× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca56c58941fa922888771333994f5abee341fff8bf4626fa48210f86fcdc7b6f
File name: New Order.exe
Detection ratio: 31 / 50
Analysis date: 2014-04-17 14:40:43 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1638300 20140417
Yandex Trojan.Foreign!F6dg8ydIcJg 20140416
AhnLab-V3 Spyware/Win32.Zbot 20140417
AntiVir TR/Dropper.Gen2 20140417
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140417
Avast Win32:Malware-gen 20140417
AVG Zbot.HCK 20140417
Baidu-International Trojan.Win32.Zbot.AAO 20140416
BitDefender Trojan.GenericKD.1638300 20140417
Emsisoft Trojan.GenericKD.1638300 (B) 20140417
ESET-NOD32 Win32/Spy.Zbot.AAO 20140417
F-Secure Trojan.GenericKD.1638300 20140417
Fortinet W32/Foreign.KQLU!tr 20140417
GData Trojan.GenericKD.1638300 20140417
Ikarus Trojan-Dropper.Gen2 20140417
K7AntiVirus Spyware ( 0029a43a1 ) 20140416
K7GW Spyware ( 0029a43a1 ) 20140416
Kaspersky Trojan-Ransom.Win32.Foreign.kqlu 20140417
Malwarebytes Trojan.Agent.ED 20140417
McAfee RDN/Generic PWS.y!zd 20140417
McAfee-GW-Edition Artemis!4F6113FF3EC3 20140417
Microsoft PWS:Win32/Zbot 20140417
eScan Trojan.GenericKD.1638300 20140417
Norman Troj_Generic.TLIWF 20140417
nProtect Trojan.GenericKD.1638300 20140417
Panda Trj/CI.A 20140416
Sophos AV Mal/Inject-EQ 20140417
Symantec Trojan.Zbot 20140417
TrendMicro TROJ_GEN.R0CBC0DDD14 20140417
TrendMicro-HouseCall TROJ_GEN.R0CBC0DDD14 20140417
VIPRE Trojan.Win32.Generic!BT 20140417
AegisLab 20140417
Bkav 20140417
ByteHero 20140417
CAT-QuickHeal 20140416
ClamAV 20140417
CMC 20140417
Commtouch 20140417
Comodo 20140416
DrWeb 20140417
F-Prot 20140417
Jiangmin 20140417
Kingsoft 20140417
NANO-Antivirus 20140417
Qihoo-360 20140417
Rising 20140417
SUPERAntiSpyware 20140416
TheHacker 20140416
TotalDefense 20140417
VBA32 20140417
ViRobot 20140417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-10 03:24:42
Entry Point 0x0000E9A4
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
ReadFile
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
FileTimeToLocalFileTime
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
SetLastError
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
CopyFileExW
GetStartupInfoW
SetStdHandle
GetModuleFileNameW
WideCharToMultiByte
GetProcAddress
TlsFree
SetFilePointer
DeleteCriticalSection
FindNextFileW
SetUnhandledExceptionFilter
GetTempPathW
InterlockedIncrement
WaitForSingleObject
IsProcessorFeaturePresent
ReadConsoleOutputCharacterA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
GlobalMemoryStatus
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
TlsGetValue
Sleep
TerminateProcess
ReadConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CloseHandle
PathAddBackslashW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
StackWalk64
SymGetLineFromName64
SymRegisterCallback
DbgHelpCreateUserDump
FindDebugInfoFileEx
SymInitialize
OleUIBusyW
Number of PE resources by type
RT_DIALOG 6
RT_STRING 3
RT_HTML 1
Number of PE resources by language
ENGLISH US 6
RUSSIAN NEUTRAL 3
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:10 04:24:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97280

LinkerVersion
9.0

FileAccessDate
2014:04:17 15:41:27+01:00

EntryPoint
0xe9a4

InitializedDataSize
186880

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:04:17 15:41:27+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 4f6113ff3ec3957836110ef7d8a00605
SHA1 4da7b2de2e1b3b57d597ff10684ee4a087f19601
SHA256 ca56c58941fa922888771333994f5abee341fff8bf4626fa48210f86fcdc7b6f
ssdeep
6144:XS4/RlI5LXw+a/c9zXvSwzbERPTOQ/FjN7ZK6OYavqf:XS44zw+a/c9zXvlzgRSUjzOYavqf

imphash 10c82bab36255b27bad2b631dc517a1d
File size 279.5 KB ( 286208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-10 14:30:54 UTC ( 4 years, 8 months ago )
Last submission 2014-04-10 14:30:54 UTC ( 4 years, 8 months ago )
File names New Order.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs