× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d01517b7b7eecde3f27642c93cb4d45b29acd406d1ea17ced000cad74465f71e
File name: bt.exe
Detection ratio: 37 / 48
Analysis date: 2013-10-07 13:23:48 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Zbot.88576 20131007
AntiVir TR/Crypt.ZPACK.Gen 20131007
Avast Win32:Zbot-MYU [Trj] 20131007
AVG Win32/DH.FF8402A2{NHkefRMPA2cJ} 20131007
Baidu-International Trojan-Spy.Win32.Zbot.gen 20131007
BitDefender Gen:Trojan.Heur.Zbot.fmW@ceRoc@ 20131007
Bkav HW32.CDB.16f7 20131007
CAT-QuickHeal Win32.Trojan-Spy.Zbot.gen.3 20131007
ClamAV Trojan.Spy.Zbot-435 20131007
Commtouch W32/Zbot.V.gen!Eldorado 20131007
Comodo TrojWare.Win32.Spy.Zbot.AAJ 20131007
DrWeb Trojan.Packed.194 20131007
Emsisoft Gen:Trojan.Heur.Zbot.fmW@ceRoc@ (B) 20131007
ESET-NOD32 a variant of Win32/Spy.Zbot.JF 20131007
F-Prot W32/Zbot.V.gen!Eldorado 20131007
F-Secure Gen:Trojan.Heur.Zbot.fmW@ceRoc@ 20131007
Fortinet W32/Zbot.gen!tr 20131007
GData Gen:Trojan.Heur.Zbot.fmW@ceRoc@ 20131007
Ikarus Trojan-Spy.Win32.Zbot 20131007
K7AntiVirus Riskware 20131004
Kaspersky Trojan-Spy.Win32.Zbot.gen 20131007
Malwarebytes Spyware.Zbot 20131007
McAfee PWS-Zbot.gen.dl 20131007
McAfee-GW-Edition PWS-Zbot.gen.dl 20131007
Microsoft PWS:Win32/Zbot.gen!R 20131007
eScan Gen:Trojan.Heur.Zbot.fmW@ceRoc@ 20131007
Norman ZBot.QSZ 20131007
Panda Trj/Sinowal.XGV 20131007
PCTools HeurEngine.MaliciousPacker 20131002
Rising Trojan.Agent!52A6 20130930
Sophos AV Mal/Behav-353 20131007
Symantec Packed.Generic.232 20131007
TotalDefense Win32/Zbot.B!generic 20131005
TrendMicro TSPY_ZBOT.SMO 20131007
TrendMicro-HouseCall TSPY_ZBOT.SMO 20131007
VBA32 BScope.Malware-Cryptor.Win32.Vals.21 20131007
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20131007
Yandex 20131007
Antiy-AVL 20131007
ByteHero 20130924
Jiangmin 20130903
K7GW 20131004
Kingsoft 20130829
NANO-Antivirus 20131007
nProtect 20131007
SUPERAntiSpyware 20131007
TheHacker 20131004
ViRobot 20131007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-03-03 11:06:07
Entry Point 0x00004D2D
Number of sections 3
PE sections
PE imports
CreatePrivateObjectSecurity
CryptSetProviderW
LookupSecurityDescriptorPartsW
InitializeAcl
RegRestoreKeyW
RegCreateKeyA
LookupAccountNameA
BuildImpersonateTrusteeA
ObjectDeleteAuditAlarmW
OpenEventLogW
GetTokenInformation
BuildSecurityDescriptorA
CloseEventLog
GetSecurityDescriptorDacl
GetUserNameA
BuildSecurityDescriptorW
IsValidAcl
GetServiceDisplayNameW
GetMultipleTrusteeW
SetNamedSecurityInfoExA
GetMultipleTrusteeA
SetKernelObjectSecurity
CryptDestroyKey
LookupPrivilegeValueA
RegQueryValueExA
OpenServiceW
GetSecurityInfo
GetAclInformation
RegQueryValueExW
CryptImportKey
CloseServiceHandle
GetSidSubAuthority
GetAccessPermissionsForObjectA
AddAccessAllowedAce
ClearEventLogW
RegisterEventSourceA
GetFileSecurityA
ClearEventLogA
CryptGenKey
NotifyBootConfigStatus
RegLoadKeyA
BuildImpersonateExplicitAccessWithNameW
GetNamedSecurityInfoExA
CryptVerifySignatureA
SetEntriesInAccessListW
ObjectPrivilegeAuditAlarmA
InitializeSid
ReadEventLogA
SetSecurityInfoExW
RegSetValueExW
SetSecurityInfoExA
LogonUserA
ReadEventLogW
SetThreadToken
GetEffectiveRightsFromAclW
GetServiceKeyNameW
GetSecurityInfoExW
RegCloseKey
OpenBackupEventLogW
GetSecurityInfoExA
GetServiceKeyNameA
GetSecurityDescriptorLength
RegGetKeySecurity
CryptContextAddRef
DeregisterEventSource
DuplicateToken
CancelOverlappedAccess
CryptSetProviderExA
IsValidSid
GetSidIdentifierAuthority
BuildTrusteeWithNameA
RegEnumKeyExA
MapGenericMask
RegSaveKeyA
StartServiceW
MakeSelfRelativeSD
AllocateAndInitializeSid
BuildTrusteeWithSidA
ConvertAccessToSecurityDescriptorA
SetNamedSecurityInfoW
QueryServiceObjectSecurity
FindFirstFreeAce
AdjustTokenPrivileges
CryptHashData
GetExplicitEntriesFromAclA
RegOpenKeyA
GetUserNameW
LookupPrivilegeDisplayNameA
RegOpenKeyW
RegEnumKeyA
EqualSid
LookupPrivilegeNameW
RegQueryInfoKeyW
GetFileSecurityW
GetLengthSid
CryptGetDefaultProviderW
GetAuditedPermissionsFromAclA
RegisterEventSourceW
GetTrusteeNameA
CryptSetKeyParam
PrivilegeCheck
GetCurrentHwProfileA
ImpersonateLoggedOnUser
GetTrusteeNameW
OpenSCManagerA
SetSecurityDescriptorGroup
IsBadHugeReadPtr
ContinueDebugEvent
SetThreadPriorityBoost
GetTapeParameters
DisconnectNamedPipe
GetCurrentProcess
EnumCalendarInfoExA
LocalAlloc
MapViewOfFileEx
OpenFileMappingA
lstrcatW
HeapWalk
EnumTimeFormatsA
SetStdHandle
GetTempPathA
GetTempPathW
SwitchToFiber
EnumResourceLanguagesA
SetComputerNameA
GetStringTypeW
GetOEMCP
HeapLock
ConnectNamedPipe
InitAtomTable
FreeLibraryAndExitThread
OutputDebugStringW
GetEnvironmentVariableW
GetSystemTime
CopyFileW
WriteProcessMemory
CopyFileA
ExitProcess
FreeLibrary
SetProcessWorkingSetSize
GetPriorityClass
GetPrivateProfileStringA
Heap32First
EnumCalendarInfoW
WritePrivateProfileSectionA
GetProfileSectionA
GlobalAddAtomW
EraseTape
CreateSemaphoreW
ClearCommError
GlobalMemoryStatus
FindCloseChangeNotification
RtlFillMemory
GetLocaleInfoA
GetCurrentThreadId
PeekNamedPipe
SetHandleCount
GetVersionExW
lstrcmp
GetNumberOfConsoleInputEvents
IsBadWritePtr
TlsAlloc
VirtualProtect
WriteConsoleOutputAttribute
EndUpdateResourceA
Process32Next
GetStartupInfoA
DosDateTimeToFileTime
GetNamedPipeHandleStateA
DeleteFileA
SetCommMask
ReadProcessMemory
CreateDirectoryW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetTempFileNameW
GetComputerNameW
GetProfileStringW
GetTimeFormatW
lstrcpyW
GlobalReAlloc
lstrcmpA
GlobalFix
lstrcpyA
EnumResourceNamesA
GetTimeFormatA
GetTempFileNameA
GetBinaryTypeA
EscapeCommFunction
GetProcessAffinityMask
WriteConsoleOutputCharacterW
SetConsoleActiveScreenBuffer
GetFileType
Heap32ListFirst
GetShortPathNameW
FindFirstChangeNotificationA
GetSystemInfo
OpenSemaphoreA
LCMapStringA
GetThreadLocale
BuildCommDCBW
FindResourceExA
CreateNamedPipeA
GetShortPathNameA
EnumTimeFormatsW
FileTimeToLocalFileTime
GetConsoleTitleW
GetProcessHeaps
GetAtomNameW
GetConsoleTitleA
EnumSystemCodePagesW
GetSystemDefaultLangID
Heap32ListNext
QueryPerformanceFrequency
HeapUnlock
ReadFile
GlobalFlags
FatalAppExitW
CreateConsoleScreenBuffer
IsBadStringPtrW
GetSystemTimeAdjustment
OpenSemaphoreW
IsBadHugeWritePtr
CreateProcessA
SetCommConfig
FindResourceW
GetLongPathNameA
LocalShrink
OpenEventA
VirtualAlloc
PathGetCharTypeA
SHCopyKeyA
SHRegGetUSValueA
UrlUnescapeW
StrRChrIA
SHEnumKeyExA
UrlHashW
PathSetDlgItemPathA
PathIsDirectoryEmptyW
StrIsIntlEqualW
StrToIntW
UrlCanonicalizeA
SHRegQueryInfoUSKeyW
PathFindFileNameW
StrPBrkA
SHDeleteEmptyKeyW
SHSetThreadRef
SHRegQueryInfoUSKeyA
PathRemoveBlanksW
StrPBrkW
PathIsContentTypeW
SHSetValueW
StrRChrW
PathIsUNCA
PathParseIconLocationA
SHRegEnumUSKeyW
HashData
PathParseIconLocationW
PathFindExtensionW
PathRemoveArgsW
PathCanonicalizeW
UrlGetLocationA
SHRegEnumUSKeyA
PathIsSystemFolderW
PathAppendA
StrCSpnIW
PathAddBackslashA
SHCreateStreamOnFileA
StrCmpIW
PathBuildRootW
PathQuoteSpacesA
PathCompactPathW
SHDeleteKeyW
PathIsUNCServerShareA
PathIsFileSpecW
PathRemoveFileSpecW
SHRegEnumUSValueA
PathIsFileSpecA
AssocQueryStringByKeyW
PathRemoveFileSpecA
UrlIsW
StrCmpNA
PathAddExtensionW
PathGetArgsW
wvnsprintfA
PathFindExtensionA
PathGetDriveNumberA
PathUnmakeSystemFolderA
PathMakeSystemFolderA
PathStripToRootA
PathStripToRootW
PathCombineW
SHCreateShellPalette
PathUnmakeSystemFolderW
AssocQueryKeyW
StrStrIA
SHRegQueryUSValueA
SHRegSetUSValueA
UrlCompareA
SHRegDeleteEmptyUSKeyA
PathCommonPrefixA
PathStripPathA
SHRegDeleteEmptyUSKeyW
UrlCompareW
UrlIsOpaqueA
PathBuildRootA
StrDupW
SHRegWriteUSValueA
StrDupA
PathMatchSpecA
PathIsNetworkPathA
PathSearchAndQualifyW
PathUndecorateA
UrlCreateFromPathW
UrlEscapeA
SHOpenRegStream2A
UrlApplySchemeA
PathFileExistsW
StrChrIW
PathIsLFNFileSpecW
StrChrA
PathRemoveExtensionW
StrFromTimeIntervalA
ChrCmpIW
PathRenameExtensionA
PathSkipRootA
SHQueryValueExA
PathIsSameRootW
PathFindNextComponentA
PathIsSameRootA
ChangeDisplaySettingsW
VkKeyScanExW
UnregisterHotKey
LoadBitmapW
GetParent
EnableScrollBar
ChangeDisplaySettingsA
GetGuiResources
BroadcastSystemMessageW
DdeImpersonateClient
SetDeskWallpaper
EndPaint
CreateDesktopA
VkKeyScanA
SetMenuItemInfoA
DdeGetData
GetInputDesktop
GetMessageTime
GetMenuItemID
GetAsyncKeyState
ChildWindowFromPointEx
GetClipCursor
GetMenu
DefFrameProcA
LoadCursorFromFileW
ToAscii
CharLowerBuffA
CharPrevExA
CallNextHookEx
GetWindowTextLengthA
CharUpperA
SetMessageExtraInfo
ShowCursor
EnumDesktopsW
GetWindowTextW
DdeConnectList
LockWindowUpdate
GetMenuItemInfoA
GetWindowTextA
GetMenuContextHelpId
DrawEdge
GetComboBoxInfo
GetWindowRgn
EqualRect
SetClassLongW
SetProcessDefaultLayout
SetMenuInfo
SetWindowsHookA
SetWindowWord
CharToOemBuffA
ValidateRgn
PeekMessageW
CharUpperW
ShowWindowAsync
GetClipboardFormatNameW
EnumDisplaySettingsW
TranslateMessage
GetDlgItemTextW
GetMenuDefaultItem
GetDlgItemInt
GetTabbedTextExtentW
LoadStringA
GetQueueStatus
RegisterClassW
IsCharLowerA
IsZoomed
CloseWindow
GetKeyboardLayoutList
DrawMenuBar
DrawFocusRect
IsDialogMessageW
EnumPropsW
CreateWindowExW
GetUpdateRect
CreateAcceleratorTableA
SetFocus
DdeAbandonTransaction
SwitchDesktop
BeginPaint
DefWindowProcW
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
GetClipboardOwner
VkKeyScanExA
SetDebugErrorLevel
CharLowerA
BroadcastSystemMessage
SetCapture
CharToOemW
CreateWindowStationA
DlgDirListComboBoxW
SetWindowTextA
CheckMenuItem
DdeGetLastError
RemovePropW
CreateDialogParamA
CreateWindowStationW
BringWindowToTop
GetClassLongA
FindWindowExA
LoadCursorA
PostThreadMessageW
GetMenuStringA
SetParent
CreateIconFromResourceEx
GetSystemMenu
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
GetScrollInfo
LoadMenuA
ModifyMenuW
GetCapture
SetClassLongA
BeginDeferWindowPos
DefFrameProcW
GetKBCodePage
RegisterClassExW
SendMessageCallbackA
DdeSetUserHandle
GetCursor
ChangeClipboardChain
MessageBoxExW
GetClassWord
RealChildWindowFromPoint
GetSysColor
SendMessageCallbackW
CopyImage
IsCharAlphaNumericA
GetDoubleClickTime
IsWindowVisible
WinHelpW
TileWindows
SubtractRect
SetCursorPos
ImpersonateDdeClientWindow
DragObject
CreateIcon
CloseDesktop
GetClassNameA
DefDlgProcW
ReplyMessage
TranslateAcceleratorW
CoRegisterPSClsid
CoGetInterfaceAndReleaseStream
IIDFromString
CoMarshalInterThreadInterfaceInStream
StgOpenStorageEx
OleNoteObjectVisible
CoGetCallerTID
CoUnmarshalHresult
CoCreateGuid
CoLoadLibrary
CoRegisterMessageFilter
ReadFmtUserTypeStg
StgOpenStorage
WriteOleStg
CoRevokeClassObject
OleIsRunning
CoInitializeSecurity
CoGetCurrentProcess
OleSaveToStream
CoGetInstanceFromIStorage
CoGetClassObject
CoBuildVersion
OleBuildVersion
ReadStringStream
MonikerCommonPrefixWith
StgCreateDocfile
StringFromGUID2
CoRegisterSurrogate
UtGetDvtd32Info
OleCreateLinkFromData
StringFromCLSID
OleGetIconOfClass
CoIsOle1Class
CoRegisterClassObject
CoLockObjectExternal
OleLoadFromStream
OleRegEnumVerbs
UtConvertDvtd32toDvtd16
SetDocumentBitStg
CoQueryAuthenticationServices
CoInitializeEx
OleSetClipboard
CoFreeAllLibraries
ReleaseStgMedium
OleCreateLink
OleIsCurrentClipboard
CoMarshalInterface
FreePropVariantArray
OpenOrCreateStream
StgOpenStorageOnILockBytes
DllDebugObjectRPCHook
OleCreateEx
OleCreateLinkToFile
CreateClassMoniker
UpdateDCOMSettings
IsAccelerator
RegisterDragDrop
CoImpersonateClient
GetConvertStg
OleDoAutoConvert
CoResumeClassObjects
CoCopyProxy
CreateILockBytesOnHGlobal
OleSetAutoConvert
IsEqualGUID
CoQueryProxyBlanket
GetClassFile
OleQueryCreateFromData
BindMoniker
WriteClassStm
StgOpenAsyncDocfileOnIFillLockBytes
UtGetDvtd16Info
CoFreeUnusedLibraries
GetHGlobalFromStream
OleSetMenuDescriptor
CoGetMalloc
OleCreateFromFileEx
CreateFileMoniker
CoTaskMemFree
WriteFmtUserTypeStg
OleLockRunning
ProgIDFromCLSID
CoGetMarshalSizeMax
OleGetAutoConvert
CoMarshalHresult
CoIsHandlerConnected
CoGetTreatAsClass
CreatePointerMoniker
OleFlushClipboard
OleConvertOLESTREAMToIStorage
GetHGlobalFromILockBytes
CoGetPSClsid
CreateAntiMoniker
OleGetClipboard
OleLoad
CoRegisterChannelHook
CreateOleAdviseHolder
CoGetCallContext
CoInitialize
CoGetStandardMarshal
PropVariantCopy
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleCreateDefaultHandler
CoFileTimeToDosDateTime
CLSIDFromProgID
WriteClassStg
OleSetContainedObject
CoReleaseMarshalData
CreateGenericComposite
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:03:03 12:06:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70656

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
17408

SubsystemVersion
4.0

EntryPoint
0x4d2d

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Execution parents
File identification
MD5 0db7da4e3489ba8a2ddfb128422daee2
SHA1 a51f4a98cf850f3d44756f4fd20bf39ca3bedbc2
SHA256 d01517b7b7eecde3f27642c93cb4d45b29acd406d1ea17ced000cad74465f71e
ssdeep
1536:epwFgmlGyFhb49Jg6d4FwDHB16Y7PoyNJefki0kwF7l6JZarxFnn5PYjGHs+Y2qj:eCFplG2h09JgRFCHB16YToyCfkik5V1h

authentihash f698c42b92025b3d4b4728b552242bc2d37e9c5265a8e935ab62b561834d4e0e
imphash 67a1eef65d48da460784869da3e5b2a4
File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-04 13:10:58 UTC ( 3 years, 9 months ago )
Last submission 2015-06-12 11:32:04 UTC ( 2 years, 1 month ago )
File names ETN6O.tar
ZeuS_binary_0db7da4e3489ba8a2ddfb128422daee2.exe
aa
007083239
0db7da4e3489ba8a2ddfb128422daee2.exe
output.15985574.txt
Behx.xlsb
15985574
bot3.exe
0DB7DA4E3489BA8A2DDFB128422DAEE2.exe
d01517b7b7eecde3f27642c93cb4d45b29acd406d1ea17ced000cad74465f71e
bt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!