× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d03a5a2eb7259541b144e5802198f15200854e73f4460c268e7e03c63d8501d5
File name: c58711da2f0792650d83e08c8ecfe018b9779904
Detection ratio: 26 / 54
Analysis date: 2014-08-14 04:05:50 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1804707 20140814
AntiVir TR/PSW.Zbot.16314 20140813
Avast Win32:Dropper-gen [Drp] 20140814
AVG Crypt3.AJSF 20140814
AVware Trojan.Win32.Generic!BT 20140814
Baidu-International Trojan.Win32.Zbot.ahlh 20140813
BitDefender Trojan.GenericKD.1804707 20140814
Emsisoft Trojan.GenericKD.1804707 (B) 20140814
ESET-NOD32 a variant of Win32/Kryptik.CISU 20140814
F-Secure Trojan.GenericKD.1804707 20140814
Fortinet W32/Zbot.CISU!tr 20140814
GData Trojan.GenericKD.1804707 20140814
Ikarus Trojan.Win32.Kryptik 20140814
K7GW Trojan ( 004a00441 ) 20140813
Kaspersky Trojan-Spy.Win32.Zbot.ttrf 20140814
Kingsoft Win32.Troj.Zbot.tt.(kcloud) 20140814
McAfee Artemis!E4FA260AE5B6 20140814
Microsoft PWS:Win32/Zbot 20140814
eScan Trojan.GenericKD.1804707 20140814
Panda Trj/Chgt.B 20140813
Qihoo-360 HEUR/Malware.QVM10.Gen 20140814
Sophos AV Mal/Generic-S 20140814
Symantec WS.Reputation.1 20140814
Tencent Win32.Trojan-spy.Zbot.Ammc 20140814
TrendMicro-HouseCall TROJ_GEN.R047H07HD14 20140814
VIPRE Trojan.Win32.Generic!BT 20140814
AegisLab 20140814
Yandex 20140813
AhnLab-V3 20140813
Antiy-AVL 20140813
Bkav 20140813
ByteHero 20140814
CAT-QuickHeal 20140813
ClamAV 20140813
CMC 20140813
Commtouch 20140814
Comodo 20140814
DrWeb 20140814
F-Prot 20140814
Jiangmin 20140813
K7AntiVirus 20140813
Malwarebytes 20140814
McAfee-GW-Edition 20140813
NANO-Antivirus 20140814
Norman 20140813
nProtect 20140813
Rising 20140813
SUPERAntiSpyware 20140814
TheHacker 20140814
TotalDefense 20140813
TrendMicro 20140814
VBA32 20140813
ViRobot 20140814
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Spencer Kimball, Peter Mattis and the GIMP Development Team

Publisher Spencer Kimball, Peter Mattis and the GIMP Development Team
Product GNU Image Manipulation Program
Original name web-browser.exe
Internal name web-browser
File version 2.8.5.4
Description GNU Image Manipulation Program Plug-In
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-11 18:34:33
Entry Point 0x00009FD0
Number of sections 4
PE sections
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
File identification
MD5 e4fa260ae5b67c35fe0d7ef00990d665
SHA1 3b9a1fefe34b1bdbdaa622b666c1ff2c6e5acc0a
SHA256 d03a5a2eb7259541b144e5802198f15200854e73f4460c268e7e03c63d8501d5
ssdeep
6144:8/oORK5omZ6Q6jZ/o7eh3A/2zi9AWWlC7BrArV5Jbq4QwuoL7E5a4hgd:8/oOM5om6PjW7C3c2RWWs7w5JbqXoL7V

imphash 2ebd65faa7a8637924625d0ad6a1a8af
File size 340.0 KB ( 348160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-13 09:18:30 UTC ( 4 years, 7 months ago )
Last submission 2014-08-14 04:05:50 UTC ( 4 years, 7 months ago )
File names web-browser.exe
web-browser
c58711da2f0792650d83e08c8ecfe018b9779904
3b9a1fefe34b1bdbdaa622b666c1ff2c6e5acc0a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.