× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2fe95f112932e3b96071614092c675d7ea738381865aaf7426462cd04c04513
File name: 2e554fb62d19f66f5f5d1457ba5f468e
Detection ratio: 45 / 50
Analysis date: 2014-02-07 23:22:57 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.4141848 20140207
Yandex Trojan.PWS.Zbot!QuhtMlskLQs 20140207
AhnLab-V3 Trojan/Win32.Krap 20140207
AntiVir TR/Dropper.Gen 20140207
Avast Win32:MalOb-IJ [Cryp] 20140207
AVG Generic17.BQFT 20140207
Baidu-International Trojan.Win32.Krap.atEV 20140207
BitDefender Trojan.Generic.4141848 20140207
Bkav W32.Domtyz.Trojan 20140207
CAT-QuickHeal Win32.Packed.Krap.gx.4 20140207
ClamAV Win.Trojan.Zbot-797 20140207
Commtouch W32/Trojan.VKLQ-7773 20140207
Comodo MalCrypt.Indus! 20140207
DrWeb Trojan.Packed.20343 20140208
Emsisoft Trojan.Generic.4141848 (B) 20140208
ESET-NOD32 Win32/Spy.Zbot.YW 20140208
F-Prot W32/TrojanX.EBBY 20140207
F-Secure Trojan.Generic.4141848 20140207
Fortinet W32/Zbot.BLB!tr 20140207
GData Trojan.Generic.4141848 20140208
Ikarus Packed.Win32.Krap 20140207
Jiangmin Packed.Krap.ceai 20140207
K7AntiVirus Trojan ( 109682f20 ) 20140207
K7GW Backdoor ( 04c4d41b1 ) 20140207
Kaspersky Packed.Win32.Krap.gx 20140207
Kingsoft Win32.Troj.Krap.gx.(kcloud) 20140208
McAfee PWS-Zbot.gen.dc 20140207
McAfee-GW-Edition PWS-Zbot.gen.dc 20140207
Microsoft PWS:Win32/Zbot.gen!Y 20140207
eScan Trojan.Generic.4141848 20140207
NANO-Antivirus Trojan.Win32.Krap.teou 20140207
Norman ZBot.SPI 20140207
nProtect Trojan/W32.Agent.127565 20140207
Panda Trj/Krapack.gen 20140207
Qihoo-360 Win32/Trojan.5c0 20140208
Rising PE:Trojan.Win32.Generic.11F394D9!301176025 20140207
Sophos AV Mal/Zbot-U 20140207
Symantec Trojan.Zbot 20140207
TheHacker Trojan/Krap.gx 20140205
TotalDefense Win32/Zbot.BLC 20140207
TrendMicro BKDR_QAKBOT.SMB 20140207
TrendMicro-HouseCall BKDR_QAKBOT.SMB 20140207
VBA32 Trojan.Zeus.EA.0999 20140207
VIPRE Packed.Win32.Zbot.gen.y (v) 20140207
ViRobot Trojan.Win32.S.Krap.127565 20140207
Antiy-AVL 20140207
ByteHero 20140208
CMC 20140122
Malwarebytes 20140207
SUPERAntiSpyware 20140207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-06-10 04:05:55
Entry Point 0x000011D8
Number of sections 4
PE sections
PE imports
DeleteObject
GetTextMetricsW
DeleteDC
LocalFree
VirtualAllocEx
GetCurrentProcessId
GetModuleHandleA
GetModuleHandleW
SetEvent
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetModuleFileNameA
SleepEx
ShowWindow
PostMessageW
GetDlgItem
LockWindowStation
GetWindowRect
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.2

ImageVersion
8.3

FileVersionNumber
9.6.105.37

LanguageCode
Unknown (02D7)

FileFlagsMask
0x003f

CharacterSet
Unknown (7D6F)

InitializedDataSize
110080

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

FileVersion
9.6.105.37

TimeStamp
2007:06:10 05:05:55+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:02:08 00:22:46+01:00

ProductVersion
9.6.105.37

SubsystemVersion
4.0

OSVersion
5.2

FileCreateDate
2014:02:08 00:22:46+01:00

OriginalFilename
RTQq.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

FileSubtype
0

ProductVersionNumber
9.6.105.37

EntryPoint
0x11d8

ObjectFileType
Executable application

File identification
MD5 2e554fb62d19f66f5f5d1457ba5f468e
SHA1 e7146313e58480f1db874b8c2e9696fd0df9f453
SHA256 d2fe95f112932e3b96071614092c675d7ea738381865aaf7426462cd04c04513
ssdeep
1536:ndMzV2Am5brhF69NXhmNqWCUL3IfEHS7LD01jBwLUMo8tkjtGbP2vMvrNlWk+WQE:ndMF+oRM4fB3vLUMozIPM4O2uTapBJ

imphash 3f2e0e8a2aaa3edb9f9b6ab55758582c
File size 124.6 KB ( 127565 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.1%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-05-04 09:03:48 UTC ( 7 years, 7 months ago )
Last submission 2014-02-07 23:22:57 UTC ( 3 years, 10 months ago )
File names 2e554fb62d19f66f5f5d1457ba5f468e
1YYxGu.kwu
dom.exe-l4MoeC
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!