× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf1b03983f76e5b25639bd43b7ebc33e28ce57bd16e730d6f697d9100cf6ce0e
File name: c70ba2585b7016c556c4bf63f6dc9584
Detection ratio: 15 / 54
Analysis date: 2014-07-29 04:37:11 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Spy.ZBot.abx.15 20140728
Avast Win32:Malware-gen 20140729
AVG Zbot.LZT 20140728
DrWeb Trojan.Siggen6.21576 20140729
ESET-NOD32 Win32/Spy.Zbot.ABX 20140729
Fortinet W32/Zbot.ABX!tr 20140729
Kaspersky Trojan-Spy.Win32.Zbot.tqkk 20140729
McAfee Artemis!C70BA2585B70 20140729
McAfee-GW-Edition Artemis!C70BA2585B70 20140728
Panda Trj/Chgt.C 20140728
Qihoo-360 Win32/Trojan.Multi.daf 20140729
Sophos AV Mal/Generic-S 20140729
Symantec WS.Reputation.1 20140729
Tencent Win32.Trojan-spy.Zbot.Swat 20140729
TrendMicro-HouseCall TROJ_GEN.R011H07GS14 20140729
Ad-Aware 20140729
AegisLab 20140729
Yandex 20140727
AhnLab-V3 20140728
Antiy-AVL 20140729
AVware 20140729
Baidu-International 20140728
BitDefender 20140729
Bkav 20140728
ByteHero 20140729
CAT-QuickHeal 20140729
ClamAV 20140728
CMC 20140728
Commtouch 20140729
Comodo 20140729
Emsisoft 20140729
F-Prot 20140729
F-Secure 20140729
GData 20140729
Ikarus 20140729
Jiangmin 20140725
K7AntiVirus 20140728
K7GW 20140728
Kingsoft 20140729
Malwarebytes 20140729
Microsoft 20140729
eScan 20140729
NANO-Antivirus 20140729
Norman 20140728
nProtect 20140728
Rising 20140728
SUPERAntiSpyware 20140729
TheHacker 20140728
TotalDefense 20140728
TrendMicro 20140729
VBA32 20140728
VIPRE 20140729
ViRobot 20140729
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-27 07:40:50
Entry Point 0x0000B8D0
Number of sections 5
PE sections
PE imports
GetTokenInformation
ConvertStringSidToSidW
CreateWellKnownSid
OpenProcessToken
GetUserNameW
FreeSid
AllocateAndInitializeSid
LookupAccountSidA
EqualSid
RegEnumKeyExA
LookupAccountSidW
CreateToolbarEx
ImageList_LoadImageA
GetMUILanguage
InitCommonControlsEx
ImageList_EndDrag
GetOpenFileNameA
ChooseColorA
ChooseFontA
GetObjectA
ExcludeClipRect
AddFontResourceA
DeleteDC
SelectObject
SetLayout
CreatePen
CreateBrushIndirect
SaveDC
Ellipse
ScaleWindowExtEx
CreateSolidBrush
Polyline
Rectangle
GetStockObject
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
FormatMessageA
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetNumberFormatA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetFileSize
DeleteFileA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetComputerNameW
lstrcpyW
FreeEnvironmentStringsW
lstrcpyA
HeapValidate
GetTempFileNameA
IsValidLocale
GetProcAddress
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
HeapCreate
CreateProcessW
Sleep
IsBadReadPtr
FindResourceA
MCIWndCreateA
NetUserGetInfo
SafeArrayGetElement
SafeArrayUnaccessData
VariantClear
OleLoadPicture
SafeArrayGetDim
VariantInit
SHGetFolderPathW
SHCreateDirectoryExW
SHGetFileInfoW
SHGetDesktopFolder
SHCreateStreamOnFileA
SHCreateStreamOnFileW
StrChrA
GetMessageA
GetParent
DrawEdge
GetScrollInfo
BeginPaint
GetFocus
CharNextA
KillTimer
FindWindowA
ShowWindow
DrawFrameControl
LoadBitmapA
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
MoveWindow
EnumChildWindows
MessageBoxA
PeekMessageA
GetWindowDC
TranslateMessage
GetWindow
GetSysColor
EndDialog
GetDC
DrawTextA
GetDlgCtrlID
GetIconInfo
LoadStringA
ReleaseDC
wsprintfW
SendMessageA
SendDlgItemMessageW
SetWindowTextW
GetDlgItem
RegisterRawInputDevices
IsWindow
GetClientRect
GetThreadDesktop
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
IsDlgButtonChecked
CopyRect
WaitForInputIdle
GetDesktopWindow
RealChildWindowFromPoint
CreateWindowExW
MsgWaitForMultipleObjects
EndPaint
GetWindowTextA
IsDialogMessageA
GetWindowTheme
closesocket
recv
shutdown
WSAGetLastError
ioctlsocket
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
FindMimeFromData
Number of PE resources by type
RT_MANIFEST 1
RT_MENU 1
RT_DIALOG 1
Struct(240) 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:27 08:40:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
246272

LinkerVersion
10.0

FileAccessDate
2014:08:04 08:58:49+01:00

EntryPoint
0xb8d0

InitializedDataSize
122880

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:08:04 08:58:49+01:00

UninitializedDataSize
0

File identification
MD5 c70ba2585b7016c556c4bf63f6dc9584
SHA1 f7d1b5fa1f23f9164ef720654871e52711c62dd1
SHA256 cf1b03983f76e5b25639bd43b7ebc33e28ce57bd16e730d6f697d9100cf6ce0e
ssdeep
6144:7NUZoaouYoB4LGIdYUbx++vZC3Y68aQEPv5pySlvlGLjz43vitwOrm1zAQtTN:E3B9IdYUbM+vZeNQQ7yTPiKtYJp

imphash be65c31cd616450262ec7b7a0354b51e
File size 361.5 KB ( 370176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-29 04:37:11 UTC ( 4 years, 7 months ago )
Last submission 2014-07-29 04:37:11 UTC ( 4 years, 7 months ago )
File names c70ba2585b7016c556c4bf63f6dc9584
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.