× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3b475b3d4409d5ac0d56c84113bdaa9ff4ad5f655dea75cb23b41491ef1939a
File name: d3b475b3d4409d5ac0d56c84113bdaa9ff4ad5f655dea75cb23b41491ef1939a
Detection ratio: 14 / 57
Analysis date: 2015-03-24 17:58:37 UTC ( 4 years ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150324
AVG Zbot.ZXW 20150324
Baidu-International Trojan.Win32.Zbot.vfrf 20150324
Bkav HW32.Packed.1F57 20150323
ESET-NOD32 Win32/Spy.Zbot.ACB 20150324
Fortinet W32/Zbot.ACB!tr.spy 20150324
Kaspersky Trojan-Spy.Win32.Zbot.vfrf 20150324
McAfee Artemis!192D1ED762EC 20150324
Microsoft PWS:Win32/Zbot.gen!VM 20150324
Panda Trj/Chgt.O 20150324
Sophos AV Mal/Generic-S 20150324
Tencent Trojan.Win32.Qudamah.Gen.24 20150324
TrendMicro TROJ_FORUCON.BMC 20150324
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150324
Ad-Aware 20150324
AegisLab 20150324
Yandex 20150322
AhnLab-V3 20150324
Alibaba 20150324
ALYac 20150324
Antiy-AVL 20150324
Avira (no cloud) 20150329
AVware 20150324
BitDefender 20150324
ByteHero 20150324
CAT-QuickHeal 20150324
ClamAV 20150324
CMC 20150324
Comodo 20150324
Cyren 20150324
DrWeb 20150324
Emsisoft 20150324
F-Prot 20150324
F-Secure 20150324
GData 20150324
Ikarus 20150324
Jiangmin 20150323
K7AntiVirus 20150324
K7GW 20150324
Kingsoft 20150324
Malwarebytes 20150324
McAfee-GW-Edition 20150324
eScan 20150324
NANO-Antivirus 20150324
Norman 20150324
nProtect 20150324
Qihoo-360 20150324
Rising 20150324
SUPERAntiSpyware 20150323
Symantec 20150324
TheHacker 20150324
TotalDefense 20150324
VBA32 20150324
VIPRE 20150324
ViRobot 20150324
Zillya 20150324
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-05 19:04:09
Entry Point 0x0000CC46
Number of sections 3
PE sections
Overlays
MD5 6f2d62d7f2cb866c327015155a76076a
File type data
Offset 69632
Size 142392
Entropy 7.80
PE imports
GetLengthSid
AbortSystemShutdownA
GetSecurityDescriptorDacl
QueryServiceConfigA
ImageList_GetImageCount
ImageList_Destroy
CreateStatusWindowW
_TrackMouseEvent
ImageList_SetBkColor
PropertySheetW
CreatePropertySheetPageA
ImmGetRegisterWordStyleA
ImmIsUIMessageA
ImmSetCompositionWindow
ImmNotifyIME
ImmSetConversionStatus
ImmGetCompositionWindow
ImmRegisterWordW
ImmIsUIMessageW
ImmConfigureIMEW
ImmUnregisterWordA
ImmGetDescriptionW
ImmSetCompositionStringA
ImmGetStatusWindowPos
ImmGetContext
ImmGetCandidateListA
ImmGetCandidateListCountA
GetSystemTime
GlobalFindAtomW
GetConsoleOutputCP
GetStartupInfoA
FileTimeToSystemTime
GetFileAttributesA
FindFirstFileW
DebugBreak
GetThreadLocale
CopyFileW
FreeEnvironmentStringsA
GetAtomNameA
GetPriorityClass
GetEnvironmentStrings
CompareFileTime
GetConsoleMode
GetLocaleInfoA
CreateDirectoryA
FoldStringW
GetSystemPowerStatus
AddAtomW
CancelIo
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
GetModuleHandleA
GlobalAddAtomW
GetPrivateProfileSectionW
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
FindResourceExW
GetProfileIntW
EnumResourceNamesA
CompareStringA
EnumResourceLanguagesW
FindNextFileA
GetDateFormatA
GetBinaryTypeA
GetFullPathNameA
GetFileAttributesExW
FormatMessageW
GetTimeZoneInformation
GetCommState
GetPrivateProfileStringA
GetDiskFreeSpaceExW
GetVolumeInformationA
CreateFileA
GlobalGetAtomNameA
GetVersion
FindResourceA
WNetCancelConnectionA
WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetEnumResourceA
WNetGetNetworkInformationA
WNetGetProviderNameW
WNetAddConnection3W
WNetCancelConnection2W
WNetAddConnectionW
WNetOpenEnumA
MultinetGetConnectionPerformanceA
WNetEnumResourceW
WNetConnectionDialog
WNetGetLastErrorA
WNetGetConnectionA
WNetGetUserA
WNetAddConnection3A
WNetGetProviderNameA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
Ord(34)
Ord(42)
Ord(171)
Ord(51)
Ord(45)
Ord(24)
Ord(58)
Ord(44)
Ord(165)
Ord(20)
Ord(54)
Ord(55)
Ord(70)
Ord(31)
Ord(73)
Ord(72)
Ord(76)
Ord(18)
Ord(604)
Ord(606)
Ord(513)
Ord(501)
VarBstrFromDate
RasValidateEntryNameW
RasEditPhonebookEntryW
RasValidateEntryNameA
ResUtilGetProperty
ResUtilGetResourceNameDependency
ResUtilGetProperties
NdrServerInitialize
I_RpcFreePipeBuffer
tree_into_ndr
NdrNonConformantStringMemorySize
NdrFixedArrayBufferSize
RpcMgmtInqDefaultProtectLevel
UuidFromStringA
RpcMgmtEnableIdleCleanup
NdrServerInitializeUnmarshall
NdrFullPointerInsertRefId
NdrConformantVaryingArrayBufferSize
NdrFullPointerXlatFree
NdrFixedArrayMarshall
NdrEncapsulatedUnionBufferSize
NdrConformantArrayMarshall
NdrConformantVaryingStructMemorySize
NdrConvert
NdrComplexArrayMarshall
RpcServerTestCancel
NdrInterfacePointerMemorySize
I_RpcReceive
NdrVaryingArrayUnmarshall
NdrConformantVaryingArrayMemorySize
NdrConformantArrayFree
NdrServerContextMarshall
RpcServerUseAllProtseqsIfEx
NdrRpcSsEnableAllocate
NDRSContextMarshallEx
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcBindingInqAuthInfoA
NdrEncapsulatedUnionFree
RpcEpResolveBinding
NdrComplexArrayBufferSize
NdrConformantVaryingStructBufferSize
PathGetCharTypeA
PathAppendA
StrNCatW
StrToIntA
PathRemoveBlanksA
StrCpyW
PathIsUNCW
PathQuoteSpacesW
PathSetDlgItemPathW
SHSetValueA
PathSkipRootW
PathFindNextComponentA
PathMakeSystemFolderW
StrFormatByteSizeW
PathCompactPathExW
SetFocus
DrawEdge
OpenInputDesktop
GetClassInfoExA
ChangeDisplaySettingsA
RegisterWindowMessageA
DrawTextExA
wvsprintfW
HiliteMenuItem
PeekMessageW
GetThreadDesktop
SetDlgItemTextA
CharUpperW
DestroyCursor
MessageBoxExW
SetThreadDesktop
FrameRect
MessageBoxIndirectW
SetMenuItemInfoW
ActivateKeyboardLayout
RegisterClipboardFormatW
CharToOemW
SystemParametersInfoA
GetLastActivePopup
DdeInitializeW
RemovePropW
IsCharLowerW
ClientToScreen
IsCharUpperA
GetActiveWindow
CopyRect
CreateIconFromResourceEx
CopyAcceleratorTableW
GetWindowTextLengthW
GetMenuStringA
GetDlgItem
ExitWindowsEx
DialogBoxIndirectParamA
VerFindFileA
InternetConfirmZoneCrossing
FtpGetFileW
InternetReadFile
FtpDeleteFileW
FtpGetCurrentDirectoryW
InternetLockRequestFile
HttpEndRequestA
InternetTimeFromSystemTime
CreateUrlCacheGroup
mciGetDeviceIDFromElementIDW
timeKillEvent
mciGetErrorStringW
midiInOpen
GetDriverModuleHandle
mmioDescend
midiOutSetVolume
waveOutGetPosition
mmioSeek
mciGetCreatorTask
joyGetPos
midiOutGetDevCapsW
midiInClose
auxOutMessage
midiInGetDevCapsA
waveInClose
midiOutCacheDrumPatches
joySetThreshold
DrvGetModuleHandle
midiStreamClose
mmioSetBuffer
midiOutClose
waveOutGetErrorTextW
midiStreamRestart
mmioRead
mixerGetControlDetailsA
mmioRenameW
waveInReset
AdvancedDocumentPropertiesW
DeletePrinterKeyW
EnumPrintersW
AbortPrinter
PdhGetRawCounterArrayA
PdhEnumObjectsA
PdhGetDataSourceTimeRangeA
PdhEnumMachinesW
PdhGetRawCounterArrayW
PdhSetQueryTimeRange
PdhParseCounterPathA
PdhCalculateCounterFromRawValue
PdhLookupPerfNameByIndexA
PdhEnumObjectItemsW
PdhReadRawLogRecord
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterArrayW
PdhGetLogFileSize
PdhGetFormattedCounterValue
PdhOpenLogA
PdhOpenQueryA
PdhAddCounterW
PdhGetDefaultPerfObjectA
PdhExpandCounterPathW
RevokeBindStatusCallback
CoInternetGetSession
RevokeFormatEnumerator
GetClassURL
RegisterBindStatusCallback
HlinkNavigateMoniker
HlinkGoForward
CreateURLMoniker
CopyStgMedium
GetClassFileOrMime
UrlMkSetSessionOption
CreateAsyncBindCtx
WriteHitLogging
CopyBindInfo
URLOpenPullStreamA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:02:05 20:04:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
6.0

EntryPoint
0xcc46

InitializedDataSize
2244608

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 192d1ed762ecfcd5e8b30e8428f8c8a6
SHA1 9b1b9352deacf791d45575e1ef29cbff412a2611
SHA256 d3b475b3d4409d5ac0d56c84113bdaa9ff4ad5f655dea75cb23b41491ef1939a
ssdeep
3072:176PoWdteuyrjdkOUNwa7u3l5QypoHO+jACaoSrPQ3qGZRR5ptZ5fzt:F6QsMu4jWOU9ypoHBjACaNU6K5pzJ

authentihash cf041c2cb9d3ffd161a17584c5cee57269d098d4b94ef236cba5617f7752a583
imphash 808d641b9ac8662b81d9b6a86257037f
File size 207.1 KB ( 212024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-24 17:58:37 UTC ( 4 years ago )
Last submission 2015-04-14 03:17:28 UTC ( 4 years ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.