× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7acaacd4bb3a45cebc1280480149973a051ef0da8a2170c4f1ce5e41a78a6cb
File name: 0e7030ac29aeb6facd462a917780f87b
Detection ratio: 21 / 57
Analysis date: 2015-02-02 06:25:05 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.76323 20150202
ALYac Gen:Variant.Strictor.76323 20150202
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150202
Avast Win32:Malware-gen 20150202
Avira (no cloud) TR/Crypt.ZPACK.121406 20150201
BitDefender Gen:Variant.Strictor.76323 20150202
Emsisoft Gen:Variant.Strictor.76323 (B) 20150202
ESET-NOD32 Win32/Spy.Zbot.ACB 20150202
F-Secure Gen:Variant.Strictor.76323 20150201
Fortinet W32/Zbot.ACB!tr.spy 20150202
GData Gen:Variant.Strictor.76323 20150202
Kaspersky Trojan-Spy.Win32.Zbot.uwow 20150202
Malwarebytes Trojan.Agent.ED 20150201
McAfee Artemis!0E7030AC29AE 20150202
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20150202
Microsoft PWS:Win32/Zbot.gen!VM 20150202
eScan Gen:Variant.Strictor.76323 20150202
NANO-Antivirus Trojan.Win32.Zbot.dmuqqq 20150202
Panda Trj/Chgt.O 20150201
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150130
Sophos AV Mal/Generic-S 20150202
AegisLab 20150202
Yandex 20150201
AhnLab-V3 20150202
Alibaba 20150201
AVG 20150202
AVware 20150202
Baidu-International 20150130
Bkav 20150202
ByteHero 20150202
CAT-QuickHeal 20150202
ClamAV 20150202
CMC 20150129
Comodo 20150202
Cyren 20150202
DrWeb 20150202
F-Prot 20150202
Ikarus 20150202
Jiangmin 20150131
K7AntiVirus 20150201
K7GW 20150130
Kingsoft 20150202
Norman 20150201
nProtect 20150130
Qihoo-360 20150202
SUPERAntiSpyware 20150201
Symantec 20150202
Tencent 20150202
TheHacker 20150131
TotalDefense 20150201
TrendMicro 20150202
TrendMicro-HouseCall 20150202
VBA32 20150129
VIPRE 20150202
ViRobot 20150202
Zillya 20150202
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-22 16:26:56
Entry Point 0x00037352
Number of sections 4
PE sections
Overlays
MD5 53eafe8162c0b10d202f7af51202c766
File type data
Offset 245760
Size 137878
Entropy 7.99
PE imports
GetClusterNetInterfaceKey
ClusterGroupControl
GetClusterResourceKey
ResetDCW
GetRasterizerCaps
GetEnhMetaFilePaletteEntries
CopyFileW
GetDriveTypeW
GetFileAttributesA
GlobalFree
GetConsoleCP
GetOEMCP
GlobalGetAtomNameA
BuildCommDCBW
FlushFileBuffers
GetWindowsDirectoryW
GlobalSize
GetQueuedCompletionStatus
GetStartupInfoA
GetPriorityClass
FileTimeToDosDateTime
GetEnvironmentStrings
GetWindowsDirectoryA
GetLogicalDriveStringsA
Process32First
GetProcessHeaps
GetCurrentDirectoryA
GetDateFormatW
GetStartupInfoW
GetCompressedFileSizeA
GlobalLock
CancelIo
EnumResourceLanguagesW
CreateThread
FileTimeToLocalFileTime
GetModuleHandleA
GetDiskFreeSpaceW
FindResourceExW
GetMailslotInfo
GetProcessWorkingSetSize
EnumSystemLocalesA
DuplicateHandle
GetDiskFreeSpaceA
EscapeCommFunction
GetPrivateProfileSectionW
HeapLock
GlobalMemoryStatus
ConnectNamedPipe
GetTimeZoneInformation
FreeLibraryAndExitThread
CompareFileTime
FindResourceW
GlobalAlloc
DebugActiveProcess
CreateEventA
FindClose
GetFullPathNameW
GetVersion
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
strlen
_adjust_fdiv
__set_app_type
NdrPointerUnmarshall
IUnknown_Release_Proxy
RpcRevertToSelf
RpcMgmtEpEltInqNextW
NdrComplexStructUnmarshall
RpcServerRegisterAuthInfoA
NdrInterfacePointerFree
NdrConformantArrayUnmarshall
MesDecodeBufferHandleCreate
data_into_ndr
RpcSsFree
NdrUserMarshalFree
I_RpcFreeBuffer
RpcMgmtSetServerStackSize
NdrNonEncapsulatedUnionMarshall
NdrServerContextUnmarshall
NdrVaryingArrayMemorySize
NdrConformantVaryingArrayMarshall
SHQueryRecycleBinW
ShellExecuteExW
GetMessageA
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
EndPaint
LookupIconIdFromDirectory
TranslateMessage
RegisterClassExA
DrawTextA
LoadStringA
SendMessageA
GetClientRect
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
IsDlgButtonChecked
CreateAcceleratorTableA
DestroyWindow
mmioRenameA
mixerOpen
waveOutClose
mmioStringToFOURCCA
waveOutUnprepareHeader
mmioAscend
midiStreamPosition
waveInUnprepareHeader
midiInPrepareHeader
waveOutGetVolume
sndPlaySoundW
midiOutGetErrorTextA
DefDriverProc
midiOutClose
AddPrintProcessorA
AdvancedDocumentPropertiesW
FindClosePrinterChangeNotification
EnumPrinterKeyA
DeleteMonitorW
EnumPrintersW
SetPrinterDataA
EnumPortsA
OleSetAutoConvert
OleTranslateAccelerator
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
185.0.39180.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1404928

EntryPoint
0x37352

OriginalFileName
augustus.exe

MIMEType
application/octet-stream

LegalCopyright
wreaths 2015

FileVersion
1, 0, 0, 1

TimeStamp
2015:01:22 17:26:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
willow

ProductVersion
1, 0, 0, 1

FileDescription
warming

OSVersion
4.0

FileOS
Unknown (0xf0004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
225280

ProductName
unload angels

ProductVersionNumber
250.0.27599.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0e7030ac29aeb6facd462a917780f87b
SHA1 1b1acd252d1bbedad0a136df48f65657f42cb397
SHA256 c7acaacd4bb3a45cebc1280480149973a051ef0da8a2170c4f1ce5e41a78a6cb
ssdeep
6144:iMcMOqjDQm8CWmcjYitu4mxUCTOQCfAkxMXcMOqjDQm8CWmcjYitu4mxu:iMcWjDcCWJluFCAk+cWjDcCWJluu

authentihash eef729d6bfb97b723934621c824db010c69a8a9c5ff95d48ee7ba5ec300451f4
imphash 7c3b2260587364d9260087dca30eb729
File size 374.6 KB ( 383638 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-02 06:25:05 UTC ( 4 years, 1 month ago )
Last submission 2015-02-02 06:25:05 UTC ( 4 years, 1 month ago )
File names 0e7030ac29aeb6facd462a917780f87b
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0DB815.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.