× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db41194de27c68e8fd10bdbc107bae5c91fb8ebf340802c3844aed7d733a9674
File name: 1e0058d2e69f3bc4b961451710e2fa06
Detection ratio: 2 / 53
Analysis date: 2014-07-23 15:24:04 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Avast Win32:Dropper-gen [Drp] 20140723
ESET-NOD32 a variant of Win32/Kryptik.CHHZ 20140723
Ad-Aware 20140723
AegisLab 20140723
Yandex 20140723
AhnLab-V3 20140723
AntiVir 20140723
Antiy-AVL 20140723
AVG 20140723
Baidu-International 20140723
BitDefender 20140723
Bkav 20140723
ByteHero 20140723
CAT-QuickHeal 20140723
ClamAV 20140723
CMC 20140722
Commtouch 20140723
Comodo 20140723
DrWeb 20140723
Emsisoft 20140723
F-Prot 20140723
F-Secure 20140723
Fortinet 20140723
GData 20140723
Ikarus 20140723
Jiangmin 20140723
K7AntiVirus 20140723
K7GW 20140723
Kaspersky 20140723
Kingsoft 20140723
Malwarebytes 20140723
McAfee 20140723
McAfee-GW-Edition 20140722
Microsoft 20140723
eScan 20140723
NANO-Antivirus 20140723
Norman 20140723
nProtect 20140723
Panda 20140723
Qihoo-360 20140723
Rising 20140723
Sophos 20140723
SUPERAntiSpyware 20140723
Symantec 20140723
Tencent 20140723
TheHacker 20140722
TotalDefense 20140723
TrendMicro 20140723
TrendMicro-HouseCall 20140723
VBA32 20140723
VIPRE 20140723
ViRobot 20140723
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-23 09:39:42
Entry Point 0x0001F464
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
Ord(17)
ImageList_AddMasked
GetOpenFileNameA
CommDlgExtendedError
SelectObject
FillRgn
CreateRectRgnIndirect
DeleteObject
CreateSolidBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
GetProcAddress
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetDateFormatW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetUserDefaultLCID
LeaveCriticalSection
InterlockedCompareExchange
EncodePointer
GetFileType
SetStdHandle
CompareStringW
RaiseException
InitializeCriticalSection
GlobalReAlloc
GetModuleFileNameW
TlsFree
SetFilePointer
FlushFileBuffers
DeleteCriticalSection
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
ExitProcess
GetFileSize
SetLastError
GetTimeFormatA
PathFileExistsW
PathFindExtensionW
GetCursorPos
GetMessagePos
LoadBitmapW
KillTimer
CreatePopupMenu
ShowWindow
SetWindowPos
IsWindow
GetMenu
GetWindowRect
EnableWindow
SetMenu
MoveWindow
EnumChildWindows
WindowFromPoint
MessageBoxA
AppendMenuW
GetDlgItemTextW
SetDlgItemTextW
GetDC
CreateDialogParamW
SetWindowTextA
CheckMenuItem
SendMessageW
GetForegroundWindow
SendMessageA
SetWindowTextW
GetDlgItem
IsIconic
ScreenToClient
SetRect
CreateMenu
GetClassNameW
IsDialogMessageW
GetMenuItemCount
GetClientRect
GetClassNameA
GetFocus
CreateWindowExW
timeEndPeriod
timeGetTime
timeBeginPeriod
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipFree
GdipSaveImageToFile
GdipGetImageWidth
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:23 10:39:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
346112

LinkerVersion
10.0

EntryPoint
0x1f464

InitializedDataSize
55808

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 1e0058d2e69f3bc4b961451710e2fa06
SHA1 54b3eb85fbf852c7484b202473650153d15e133e
SHA256 db41194de27c68e8fd10bdbc107bae5c91fb8ebf340802c3844aed7d733a9674
ssdeep
6144:70rvl/oUoxEUx5qkXyQzWj4KoLMOqMV0za5C2xWWwKyAT+C8NECaDQI:WVYEGygWj43Lga8WVyHlra7

authentihash 8805d757e67be997f331c3b4173d997682b359ecee366da3d953858f48ede759
imphash 17d058a6aaa7315f5a32ba6762e9b6c3
File size 393.5 KB ( 402944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-23 15:24:04 UTC ( 2 years, 8 months ago )
Last submission 2017-02-02 08:49:40 UTC ( 1 month, 2 weeks ago )
File names ZeuS_binary_1e0058d2e69f3bc4b961451710e2fa06.exe
file-7411311_exe
zeusbin_1e0058d2e69f3bc4b961451710e2fa06.exe
Zeus_low.exe
1e0058d2e69f3bc4b961451710e2fa06.exe
ZeuS_binary_1e0058d2e69f3bc4b961451710e2fa06.exe
ZeuS_binary_1e0058d2e69f3bc4b961451710e2fa06(2).exe
ZeuS_binary_1e0058d2e69f3bc4b961451710e2fa06.exe
1e0058d2e69f3bc4b961451710e2fa06
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.