× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd6a74aa79ab93a18c6edac677c930c4d26c404cd06e2b02e52c1af4e180759e
File name: RemoteDll
Detection ratio: 59 / 67
Analysis date: 2018-01-12 16:23:23 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.388143 20180113
AegisLab Troj.W32.Jorik.Zbot.afe!c 20180112
AhnLab-V3 Trojan/Win32.Jorik.C121339 20180112
ALYac Trojan.Generic.KD.388143 20180113
Antiy-AVL Trojan[Spy]/Win32.Zbot 20180113
Arcabit Trojan.Generic.KD.D5EC2F 20180113
Avast Win32:Nedsym-NC [Trj] 20180113
AVG Win32:Nedsym-NC [Trj] 20180113
Avira (no cloud) TR/Offend.KD.388143 20180112
AVware Trojan.Win32.Generic!BT 20180103
BitDefender Trojan.Generic.KD.388143 20180113
Bkav HW32.Packed.3C29 20180112
CAT-QuickHeal Trojan.Bulta 20180112
ClamAV Win.Trojan.Zbot-14033 20180112
Comodo TrojWare.Win32.Spy.Zbot.HZB 20180113
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180113
Cyren W32/Zbot.DF.gen!Eldorado 20180113
DrWeb Win32.HLLW.Autoruner1.1084 20180113
eGambit Unsafe.AI_Score_57% 20180113
Emsisoft Trojan.Generic.KD.388143 (B) 20180113
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 Win32/Spy.Zbot.YW 20180113
F-Prot W32/Zbot.BEF 20180113
F-Secure Trojan.Generic.KD.388143 20180113
Fortinet W32/ZBOT.XP!tr 20180113
GData Trojan.Generic.KD.388143 20180113
Ikarus Trojan.Win32.Jorik 20180112
Sophos ML heuristic 20170914
Jiangmin Trojan/Jorik.uiv 20180113
K7AntiVirus Trojan ( 002feb4d1 ) 20180112
K7GW Trojan ( 002feb4d1 ) 20180112
Kaspersky HEUR:Trojan.Win32.Generic 20180113
MAX malware (ai score=84) 20180113
McAfee PWS-Zbot.gen.hz 20180113
McAfee-GW-Edition PWS-Zbot.gen.hz 20180113
Microsoft PWS:Win32/Zbot 20180112
eScan Trojan.Generic.KD.388143 20180113
NANO-Antivirus Trojan.Win32.Autoruner1.emvrz 20180113
nProtect Trojan-Spy/W32.ZBot.213504.W 20180113
Palo Alto Networks (Known Signatures) generic.ml 20180113
Panda Generic Malware 20180112
Qihoo-360 Win32/Trojan.BO.c96 20180113
Rising Malware.Undefined!8.C (TFE:2:6QkLbqLfChM) 20180113
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/EncPk-WX 20180113
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20180113
Symantec Trojan.Zbot 20180112
Tencent Win32.Trojan.Jorik.hql 20180113
TheHacker Trojan/Spy.Zbot.yw 20180112
TotalDefense Win32/Zbot.FCM 20180112
TrendMicro TSPY_ZBOT.FJUJ 20180113
TrendMicro-HouseCall TSPY_ZBOT.FJUJ 20180113
VBA32 BScope.Trojan.Zbot.01456 20180112
VIPRE Trojan.Win32.Generic!BT 20180113
Yandex TrojanSpy.Zbot!PIWcCxHq7kc 20180112
Zillya Trojan.Jorik.Win32.22777 20180112
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180113
Alibaba 20180112
Avast-Mobile 20180112
Baidu 20180112
CMC 20180111
Kingsoft 20180113
Malwarebytes 20180113
Symantec Mobile Insight 20180112
Trustlook 20180113
ViRobot 20180112
WhiteArmor 20180110
Zoner 20180113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005

Product RemoteDll Application
Original name RemoteDll.EXE
Internal name RemoteDll
File version 1, 0, 0, 1
Description RemoteDll MFC Application
Packers identified
Command UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1989-08-07 20:03:38
Entry Point 0x02677000
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DeleteMenu
Number of PE resources by type
RT_VERSION 9
RT_VXD 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.89

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
40136704

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x2677000

OriginalFileName
RemoteDll.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005

FileVersion
1, 0, 0, 1

TimeStamp
1989:08:07 21:03:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RemoteDll

ProductVersion
1, 0, 0, 1

FileDescription
RemoteDll MFC Application

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
196608

ProductName
RemoteDll Application

ProductVersionNumber
1.0.0.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1427e16b75f417718d20463fe428dc97
SHA1 a66d16ec013885d73d9fba1c98a091dc27ee783b
SHA256 cd6a74aa79ab93a18c6edac677c930c4d26c404cd06e2b02e52c1af4e180759e
ssdeep
6144:rsHq9wVw5KsbkI/hjXfRzCCf8MJY5ts4Y:3wwKsbkAhjXBnNJY5W

authentihash ac1a5479e40ffe5e5f2f440b64cf0a5d7fddb88911144d2c92175c12400b593c
imphash 406c76a29475b8359eb1e1abbf29a7c6
File size 208.5 KB ( 213504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2011-10-28 13:05:57 UTC ( 7 years, 5 months ago )
Last submission 2014-01-03 16:12:15 UTC ( 5 years, 2 months ago )
File names 1084762
1063399
1063398
1427E16B75F417718D20463FE428DC97.bin
1082743
contacts(1).exe
cd6a74aa79ab93a18c6edac677c930c4d26c404cd06e2b02e52c1af4e180759e.bin
a66d16ec013885d73d9fba1c98a091dc27ee783b
zeusbin_1427e16b75f417718d20463fe428dc97.ex0
1427e16b75f417718d20463fe428dc97
1427e16b75f417718d20463fe428dc97a66d16ec013885d73d9fba1c98a091dc27ee783b213504.exe
1
readme.exe
1427e16b75f417718d20463fe428dc97
1074099
ZeuS_binary_1427e16b75f417718d20463fe428dc97.exe
26-zsOpfp
about.exe
1083895
wpbt0.dll
cd6a74aa79ab93a18c6edac677c930c4d26c404cd06e2b02e52c1af4e180759e
1082030
1082803
1074983
RemoteDll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!