× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da7ab88828ad5e4ff9ccd6957927db41fe1899986a2a2738a4a79ac5fe2fb7f5
File name: ks.exe
Detection ratio: 37 / 55
Analysis date: 2015-04-21 11:11:30 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.12816364 20150421
Yandex TrojanSpy.Zbot!K4H3GO5AeCI 20150420
AhnLab-V3 Trojan/Win32.Zbot 20150421
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150421
Avast Win32:Malware-gen 20150421
AVG Inject2.BRBL 20150421
AVware Trojan.Win32.Generic!BT 20150421
Baidu-International Trojan.Win32.Zbot.vckj 20150421
BitDefender Trojan.Generic.12816364 20150421
CAT-QuickHeal Trojan.Dyname.r5 20150421
Cyren W32/Trojan.IQRN-6653 20150421
Emsisoft Trojan.Generic.12816364 (B) 20150421
ESET-NOD32 Win32/Spy.Zbot.AAO 20150421
F-Secure Trojan.Generic.12816364 20150421
Fortinet W32/BVBN!tr 20150421
GData Trojan.Generic.12816364 20150421
Ikarus Trojan-Spy.Agent 20150421
K7AntiVirus Trojan ( 004b6cd41 ) 20150421
K7GW Trojan ( 004b6cd41 ) 20150421
Kaspersky Trojan-Spy.Win32.Zbot.vckj 20150421
McAfee PWSZbot-FAJJ!7FC48AD8666B 20150421
McAfee-GW-Edition PWSZbot-FAJJ!7FC48AD8666B 20150420
Microsoft Trojan:Win32/Dynamer!ac 20150421
eScan Trojan.Generic.12816364 20150421
NANO-Antivirus Trojan.Win32.XPACK.doradx 20150421
Norman Suspicious_Gen4.IATIH 20150421
nProtect Trojan.Generic.12816364 20150421
Panda Generic Suspicious 20150421
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150421
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150421
Sophos Troj/Agent-AMDD 20150421
Tencent Trojan.Win32.Qudamah.Gen.4 20150421
TotalDefense Win32/Zbot.ZANH!suspicious 20150421
TrendMicro TROJ_GEN.R021C0CC815 20150421
TrendMicro-HouseCall TROJ_GEN.R021C0CC815 20150421
VBA32 TrojanSpy.Zbot 20150420
VIPRE Trojan.Win32.Generic!BT 20150421
AegisLab 20150421
Alibaba 20150421
Bkav 20150421
ByteHero 20150421
ClamAV 20150421
CMC 20150421
Comodo 20150421
DrWeb 20150424
F-Prot 20150421
Jiangmin 20150420
Kingsoft 20150421
Malwarebytes 20150421
SUPERAntiSpyware 20150421
Symantec 20150421
TheHacker 20150421
ViRobot 20150421
Zillya 20150422
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-16 16:59:18
Entry Point 0x000010C3
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
EqualSid
RegOpenKeyExA
RegQueryValueExW
ImageList_Create
InitCommonControlsEx
ImageList_Destroy
ImageList_Add
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SelectObject
GetStockObject
GetObjectW
CreateCompatibleDC
DeleteObject
GetStartupInfoA
LCMapStringW
GetConsoleMode
GetStringTypeW
GetStringTypeA
GetModuleHandleA
OutputDebugStringW
GetCommandLineW
VirtualFree
SetErrorMode
ExitProcess
MulDiv
GetCommandLineA
GetVersion
VirtualAlloc
WriteConsoleW
HeapDestroy
ReleaseDC
SetWindowTextA
GetParent
LoadIconA
LoadStringA
GetClientRect
MessageBoxA
GetWindowRect
GetDlgItem
SetForegroundWindow
LoadCursorA
UnregisterClassA
GetDC
RegisterClassExA
Number of PE resources by type
RT_HTML 1
Number of PE resources by language
NEUTRAL 1
PE resources
File identification
MD5 7fc48ad8666bbb1bb8732fd35e3aabcb
SHA1 375d227d94ac9ddebf257f776207699ec019d923
SHA256 da7ab88828ad5e4ff9ccd6957927db41fe1899986a2a2738a4a79ac5fe2fb7f5
ssdeep
6144:GAwmpMuAwd5Uednz5TWD+wylawjXCOdFjUmEUuYs38SdioV6M:GA1MNwTb1TWDmwmEUNs3pTV6M

authentihash f9f50a788e1b823d0ad572cc093a4e8b1bffb7877d59543d0e088e3b800fec65
imphash 226f76ca4c1697fb9490e34a5aee6675
File size 344.5 KB ( 352768 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
Sybase iAnywhere database files (0.2%)
Targa bitmap (Original TGA Format) (0.0%)
Tags
mz

VirusTotal metadata
First submission 2015-03-02 03:05:17 UTC ( 2 years ago )
Last submission 2015-03-06 16:48:42 UTC ( 2 years ago )
File names ks.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections