× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c58605fd241a5999a63de5ff58b7552ff961831a6b3d0460073abd62e916a8aa
File name: BotzGA.exe
Detection ratio: 26 / 53
Analysis date: 2016-11-06 13:15:54 UTC ( 1 year, 1 month ago )
Antivirus Result Update
AegisLab DangerousObject.Multi.Generic!c 20161106
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20161106
Avast Win32:Malware-gen 20161106
Avira (no cloud) TR/Rogue.377856.17 20161106
AVware Trojan.Win32.Generic!BT 20161106
Baidu Multi.Threats.InArchive 20161104
Comodo UnclassifiedMalware 20161106
Cyren W32/Trojan.SW.gen!Eldorado 20161106
DrWeb Trojan.DownLoader9.43701 20161106
ESET-NOD32 BAT/HostsChanger.A potentially unsafe 20161106
F-Prot W32/Trojan.SW.gen!Eldorado 20161106
GData Win32.Application.Agent.E3IQVI 20161106
Ikarus Trojan.Graftor 20161106
Sophos ML generic.a 20161018
Jiangmin RemoteAdmin.WinVNC.cd 20161106
K7AntiVirus Unwanted-Program ( 004b9c8e1 ) 20161106
K7GW Unwanted-Program ( 004b9c8e1 ) 20161106
McAfee RDN/Generic.hra!cd 20161106
McAfee-GW-Edition RDN/Generic PUP.x 20161106
Microsoft HackTool:Win32/Keygen 20161106
NANO-Antivirus Trojan.Win32.Hosts.dodtsn 20161106
Panda Trj/CI.A 20161106
Qihoo-360 HEUR/QVM06.1.0000.Malware.Gen 20161106
Sophos AV Mal/Generic-S 20161106
Yandex HackTool.WinActivator! 20161105
Zillya Trojan.Yakes.Win32.40711 20161105
Ad-Aware 20161106
AhnLab-V3 20161106
Alibaba 20161104
ALYac 20161106
Arcabit 20161106
AVG 20161106
BitDefender 20161106
Bkav 20161105
CAT-QuickHeal 20161105
ClamAV 20161106
CMC 20161106
CrowdStrike Falcon (ML) 20161024
Emsisoft 20161106
F-Secure 20161106
Fortinet 20161106
Kaspersky 20161106
Kingsoft 20161106
Malwarebytes 20161106
eScan 20161106
nProtect 20161106
Rising 20161106
SUPERAntiSpyware 20161106
Symantec 20161106
Tencent 20161106
TheHacker 20161106
TrendMicro 20161106
TrendMicro-HouseCall 20161106
VBA32 20161105
VIPRE 20161106
ViRobot 20161106
Zoner 20161106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Unicode, ZIP, maxorder, appended, NSIS, RAR, UTF-8, UPX, INNO, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-17 14:55:26
Entry Point 0x00009F40
Number of sections 5
PE sections
Overlays
MD5 b440ae66d3fdd88110b263bef3027f92
File type application/zip
Offset 79872
Size 48356960
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
CreateFileMappingW
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
CompareStringW
GetTickCount
SetFileTime
GetFileAttributesW
GetCommandLineW
IsDBCSLeadByte
FileTimeToLocalFileTime
OpenFileMappingW
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
MapViewOfFile
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetFullPathNameA
GetTimeFormatW
SetFileAttributesW
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
GetFileAttributesA
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
WriteFile
FindFirstFileA
FindNextFileA
SetEnvironmentVariableW
HeapReAlloc
GetModuleHandleW
SetFileAttributesA
FreeLibrary
GetFileType
GetTempPathW
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
MoveFileW
GetFullPathNameW
CreateFileA
HeapAlloc
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
MessageBoxW
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
OemToCharBuffA
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
CreateWindowExW
ReleaseDC
DestroyIcon
ShowWindow
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
IsWindow
OemToCharA
PeekMessageW
CharUpperA
GetClassNameW
EnableWindow
SetWindowTextW
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:17 15:55:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
9.0

EntryPoint
0x9f40

InitializedDataSize
160256

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ddeacdb9c13cb83cb51e87ceaed36a91
SHA1 bbc5c37e592938363f1356306c837703d3996439
SHA256 c58605fd241a5999a63de5ff58b7552ff961831a6b3d0460073abd62e916a8aa
ssdeep
786432:BE9DcYPjUA3+64SIhJJx5Nm8lqslARs8EyDlfU1s4AkWAXzKaeMDgxUMFD:BQL+fLvFmnBysPkXzKfIMFD

authentihash 2dab2f50bc9813f2398f70a8725c8fc5141c24cd91ea60f076022484e8d4fd8d
imphash fe665f2b5496671c416fff0c4aa96adf
File size 46.2 MB ( 48436832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2016-11-06 13:15:54 UTC ( 1 year, 1 month ago )
Last submission 2016-11-06 13:15:54 UTC ( 1 year, 1 month ago )
File names BotzGA.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!