× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce378833f42ec9176575552dc2ba5aa89349f9753379cfd2c25c89aba4454b11
File name: Eze
Detection ratio: 41 / 51
Analysis date: 2014-04-08 01:38:58 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.866172 20140408
Yandex TrojanSpy.Zbot!lG9S6p/esRE 20140407
AhnLab-V3 Win-Trojan/ASD.variant 20140407
AntiVir TR/Spy.ZBot.2561539 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140407
Avast Win32:Kryptik-LSA [Cryp] 20140407
AVG Zbot.XS 20140407
Baidu-International Trojan.Win32.Zbot.Axo 20140407
BitDefender Trojan.Generic.KDV.866172 20140408
Bkav W32.Clod6cb.Trojan.34b0 20140407
CAT-QuickHeal TrojanPWS.Zbot.Gen 20140407
Commtouch W32/Trojan.OLHN-3660 20140408
Comodo UnclassifiedMalware 20140408
DrWeb Trojan.PWS.Panda.2982 20140408
Emsisoft Trojan.Generic.KDV.866172 (B) 20140408
ESET-NOD32 Win32/Spy.Zbot.AAO 20140408
F-Secure Trojan.Generic.KDV.866172 20140408
GData Trojan.Generic.KDV.866172 20140408
Ikarus Win32.SuspectCrc 20140408
Jiangmin TrojanSpy.Zbot.eugf 20140407
K7AntiVirus Spyware ( 0029a43a1 ) 20140407
K7GW Backdoor ( 04c506891 ) 20140407
Kaspersky HEUR:Trojan.Win32.Generic 20140408
Kingsoft Win32.Troj.Zbot.jd.(kcloud) 20140408
Malwarebytes Trojan.Agent.ED 20140408
McAfee PWS-Zbot-FANY!E9EBC5974B81 20140408
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140408
Microsoft PWS:Win32/Zbot 20140408
eScan Trojan.Generic.KDV.866172 20140408
NANO-Antivirus Trojan.Win32.Zbot.bhusir 20140408
Norman Suspicious_Gen4.CKLVN 20140407
nProtect Trojan-Spy/W32.ZBot.196608.CZ 20140408
Panda Trj/Dtcontx.B 20140407
Qihoo-360 Win32/Trojan.Multi.daf 20140408
Sophos AV Mal/ZboCheMan-M 20140408
Symantec Trojan.Zbot 20140408
TheHacker Trojan/Spy.Zbot.aao 20140407
TrendMicro TROJ_GEN.R0CBC0CCH14 20140408
TrendMicro-HouseCall TROJ_GEN.R0CBC0CCH14 20140408
VBA32 BScope.Trojan.MTA.0661 20140407
VIPRE LooksLike.Win32.Zbot.a (v) 20140407
AegisLab 20140408
ByteHero 20140408
ClamAV 20140408
CMC 20140407
F-Prot 20140408
Fortinet 20140407
Rising 20140406
SUPERAntiSpyware 20140408
TotalDefense 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2004 Ygup Pereg. Balevi Qabara Ohig.

Publisher S(y>l
Internal name Eze
File version 10, 4, 6
Description Xoho Guwoma Gupigah
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-04 21:39:17
Entry Point 0x00276540
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
FindTextW
NetDfsEnum
ResUtilSetPropertyTable
SamConnect
CopyIcon
VerInstallFileA
WinStationRenameA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ESTONIAN DEFAULT 1
PE resources
ExifTool file metadata
CodeSize
196608

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
5.1

FileVersionNumber
10.4.0.0

UninitializedDataSize
2387968

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

MIMEType
application/octet-stream

LegalCopyright
2004 Ygup Pereg. Balevi Qabara Ohig.

FileVersion
10, 4, 6

TimeStamp
2011:01:04 22:39:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Eze

FileAccessDate
2014:04:08 02:42:53+01:00

FileDescription
Xoho Guwoma Gupigah

OSVersion
7.0

FileCreateDate
2014:04:08 02:42:53+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S(y>l

LegalTrademarks
Yjoly Pezu Hywi Evalo Abuqec Enefe

FileSubtype
0

ProductVersionNumber
10.4.0.0

EntryPoint
0x276540

ObjectFileType
Executable application

File identification
MD5 e9ebc5974b8141ffc892adfc0b28e2c4
SHA1 bf2a335060b5e5ee036c8fe7b4ab8ce9a50cbea6
SHA256 ce378833f42ec9176575552dc2ba5aa89349f9753379cfd2c25c89aba4454b11
ssdeep
3072:PpexWxJbyhxlSFRwkZo6UgfutqucCxH4vc/i3e//8apz9+gXCrkeX/xJj2UAPyg5:PYxk9yh3SIky6FBO4v93O/fpz9+gSrVA

imphash 1a0c7937175efb28aac0407c405eb494
File size 192.0 KB ( 196608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-02-19 22:38:08 UTC ( 5 years, 9 months ago )
Last submission 2013-02-19 22:38:08 UTC ( 5 years, 9 months ago )
File names Eze
7751600.malware
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications