× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d64e3da82755cd434f8ecac76cb1c805be36508bf086bfb7c4c04c958e051678
File name: 121d7337f17c1ac69fd4984202eb92786d47316d_ahwohn.ex
Detection ratio: 46 / 50
Analysis date: 2014-02-09 04:26:21 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.4629699 20140209
Yandex TrojanSpy.Zbot!AIf36fR0GP8 20140208
AhnLab-V3 Win-Trojan/Zbot2.Gen 20140208
AntiVir TR/Crypt.XPACK.Gen 20140208
Avast Win32:Zbot-MSV [Trj] 20140209
AVG Pakes.AW 20140208
Baidu-International Trojan.Win32.Zbot.AM 20140208
BitDefender Trojan.Generic.4629699 20140209
Bkav W32.Clod6cf.Trojan.ff5d 20140208
CAT-QuickHeal TrojanSpy.Zbot.gen 20140208
Commtouch W32/Risk.NEQM-0758 20140209
Comodo TrojWare.Win32.Spy.Zbot.ACL 20140209
DrWeb Trojan.PWS.Panda.302 20140209
Emsisoft Trojan.Generic.4629699 (B) 20140209
ESET-NOD32 Win32/Spy.Zbot.JF 20140208
F-Prot W32/MalwareF.ACYDC 20140209
F-Secure Trojan.Generic.4629699 20140209
Fortinet W32/Zbot.gen!tr 20140209
GData Trojan.Generic.4629699 20140209
Ikarus Trojan-Spy.Win32.Zbot 20140208
Jiangmin TrojanSpy.Zbot.fqn 20140209
K7AntiVirus Riskware ( fc63aeed0 ) 20140207
K7GW Backdoor ( 04c4dec31 ) 20140207
Kaspersky Trojan-Spy.Win32.Zbot.gen 20140208
Kingsoft Win32.Troj.Zbot.(kcloud) 20140209
Malwarebytes Trojan.PWS 20140209
McAfee PWS-Zbot.gen.add 20140209
McAfee-GW-Edition PWS-Zbot.gen.add 20140209
Microsoft PWS:Win32/Zbot.gen!R 20140209
eScan Trojan.Generic.4629699 20140209
NANO-Antivirus Trojan.Win32.Zbot.tffo 20140209
Norman Heur.I 20140208
nProtect Trojan-Spy/W32.ZBot.136192.S 20140207
Panda Trj/Sinowal.DW 20140208
Qihoo-360 Win32/Trojan.BO.4e5 20140209
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140208
Sophos AV Mal/Zbot-T 20140209
SUPERAntiSpyware Trojan.Agent/Gen-Faldesc 20140208
Symantec Trojan.Zbot!gen3 20140209
TheHacker Trojan/Spy.Zbot.gen 20140208
TotalDefense Win32/Zbot.BLN 20140208
TrendMicro TSPY_ZBOT.DAM 20140209
TrendMicro-HouseCall TSPY_ZBOT.DAM 20140209
VBA32 BScope.Trojan-Spy.Zbot 20140207
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20140209
ViRobot Spyware.Zbot.136192.A 20140208
Antiy-AVL 20140208
ByteHero 20140209
ClamAV 20140209
CMC 20140122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Myboiduhulteo

Publisher Icusaggu
Product Voadgacya
Original name Bucayzoma
Internal name Oldaibonlowiolexda
Description Ibniugetafonkaiq
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-09-18 04:30:07
Entry Point 0x00008A12
Number of sections 4
PE sections
PE imports
CryptDeriveKey
GetSecurityInfoExW
SetServiceBits
CryptHashSessionKey
GetNamedSecurityInfoExA
FreeSid
ObjectCloseAuditAlarmW
RegEnumKeyExW
GetAce
LogonUserA
InitiateSystemShutdownW
AllocateLocallyUniqueId
SetFileSecurityW
CreateProcessAsUserW
InitializeSid
SetThreadLocale
Toolhelp32ReadProcessMemory
GetDriveTypeW
GetComputerNameA
GetFileAttributesA
GetDriveTypeA
SetEndOfFile
SignalObjectAndWait
QueueUserAPC
GetLocalTime
FileTimeToDosDateTime
FreeEnvironmentStringsW
LocalAlloc
GetVolumeInformationW
OpenWaitableTimerW
GetSystemDirectoryW
GetLogicalDrives
GetFileInformationByHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
SetComputerNameW
HeapLock
SwitchToFiber
SetComputerNameA
FormatMessageW
ConnectNamedPipe
GetEnvironmentVariableA
QueryDosDeviceW
GetProfileIntA
EnumDateFormatsA
GetStringTypeExA
GetCurrentThread
SetMessageWaitingIndicator
LocalLock
GetLargestConsoleWindowSize
SetConsoleActiveScreenBuffer
ReadConsoleInputW
FlushViewOfFile
LoadLibraryA
FoldStringA
EnumCalendarInfoA
OpenWaitableTimerA
GetPrivateProfileStringA
Heap32First
EnumSystemLocalesW
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
GetSystemPowerStatus
SetFileAttributesW
LockFileEx
GetCurrencyFormatW
CreateThread
VirtualLock
GetPrivateProfileSectionA
LocalFlags
GetExitCodeThread
SetUnhandledExceptionFilter
GetProcessPriorityBoost
CreateMutexW
GetNumberOfConsoleMouseButtons
SetThreadIdealProcessor
MoveFileExA
SetEnvironmentVariableA
SetPriorityClass
SetThreadContext
WaitForMultipleObjectsEx
CreateSemaphoreW
RtlFillMemory
VirtualQuery
FindAtomA
GetTickCount
GetVersion
WriteConsoleW
GetExitCodeProcess
GetNumberOfConsoleInputEvents
TlsAlloc
VirtualProtect
CreateMailslotA
lstrcmpiW
GetDevicePowerState
WriteConsoleInputW
WinExec
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
SetErrorMode
GenerateConsoleCtrlEvent
LoadModule
GetCPInfo
GetProcAddress
GetStartupInfoW
ReadConsoleA
WaitNamedPipeW
ExpandEnvironmentStringsW
WaitNamedPipeA
GetProfileStringA
GetTempFileNameA
CreateWaitableTimerA
EnumDateFormatsExW
CreateEventW
GlobalFindAtomA
GetFileType
ReadConsoleOutputW
CreateFileA
lstrcpyn
ReadConsoleOutputAttribute
CreateNamedPipeW
GetEnvironmentStringsA
GlobalGetAtomNameA
GlobalUnlock
GlobalAlloc
GetShortPathNameA
OpenFile
EnumTimeFormatsW
SwitchToThread
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
CopyFileExA
GetCompressedFileSizeW
GetCurrentDirectoryA
GetAtomNameW
SetConsoleCursorInfo
WritePrivateProfileStringW
EnumSystemCodePagesW
GetSystemDefaultLangID
ReadConsoleW
Module32First
MapViewOfFile
SetFilePointer
HeapUnlock
HeapCompact
PeekConsoleInputW
GetAtomNameA
DeleteAtom
EnumResourceTypesW
GetACP
GetModuleHandleW
LoadLibraryExA
IsBadStringPtrW
WriteConsoleOutputCharacterW
CompareFileTime
ResetWriteWatch
FindResourceW
CreateProcessW
WriteConsoleOutputCharacterA
IsBadReadPtr
IsBadCodePtr
SetMailslotInfo
VirtualAlloc
StrRChrW
ColorRGBToHLS
IntlStrEqWorkerA
SHRegSetUSValueW
PathCompactPathA
PathFindOnPathA
SHAutoComplete
EnumWindowStationsA
SetDlgItemTextA
VkKeyScanExW
UnregisterHotKey
DdeSetUserHandle
DdeAccessData
CharLowerBuffA
SetRectEmpty
EnableScrollBar
MessageBoxA
GetClipboardViewer
GetTabbedTextExtentW
OemToCharBuffA
GrayStringW
VkKeyScanA
OpenWindowStationW
OemToCharBuffW
SetCaretBlinkTime
VkKeyScanW
OpenWindowStationA
GetClipboardSequenceNumber
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
LoadBitmapW
GetClassInfoA
SendMessageW
EndMenu
SendMessageA
DlgDirSelectExW
GetClientRect
SetMenuDefaultItem
GetThreadDesktop
CharPrevExA
IsClipboardFormatAvailable
DestroyCaret
RegisterHotKey
GetUpdateRgn
GetWindowTextW
EnumClipboardFormats
CreateCursor
LoadMenuIndirectW
MapVirtualKeyExA
InvalidateRgn
GetKeyState
GetWindowWord
MapVirtualKeyW
GetMessageA
GetCursorInfo
SendNotifyMessageW
SetClassLongW
CheckRadioButton
CreateCaret
MapVirtualKeyExW
SetMenuInfo
FlashWindowEx
GetListBoxInfo
CharToOemBuffA
IsCharAlphaW
ChangeDisplaySettingsExW
InsertMenuItemW
SetWindowPlacement
DdeKeepStringHandle
EnumDisplaySettingsW
ScrollDC
IsCharAlphaA
DdeQueryConvInfo
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
SetClipboardData
GetMenuBarInfo
InternalGetWindowText
DdeQueryNextServer
GetIconInfo
PaintDesktop
GetQueueStatus
RegisterClassW
IsCharLowerA
GetWindowRgn
CloseWindow
IsCharLowerW
EnumDisplayDevicesW
OpenDesktopA
SetTimer
DlgDirListA
ShowOwnedPopups
FillRect
CreateAcceleratorTableW
WaitForInputIdle
GetSysColorBrush
GetDialogBaseUnits
DdeConnect
RealChildWindowFromPoint
DialogBoxIndirectParamA
GetWindowInfo
CharNextW
MapWindowPoints
DdeAbandonTransaction
GetMonitorInfoW
BeginPaint
SetCaretPos
SetLastErrorEx
GetKeyboardLayoutNameW
CharNextA
TrackMouseEvent
GetComboBoxInfo
CharPrevW
DefMDIChildProcA
CheckMenuRadioItem
SetClipboardViewer
SendDlgItemMessageA
RegisterDeviceNotificationA
SetScrollRange
GetWindowRect
IsDialogMessage
PostMessageA
DrawIcon
EnumChildWindows
EnumDisplaySettingsExW
SetProcessWindowStation
SetKeyboardState
GetKeyNameTextW
CheckDlgButton
DrawCaption
CreateWindowStationA
EqualRect
ChildWindowFromPointEx
PtInRect
DdeGetLastError
RemovePropW
CreateWindowStationW
GetSystemMenu
TrackPopupMenu
CharToOemW
SetParent
IsDlgButtonChecked
SwapMouseButton
CreateIconFromResourceEx
LoadIconW
FindWindowExW
TranslateAcceleratorA
SetForegroundWindow
NotifyWinEvent
ExitWindowsEx
PostThreadMessageA
GetMenuItemInfoW
CreateDialogIndirectParamW
CharLowerBuffW
LoadMenuA
CallMsgFilter
SendInput
RemovePropA
DlgDirListComboBoxW
GetShellWindow
RemoveMenu
GetWindowThreadProcessId
MessageBoxExA
ShowScrollBar
MessageBoxW
RegisterClassExW
SendMessageCallbackA
MessageBoxIndirectA
IsWindowUnicode
DialogBoxParamW
DdePostAdvise
GetClassNameA
LookupIconIdFromDirectoryEx
GetClassWord
LoadKeyboardLayoutA
GetMenuItemRect
GetSysColor
DeferWindowPos
CreateWindowExW
EndDeferWindowPos
IsCharAlphaNumericA
SetShellWindow
DestroyIcon
CreateMDIWindowW
OemKeyScan
CharToOemA
SystemParametersInfoW
WinHelpA
UnionRect
MonitorFromRect
GetClassNameW
UnregisterClassW
GetKeyboardType
TranslateMDISysAccel
CreateIcon
CloseDesktop
ValidateRect
ChangeMenuW
GetFocus
DefDlgProcW
TranslateAcceleratorW
CoGetMarshalSizeMax
DoDragDrop
CreateBindCtx
CoRegisterMessageFilter
MonikerRelativePathTo
OleLoad
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
CodeSize
94720

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.6.950.2183

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
44544

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Myboiduhulteo

TimeStamp
2008:09:18 05:30:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Oldaibonlowiolexda

SubsystemVersion
5.0

FileAccessDate
2014:02:09 05:26:39+01:00

FileDescription
Ibniugetafonkaiq

OSVersion
5.0

FileCreateDate
2014:02:09 05:26:39+01:00

OriginalFilename
Bucayzoma

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Icusaggu

LegalTrademarks
Foymgoxyep

ProductName
Voadgacya

ProductVersionNumber
5.6.950.2183

EntryPoint
0x8a12

ObjectFileType
Executable application

File identification
MD5 61ec1c0dd092c2b7c5e28ca7f7dbcab6
SHA1 121d7337f17c1ac69fd4984202eb92786d47316d
SHA256 d64e3da82755cd434f8ecac76cb1c805be36508bf086bfb7c4c04c958e051678
ssdeep
3072:W3S+lwaGd/XNiT8HFcpNi31hANZfiOqJrG+SE9NWBuUf:WgjdF2NiFhATrqBbS/ug

imphash 65de819e67217cc6577d8e6497c17a6d
File size 133.0 KB ( 136192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2010-05-06 05:12:32 UTC ( 8 years, 6 months ago )
Last submission 2014-02-09 04:26:21 UTC ( 4 years, 9 months ago )
File names 121d7337f17c1ac69fd4984202eb92786d47316d_ahwohn.ex
D2docAY.dll
aa
Bucayzoma
61EC1C0DD092C2B7C5E28CA7F7DBCAB6
Oldaibonlowiolexda
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!