicro TROJ_DYER.BMC 20151006
TrendMicro-HouseCall TROJ_DYER.BMC 20151006
VBA32 SScope.Trojan.FakeAV.01110 20151005
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20151006
AegisLab 20151006
Alibaba 20150927
Baidu-International 20151006
ByteHero 20151006
CAT-QuickHeal 20151005
ClamAV 20151006
CMC 20151005
DrWeb 20151006
Jiangmin 20151005
Kingsoft 20151006
Malwarebytes 20151006
nProtect 20151006
SUPERAntiSpyware 20151006
Symantec 20151005
TheHacker 20151006
ViRobot 20151006
Zillya 20151005
Zoner 20151006
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-22 18:52:21
Entry Point 0x00014B8E
Number of sections 3
PE sections
Overlays
MD5 6852221946da1cc02d48f4854bee8dbf
File type data
Offset 1577984
Size 512
Entropy 7.55
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegSetValueExW
CryptGetHashParam
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
CryptUnprotectData
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
WriteFile
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
ResumeThread
GetTimeZoneInformation
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
LoadLibraryA
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
CreateRemoteThread
GetWindowsDirectoryW
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
GlobalLock
CreateEventW
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
OpenEventW
GlobalUnlock
Process32NextW
VirtualFree
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
GetTempPathW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
StrStrIA
PathIsDirectoryW
PathRemoveBackslashW
PathIsURLW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
SHDeleteKeyW
PathSkipRootW
PathRemoveFileSpecW
StrStrIW
StrStrA
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathQuoteSpacesW
PathAddExtensionW
StrStrW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
GetDC
GetCursorPos
ReleaseDC
GetMenu
EndMenu
DefFrameProcA
DefMDIChildProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
CharToOemW
GetMenuItemID
DrawEdge
GetUserObjectInformationW
GetParent
EqualRect
DefMDIChildProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
CharLowerA
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
GetMessageA
SwitchDesktop
BeginPaint
DefWindowProcW
DrawIcon
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SetProcessWindowStation
PostMessageW
GetClassLongW
CreateWindowStationW
SetKeyboardState
CloseWindowStation
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
GetMenuState
DispatchMessageW
GetProcessWindowStation
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
SendMessageW
RegisterClassExW
CallWindowProcA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
DefDlgProcW
HttpSendRequestA
InternetSetStatusCallbackW
InternetReadFileExA
InternetQueryOptionW
HttpOpenRequestA
InternetReadFile
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
shutdown
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
send
getsockname
WSASetLastError
select
recv
WSASend
WSAGetLastError
listen
WSAEventSelect
getpeername
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
connect
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
Compressed bundles
File identification
MD5 36269d4e8402c65c5f46aef0313db9c3
SHA1 c884ba2f073a775a69d03f6342804c3c4f6abb5d
SHA256 c3f8265bfcc61ef328a8f776318d74e588873047f51e0dc8e445c1f6d4334f30
ssdeep
24576:FKNTb9KPXl+Rpxy4E1sImcB6KLH0cO9yYW1ZKMD/BUleKhZUWpKm1fD2lU35I0:IF9olCi4KszLaH0CYWh6rUWd1C67

authentihash 64f40cdc6752db6a81e4ab29e8dfa7ceacf04f55d8cb498bd97a6fd837ed3679
imphash 073b635f96d34dbfc010cbb9ab2d156d
File size 1.5 MB ( 1578496 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (38.8%)
DOS Executable Borland Pascal 7.0x (17.5%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Music Craft Score (8.6%)
Tags
mz overlay

VirusTotal metadata
First submission 2015-10-02 21:23:22 UTC ( 3 years, 7 months ago )
Last submission 2019-02-04 00:17:02 UTC ( 3 months, 2 weeks ago )
File names bot.exe
q0E26b.rtf
bot.exe
c3f8265bfcc61ef328a8f776318d74e588873047f51e0dc8e445c1f6d4334f30.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs