× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db00070b9d51f8e09bb136136b6656eb8c64e133edce50e55cca58e8b7f25258
File name: vt-upload-oQ2N_
Detection ratio: 23 / 55
Analysis date: 2014-10-11 09:27:36 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.146314 20141011
AhnLab-V3 Trojan/Win32.ZBot 20141010
AVG Zbot.LKD 20141011
AVware Trojan.Win32.Generic.pak!cobra 20141011
BitDefender Gen:Variant.Graftor.146314 20141011
Bkav W32.HfsAutoA.51BD 20141011
CAT-QuickHeal TrojanPWS.Zbot.LB6 20141010
Cyren W32/Trojan.RXPG-2098 20141011
DrWeb Trojan.PWS.Panda.7278 20141011
Emsisoft Gen:Variant.Graftor.146314 (B) 20141011
ESET-NOD32 a variant of Win32/Injector.BHNP 20141011
F-Prot W32/Trojan3.JDY 20141009
F-Secure Gen:Variant.Graftor.146314 20141011
GData Gen:Variant.Graftor.146314 20141011
Ikarus Trojan-Spy.Win32.Zbot 20141011
Kaspersky Trojan-Spy.Win32.Zbot.tkwo 20141011
Malwarebytes Spyware.ZeuS 20141011
eScan Gen:Variant.Graftor.146314 20141011
Qihoo-360 HEUR/Malware.QVM07.Gen 20141011
Tencent Win32.Trojan-spy.Zbot.Hrfk 20141011
VBA32 TrojanSpy.Zbot 20141010
VIPRE Trojan.Win32.Generic.pak!cobra 20141011
Zillya Trojan.Zbot.Win32.159873 20141009
AegisLab 20141011
Yandex 20141010
Antiy-AVL 20141011
Avast 20141011
Avira (no cloud) 20141011
Baidu-International 20141011
ByteHero 20141011
ClamAV 20141011
CMC 20141009
Comodo 20141011
Fortinet 20141011
Jiangmin 20141010
K7AntiVirus 20141010
K7GW 20141011
Kingsoft 20141011
McAfee 20141011
McAfee-GW-Edition 20141011
Microsoft 20141011
NANO-Antivirus 20141011
Norman 20141011
nProtect 20141010
Panda 20141010
Rising 20141010
Sophos 20141011
SUPERAntiSpyware 20141011
Symantec 20141011
TheHacker 20141010
TotalDefense 20141011
TrendMicro 20141011
TrendMicro-HouseCall 20141011
ViRobot 20141011
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-30 19:02:15
Entry Point 0x00002400
Number of sections 4
PE sections
PE imports
DeleteObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetFileSize
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
WriteFile
GetCurrentProcess
FindFirstFileA
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
MoveFileA
TerminateProcess
HeapCreate
VirtualFree
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
CloseHandle
PathFindFileNameA
PathFindExtensionA
LoadIconA
EnableWindow
EndDialog
GetDlgItemTextA
SendMessageA
MessageBoxA
GetDlgItem
DialogBoxParamA
ShowWindow
LoadBitmapA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 4
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:30 20:02:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileAccessDate
2014:10:11 10:29:26+01:00

EntryPoint
0x2400

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:10:11 10:29:26+01:00

UninitializedDataSize
0

File identification
MD5 259874305e6145e0dfa0c22759966bd5
SHA1 485660faf42259fd4e56836fff4908eeaabd9b53
SHA256 db00070b9d51f8e09bb136136b6656eb8c64e133edce50e55cca58e8b7f25258
ssdeep
6144:YTfHBy1KlG7KIQYX3LH4Yg452begC7eJQch4x8r:YTfHB0EG753DDg4wbegC7eyc9

authentihash d27aa8f3230a5b2a50f324d96bd7012355d00b5d02bff7bdc4cfad462be5fae3
imphash 3c2d763f239015ec2a65ffd5072210d2
File size 329.0 KB ( 336856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-11 09:27:36 UTC ( 2 years, 5 months ago )
Last submission 2014-10-11 09:27:36 UTC ( 2 years, 5 months ago )
File names vt-upload-oQ2N_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs