× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d9a07efbf2c59f1d13fa37854bf85d6334131bfcf3797eca0e8d677b1fcf3da4
File name: Complaint_07222013.exe
Detection ratio: 14 / 47
Analysis date: 2013-07-22 19:07:02 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 ASD.Prevention 20130722
AntiVir TR/Spy.Zbot.nsnu.1 20130722
Comodo Heur.Packed.Unknown 20130722
DrWeb Trojan.PWS.Stealer.3128 20130722
Emsisoft Trojan.Win32.Fareit (A) 20130722
ESET-NOD32 a variant of Win32/Kryptik.BGIS 20130722
Fortinet W32/Zbot.NSNU!tr 20130722
Kaspersky Trojan-Spy.Win32.Zbot.nsnu 20130722
Malwarebytes Trojan.Ransom.ED 20130722
McAfee Artemis!95B542B1BCBD 20130722
McAfee-GW-Edition Artemis!95B542B1BCBD 20130722
Sophos AV Troj/Agent-ACUP 20130722
Symantec Trojan.Zbot 20130722
VIPRE Win32.Malware!Drop 20130722
Yandex 20130722
Antiy-AVL 20130722
Avast 20130722
AVG 20130722
BitDefender 20130722
ByteHero 20130613
CAT-QuickHeal 20130722
ClamAV 20130722
Commtouch 20130722
eSafe 20130722
F-Prot 20130722
F-Secure 20130722
GData 20130722
Ikarus 20130722
Jiangmin 20130722
K7AntiVirus 20130722
K7GW 20130722
Kingsoft 20130718
Microsoft 20130722
eScan 20130722
NANO-Antivirus 20130722
Norman 20130722
nProtect 20130722
Panda 20130722
PCTools 20130722
Rising 20130722
SUPERAntiSpyware 20130722
TheHacker 20130722
TotalDefense 20130722
TrendMicro 20130722
TrendMicro-HouseCall 20130722
VBA32 20130722
ViRobot 20130722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-16 11:22:34
Entry Point 0x00001902
Number of sections 3
PE sections
PE imports
GetLongPathNameA
lstrcpyW
GetDiskFreeSpaceW
lstrcmpA
FindResourceW
GetFileAttributesA
GetPrivateProfileIntA
CreateDirectoryA
WriteFileEx
GetExitCodeProcess
InterlockedDecrement
Sleep
WaitForSingleObject
VirtualAllocEx
ExitProcess
LoadLibraryA
InterlockedIncrement
GetPrivateProfileSectionA
SetEnvironmentVariableA
ApphelpCheckIME
SdbCreateMsiTransformFile
AllowPermLayer
ApphelpCheckExe
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:06:16 12:22:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2560

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1902

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 95b542b1bcbd7d5aee65f97e9125d90c
SHA1 482e802ac3d27bfb1dda3164c4d5baba04e72c68
SHA256 d9a07efbf2c59f1d13fa37854bf85d6334131bfcf3797eca0e8d677b1fcf3da4
ssdeep
3072:CksPEz87zot18dmS9Y9iZXh+gYzbiJ23mucT907eghsOf:mMkEt16m8RYz+JRu8907Bv

authentihash 5280bb66c236f3e7bbd24447fa008b4ff2b769cf2f499e3aae383c2b2df7b62a
imphash 900a9e454abc10a655b3294ede05667a
File size 127.5 KB ( 130560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-22 12:21:03 UTC ( 5 years, 10 months ago )
Last submission 2017-12-06 19:07:36 UTC ( 1 year, 5 months ago )
File names Case_07222013.exe
Case_07222013.exe-2013-07-22_22_05_01.txt
Complaint_07222013.exe
95b542b1bcbd7d5aee65f97e9125d90c_1122_qbc.malware
vt-upload-Qquaa
vt-upload-ZAPNj
vt-upload-qoHQW
vt-upload-XUfa6
86ACBBDC
95b542b1bcbd7d5aee65f97e9125d90c.exe
95b542b1bcbd7d5aee65f97e9125d90c.PE_
Complaint_07222013.exe.txt
vt-upload-NXXXR
Docs_22072013_PDF.PDF.exe
95b542b1bcbd7d5aee65f97e9125d90c
malekal_95b542b1bcbd7d5aee65f97e9125d90c
file-5751512_exe-
vt-upload-CFEGf
95b542b1bcbd7d5aee65f97e9125d90c_kaf0x0
95b542b1bcbd7d5aee65f97e9125d90c.ex_
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications