× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d191274cbde1eae208947061174b8efdd870b7e4c7672ff3b68ab4d9c5d8902f
File name: VistaAux.exe
Detection ratio: 58 / 68
Analysis date: 2018-10-09 11:40:24 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1688544 20181009
AegisLab Trojan.Win32.Zbot.l!c 20181009
AhnLab-V3 Trojan/Win32.Fareit.R108200 20181009
ALYac Trojan.GenericKD.1688544 20181009
Antiy-AVL Trojan[Spy]/Win32.Zbot 20181009
Arcabit Trojan.Generic.D19C3E0 20181009
Avast Win32:Heim 20181009
AVG Win32:Heim 20181009
Avira (no cloud) TR/Dldr.Waski.207592 20181009
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Trojan.GenericKD.1688544 20181009
CAT-QuickHeal TrojanPWS.Zbot.A6 20181008
ClamAV Win.Trojan.Zbot-60347 20181009
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.6d455e 20180225
Cylance Unsafe 20181009
Cyren W32/Trojan.KWFV-6435 20181009
DrWeb Trojan.PWS.Panda.2401 20181009
Emsisoft Trojan.GenericKD.1688544 (B) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Zbot.AAO 20181009
F-Prot W32/Trojan2.OEFF 20181009
F-Secure Trojan.GenericKD.1688544 20181009
Fortinet W32/Zbot.SWMJ!tr 20181009
GData Win32.Trojan.Agent.TMG55Y 20181009
Ikarus Trojan-Spy.Agent 20181009
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.Zbot.efdv 20181009
K7AntiVirus Riskware ( 0040eff71 ) 20181009
K7GW Riskware ( 0040eff71 ) 20181009
Kaspersky Trojan-Spy.Win32.Zbot.sbsx 20181009
Kingsoft Win32.Troj.Zbot.sw.(kcloud) 20181009
MAX malware (ai score=100) 20181009
McAfee RDN/Spybot.bfr!l 20181009
McAfee-GW-Edition BehavesLike.Win32.PUPXAA.dc 20181009
Microsoft PWS:Win32/Zbot 20181009
eScan Trojan.GenericKD.1688544 20181009
NANO-Antivirus Trojan.Win32.Zbot.cyvzpl 20181009
Palo Alto Networks (Known Signatures) generic.ml 20181009
Panda Trj/WLT.A 20181008
Qihoo-360 Win32/Trojan.Spy.356 20181009
Rising Trojan.Spy.Win32.Zbot.hby (CLASSIC) 20181009
Sophos AV Troj/Zbot-IJG 20181009
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20181006
Symantec Trojan.Gen 20181009
TACHYON Trojan-Spy/W32.ZBot.207592 20181009
Tencent Win32.Trojan-spy.Zbot.Efks 20181009
TotalDefense Win32/Zbot.IIS 20181009
TrendMicro TSPY_ZBOT.YUYBE 20181009
TrendMicro-HouseCall TSPY_ZBOT.YUYBE 20181009
VBA32 TrojanSpy.Zbot 20181009
VIPRE Trojan.Win32.Generic!BT 20181009
ViRobot Trojan.Win32.Z.Zbot.207592 20181008
Webroot W32.Infostealer.Zeus 20181009
Yandex TrojanSpy.Zbot!S6eTlP5IzJM 20181008
Zillya Trojan.Zbot.Win32.156622 20181008
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.sbsx 20181009
Zoner Trojan.Zbot.AAO 20181008
Alibaba 20180921
Avast-Mobile 20181008
Babable 20180918
Baidu 20181009
Bkav 20181009
CMC 20181009
Comodo 20181009
eGambit 20181009
SentinelOne (Static ML) 20180926
Symantec Mobile Insight 20181001
TheHacker 20181008
Trustlook 20181009
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
FileVersionInfo properties
Copyright
Copyright (c) 2010 AVAST Software

Internal name VistaAux.exe
File version 4.0.5.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-05 15:24:46
Entry Point 0x00003248
Number of sections 6
PE sections
Overlays
MD5 9a66093d08cd04a66da7e4bcaead348a
File type data
Offset 200192
Size 7400
Entropy 7.53
PE imports
RegSetValueExA
RegQueryValueExA
RegCloseKey
ImageList_BeginDrag
ImageList_SetBkColor
InitializeFlatSB
ImageList_LoadImageA
InitCommonControls
ImageList_DragMove
ImageList_GetBkColor
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
CreateMappedBitmap
UninitializeFlatSB
LocalCompact
GetLastError
DisconnectNamedPipe
GlobalMemoryStatus
CreateJobObjectA
GetNamedPipeInfo
ReleaseMutex
SetConsoleNumberOfCommandsA
GetVolumePathNamesForVolumeNameA
GetVolumePathNameA
RequestDeviceWakeup
MoveFileWithProgressW
FindFirstVolumeMountPointW
FreeConsole
QueryPerformanceCounter
CopyFileA
GetTickCount
ProcessIdToSessionId
ScrollConsoleScreenBufferW
VirtualProtect
GetVersionExA
LockFile
GetNumaProcessorNode
FreeEnvironmentStringsA
SetupComm
GetCurrentProcess
GetPriorityClass
SetThreadPriority
GetCurrentProcessId
ClearCommBreak
CreateDirectoryA
IsValidLanguageGroup
LCMapStringA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
GetTempFileNameA
SetFilePointerEx
GetFileInformationByHandle
SetVolumeMountPointW
FindActCtxSectionGuid
GetProcAddress
GetModuleHandleA
FindNextVolumeMountPointA
BaseInitAppcompatCacheSupport
RtlCaptureStackBackTrace
WaitForDebugEvent
VirtualLock
AttachConsole
WritePrivateProfileStructA
FlushFileBuffers
SetConsoleCursorMode
GlobalFlags
EnumTimeFormatsW
CreateMemoryResourceNotification
GetVolumeNameForVolumeMountPointW
GetSystemTimeAsFileTime
OpenConsoleW
GetNumberOfConsoleMouseButtons
CreateConsoleScreenBuffer
GetModuleHandleW
GetSystemTimeAdjustment
FormatMessageW
TerminateProcess
DosPathToSessionPathW
SetUnhandledExceptionFilter
VerifyConsoleIoHandle
ReadConsoleOutputW
GetVersion
PrepareTape
SearchPathA
GetDiskFreeSpaceExW
lstrcatW
RegisterWaitForInputIdle
IsBadStringPtrA
GetComPlusPackageInstallStatus
GetCurrentThreadId
FindFirstVolumeMountPointA
VirtualAlloc
SetLastError
GetExpandedNameA
CM_Get_Parent
CM_Setup_DevNode
SetupDiGetClassInstallParamsA
CM_Get_Sibling
CM_Enable_DevNode
CM_Locate_DevNodeA
SetupDiGetDriverInfoDetailA
CM_Open_DevNode_Key
SetupFindNextLine
SetupFindFirstLineA
SetupDiGetSelectedDriverA
CM_Get_Child
SetupCloseInfFile
SetupGetLineTextA
CM_Disable_DevNode
SetupOpenInfFileA
SetupCopyOEMInfA
CM_Get_DevNode_Registry_PropertyA
wsprintfA
CreateMenu
GetDC
CreateDialogParamA
GdiFixUpHandle
GetBitmapBits
AddFontResourceA
EngLoadModule
SetBitmapBits
GetFontResourceInfoW
STROBJ_bGetAdvanceWidths
GetTextMetricsA
SetDeviceGammaRamp
RemoveFontMemResourceEx
DdEntry19
GdiConvertAndCheckDC
DdEntry15
GetPixel
GetDeviceGammaRamp
XLATEOBJ_iXlate
GetMetaFileBitsEx
DdEntry55
GetObjectType
GetTextExtentPoint32A
EngStrokePath
EndDoc
GetMetaFileA
SetWindowOrgEx
DeleteObject
SetPaletteEntries
GetBkMode
EnumFontFamiliesA
GdiConvertToDevmodeW
CreateDIBPatternBrushPt
DdEntry6
CreateEnhMetaFileW
GetOutlineTextMetricsA
GdiGetPageCount
GetEnhMetaFileHeader
DdEntry12
DeleteColorSpace
GetStockObject
DdEntry20
GdiPlayPageEMF
GetOutlineTextMetricsW
GetLogColorSpaceW
GetEnhMetaFileBits
RoundRect
StretchDIBits
SetBrushOrgEx
GdiConvertFont
CreateScalableFontResourceW
AnyLinkedFonts
GdiEntry6
EngDeletePalette
GetCharWidth32W
GetEnhMetaFileW
ColorCorrectPalette
GdiAddGlsBounds
CreateBrushIndirect
GdiPlayJournal
CombineTransform
gdiPlaySpoolStream
GetStringBitmapA
CreateFontIndirectExW
CreateCompatibleBitmap
CoUnmarshalHresult
HMETAFILEPICT_UserUnmarshal
MonikerCommonPrefixWith
CoGetApartmentID
OleCreateDefaultHandler
FreePropVariantArray
OleInitializeWOW
CreateItemMoniker
IsAccelerator
OleCreateStaticFromData
HDC_UserMarshal
ReadFmtUserTypeStg
ComPs_NdrDllRegisterProxy
IsValidInterface
CoGetCallContext
OleSetAutoConvert
CoCreateInstance
OleRegGetUserType
OleInitialize
OleGetIconOfFile
HBITMAP_UserSize
OleLoadFromStream
HMETAFILE_UserUnmarshal
STGMEDIUM_UserMarshal
DllRegisterServer
CLIPFORMAT_UserMarshal
SetErrorInfo
StgIsStorageFile
CoUnmarshalInterface
CoInitializeEx
HMENU_UserMarshal
HGLOBAL_UserSize
DcomChannelSetHResult
ComPs_NdrDllGetClassObject
StgCreatePropStg
CoInitializeSecurity
GetHGlobalFromStream
CoGetObject
CoReleaseMarshalData
GetErrorInfo
Number of PE resources by type
RT_STRING 13
RT_RCDATA 9
RT_ACCELERATOR 6
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 32
PE resources
Debug information
ExifTool file metadata
FileAccessDate
2014:10:24 17:31:44+01:00

FileCreateDate
2014:10:24 17:31:44+01:00

Compressed bundles
File identification
MD5 fc7a74b6d455ed8c0cce7fba4597a7f0
SHA1 44c963deb9c318e006574dac4c5f8aa75fa2a7ae
SHA256 d191274cbde1eae208947061174b8efdd870b7e4c7672ff3b68ab4d9c5d8902f
ssdeep
6144:1Qmc2EOym//6/cH2m23kOiU/jU0Smo6KkGi6uTQMt:ObLBcH2j7Ur63GvuTQMt

authentihash 5220c2688f678dbc0bddae793bdb4f18e1d08d3839f7cc4dcdb3e34c2db4d668
imphash 0478ef52aaaf4111b12a1f797ab30fb0
File size 202.7 KB ( 207592 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
mz via-tor overlay

VirusTotal metadata
First submission 2014-05-21 09:16:50 UTC ( 4 years, 6 months ago )
Last submission 2018-10-09 11:40:24 UTC ( 2 months ago )
File names 008083085
virussign.com_fc7a74b6d455ed8c0cce7fba4597a7f0.vir
fc7a74b6d455ed8c0cce7fba4597a7f0
CYBERCRiME-TRACKER.NET-USER_SUBMISSION_d191274cbde1eae208947061174b8efdd870b7e4c7672ff3b68ab4d9c5d8902f
VistaAux.exe
IMG-90587-21-05-2014.JPG.exe
c-cea45-4102-1400743863
GfwyfUXi9D.chm
fc7a74b6d455ed8c0cce7fba4597a7f0.virobj
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.