× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7617d4cbe5e413b498d0de19e5e9793a22dbc93311117e814d9ddea37809b9b
File name: 0e44b761fc519a02828d14317e84b61c
Detection ratio: 14 / 53
Analysis date: 2014-07-24 11:44:14 UTC ( 4 years, 8 months ago )
Antivirus Result Update
AntiVir TR/Zbot.A.1032 20140724
Avast Win32:Malware-gen 20140724
AVG Zbot.LVM 20140724
Baidu-International Trojan.Win32.Zbot.BABV 20140724
CMC Packed.Win32.Katusha.3!O 20140724
ESET-NOD32 Win32/Spy.Zbot.ABV 20140724
Kaspersky Trojan-Spy.Win32.Zbot.tpky 20140724
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140724
Malwarebytes Spyware.Zbot.ED 20140724
Panda Trj/Chgt.C 20140724
Qihoo-360 HEUR/Malware.QVM20.Gen 20140724
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140724
Sophos AV Mal/Generic-S 20140724
Tencent Win32.Trojan-spy.Zbot.Gvk 20140724
Ad-Aware 20140724
AegisLab 20140724
Yandex 20140724
AhnLab-V3 20140723
Antiy-AVL 20140724
BitDefender 20140724
Bkav 20140724
ByteHero 20140724
CAT-QuickHeal 20140724
ClamAV 20140724
Commtouch 20140724
Comodo 20140724
DrWeb 20140724
Emsisoft 20140724
F-Prot 20140724
F-Secure 20140724
Fortinet 20140724
GData 20140724
Ikarus 20140724
Jiangmin 20140724
K7AntiVirus 20140723
K7GW 20140723
McAfee 20140724
McAfee-GW-Edition 20140723
Microsoft 20140724
eScan 20140724
NANO-Antivirus 20140724
Norman 20140724
nProtect 20140724
SUPERAntiSpyware 20140724
Symantec 20140724
TheHacker 20140722
TotalDefense 20140724
TrendMicro 20140724
TrendMicro-HouseCall 20140724
VBA32 20140724
VIPRE 20140724
ViRobot 20140724
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-01 12:15:49
Entry Point 0x0001D47D
Number of sections 4
PE sections
Number of PE resources by type
Number of PE resources by language
PE resources
File identification
MD5 0e44b761fc519a02828d14317e84b61c
SHA1 fec33abec4cc241650501bc0da4fcaf04a0c6fba
SHA256 d7617d4cbe5e413b498d0de19e5e9793a22dbc93311117e814d9ddea37809b9b

imphash 4a557c9f770bf9e3ffabaa5cd08d6e40
File size 278.0 KB ( 284672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (42.0%)
Win32 Executable MS Visual C++ (generic) (30.4%)
Windows Screen Saver (12.7%)
Win32 Dynamic Link Library (generic) (6.4%)
Win32 Executable (generic) (4.3%)

VirusTotal metadata
First submission 2014-07-24 11:44:14 UTC ( 4 years, 8 months ago )
Last submission 2014-07-24 11:44:14 UTC ( 4 years, 8 months ago )
File names 0e44b761fc519a02828d14317e84b61c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests