× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4f1319609ff04bdab4a3e969ca13458efdc7e669f74de4d8392db60a2119aaf
File name: 58fdac4dbccfb2c8d88c5feaf69ccc20
Detection ratio: 40 / 53
Analysis date: 2014-05-20 20:30:15 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Ranapama.A 20140520
Yandex TrojanSpy.Zbot!G+gYOQL3JXk 20140520
AhnLab-V3 Spyware/Win32.Zbot 20140520
AntiVir TR/Ranapama.A 20140520
Avast Win32:Injector-BQJ [Trj] 20140520
AVG Inject2.SNE 20140520
Baidu-International Trojan.Win32.Zbot.azZY 20140520
BitDefender Trojan.Ranapama.A 20140520
Bkav HW32.CDB.5fc3 20140520
Comodo TrojWare.Win32.Ransom.PornoAsset.CLHL 20140520
DrWeb Trojan.PWS.Panda.2401 20140520
Emsisoft Trojan.Ranapama.A (B) 20140520
ESET-NOD32 a variant of Win32/Injector.AXPJ 20140520
F-Secure Trojan.Ranapama.A 20140520
Fortinet W32/Injector.AXKT!tr 20140520
GData Trojan.Ranapama.A 20140520
Ikarus Trojan.Inject2 20140520
Jiangmin TrojanSpy.Zbot.gzne 20140520
K7AntiVirus Trojan ( 004952c31 ) 20140520
K7GW Trojan ( 004952c31 ) 20140520
Kaspersky Trojan-Spy.Win32.Zbot.rmop 20140520
Kingsoft Win32.Troj.Zbot.rm.(kcloud) 20140520
Malwarebytes Trojan.Zbot 20140520
McAfee Generic-FAOP!58FDAC4DBCCF 20140520
McAfee-GW-Edition Generic-FAOP!58FDAC4DBCCF 20140520
Microsoft PWS:Win32/Zbot 20140520
eScan Trojan.Ranapama.A 20140520
NANO-Antivirus Trojan.Win32.Zbot.ctptgx 20140520
nProtect Trojan.Ranapama.A 20140520
Panda Generic Malware 20140520
Qihoo-360 Win32/Trojan.fdd 20140520
Sophos AV Troj/Wonton-P 20140520
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20140520
Symantec Backdoor.Trojan 20140520
TheHacker Trojan/Injector.axkt 20140520
TrendMicro TROJ_GEN.R021C0CBR14 20140520
TrendMicro-HouseCall TROJ_KRYPTK.SM37 20140520
VBA32 TrojanSpy.Zbot.rmop 20140520
VIPRE Trojan.Win32.Generic!BT 20140520
Zillya Trojan.Zbot.Win32.148229 20140520
AegisLab 20140520
Antiy-AVL 20140520
ByteHero 20140520
CAT-QuickHeal 20140520
ClamAV 20140520
CMC 20140520
Commtouch 20140520
F-Prot 20140520
Norman 20140520
Rising 20140520
Tencent 20140520
TotalDefense 20140520
ViRobot 20140520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Intel Pentium 4
Product Intel corporation Pentium 4
Original name intel.exe
File version 7.0.0.3
Description Intel corporation Pentium 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-11 01:56:58
Entry Point 0x000036A1
Number of sections 3
PE sections
PE imports
CreateCompatibleDC
CreateColorSpaceW
Arc
CombineRgn
CloseFigure
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
GetCommandLineA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WriteProfileSectionW
GetProcAddress
AddAtomW
EncodePointer
GetFileType
SetStdHandle
CompareStringW
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
glMateriali
glColor4iv
glEvalCoord2fv
wglRealizeLayerPalette
glFinish
wglUseFontBitmapsA
glIndexs
glNormal3b
ExtractIconExA
DoEnvironmentSubstA
ExtractAssociatedIconW
ExtractIconExW
ShellExecuteExW
ExtractIconW
SetFocus
SetWindowWord
DefFrameProcW
UpdateWindow
CloseDesktop
DdeConnect
GetKeyboardLayoutList
GetAsyncKeyState
GetWindowInfo
PostMessageW
FrameRect
mmioSeek
joyGetDevCapsA
PlaySoundA
waveOutGetDevCapsA
mixerClose
SymGetLineNext
SymGetModuleInfoW64
SymMatchString
ImageRvaToSection
SymGetLinePrev
SymLoadModuleEx
CoGetInstanceFromFile
StringFromCLSID
GetClassFile
CoBuildVersion
OleDestroyMenuDescriptor
FindMediaType
GetClassFileOrMime
CoInternetGetProtocolFlags
HlinkGoForward
Number of PE resources by type
RT_DIALOG 43
RT_BITMAP 27
RT_HTML 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 72
RUSSIAN 1
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
241664

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
7.0.0.3

TimeStamp
2014:02:11 02:56:58+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:05:20 21:25:18+01:00

ProductVersion
7.0.0.3

FileDescription
Intel corporation Pentium 4

OSVersion
5.0

FileCreateDate
2014:05:20 21:25:18+01:00

OriginalFilename
intel.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Pentium 4

CodeSize
49664

ProductName
Intel corporation Pentium 4

ProductVersionNumber
7.0.0.3

EntryPoint
0x36a1

ObjectFileType
Executable application

File identification
MD5 58fdac4dbccfb2c8d88c5feaf69ccc20
SHA1 75861106a06c2fd71a14ec88c3ea3ac82ce44d04
SHA256 d4f1319609ff04bdab4a3e969ca13458efdc7e669f74de4d8392db60a2119aaf
ssdeep
6144:DeiGTXcxIK5iZf7gxhaJAxFsDhkrvmlMIB3u:DeiGImKo9YhaJAxe/3u

imphash f130d9b64f49f8db8c467a78a0a71386
File size 286.7 KB ( 293595 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-28 21:50:08 UTC ( 4 years, 9 months ago )
Last submission 2014-05-20 20:30:15 UTC ( 4 years, 6 months ago )
File names intel.exe
vt-upload-c9GV4
58fdac4dbccfb2c8d88c5feaf69ccc20
wIAK.inf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs