× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dcbb9a8ed898de2d0a9285166ec6d7ecfbae3ccfada16cc51f7d75038d07d41a
File name: 36f4698ac826092157e71d6ed5972d2d697d93ba
Detection ratio: 16 / 57
Analysis date: 2015-03-13 12:03:53 UTC ( 4 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20150313
Avast Win32:GenMaliciousA-ENS [Trj] 20150313
Avira (no cloud) TR/Zbot.A.1444 20150313
AVware Trojan.Win32.Generic.pak!cobra 20150313
ESET-NOD32 a variant of Win32/Kryptik.DBJQ 20150313
Fortinet W32/Kryptik.DBJQ!tr 20150313
GData Win32.Trojan.Agent.M6TNY0 20150313
Kaspersky Trojan-Spy.Win32.Zbot.vdyt 20150313
Malwarebytes Trojan.Ransom.ED 20150313
McAfee Artemis!1BF3F8E8ACFE 20150313
McAfee-GW-Edition Artemis 20150313
Qihoo-360 Win32/Trojan.BO.8bc 20150313
Tencent Win32.Trojan.Zbot.Ecut 20150313
TrendMicro TROJ_FORUCON.BMC 20150313
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150313
VIPRE Trojan.Win32.Generic.pak!cobra 20150313
Ad-Aware 20150313
AegisLab 20150313
Yandex 20150312
Alibaba 20150313
ALYac 20150313
Antiy-AVL 20150313
AVG 20150313
Baidu-International 20150313
BitDefender 20150313
Bkav 20150313
ByteHero 20150313
CAT-QuickHeal 20150313
ClamAV 20150313
CMC 20150313
Comodo 20150313
Cyren 20150313
DrWeb 20150313
Emsisoft 20150313
F-Prot 20150313
F-Secure 20150313
Ikarus 20150313
Jiangmin 20150313
K7AntiVirus 20150313
K7GW 20150313
Kingsoft 20150313
Microsoft 20150313
eScan 20150313
NANO-Antivirus 20150313
Norman 20150313
nProtect 20150313
Panda 20150311
Rising 20150313
Sophos AV 20150313
SUPERAntiSpyware 20150313
Symantec 20150313
TheHacker 20150313
TotalDefense 20150313
VBA32 20150312
ViRobot 20150313
Zillya 20150312
Zoner 20150312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-11 10:07:42
Entry Point 0x00002FA0
Number of sections 5
PE sections
PE imports
FlatSB_SetScrollInfo
Ord(17)
Ord(8)
GdiSetBatchLimit
SetBkMode
OffsetRgn
CreatePen
GetStockObject
Pie
TextOutA
FillRgn
CreateRectRgnIndirect
CombineRgn
SelectObject
CreateCompatibleDC
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapAlloc
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
HeapSetInformation
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
AllocConsole
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
SysAllocString
DragQueryFileA
TcCloseInterface
GetMessageA
GetScrollBarInfo
GetScrollInfo
BeginPaint
EnumWindows
FindWindowW
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
SetWindowLongA
TranslateMessage
GetSysColor
GetDC
InsertMenuItemA
ReleaseDC
CreatePopupMenu
GetWindowLongA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
GetDCEx
RegisterClassA
wsprintfA
CreateMenu
LoadCursorA
FillRect
CopyRect
GetDesktopWindow
CallWindowProcA
ScrollWindowEx
IsDialogMessageA
DestroyWindow
WinHttpOpen
Number of PE resources by type
RT_DIALOG 12
RT_ICON 12
RT_CURSOR 10
RT_BITMAP 9
RT_STRING 5
RT_MENU 5
RT_RCDATA 5
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 60
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:11 11:07:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30208

LinkerVersion
10.0

EntryPoint
0x2fa0

InitializedDataSize
282112

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 1bf3f8e8acfe3e60d2ee61a89aa6ec74
SHA1 77e04820b69264105762ca75264ff0947197f7a9
SHA256 dcbb9a8ed898de2d0a9285166ec6d7ecfbae3ccfada16cc51f7d75038d07d41a
ssdeep
6144:mrT5IRJOP8ST6zzJK/++0JsFqbpfeZdG6rfg3bvuY53:mrT5cU9TUtKW+8zUZBrfg3553

authentihash 40a1097367d9fb71e5b7161330c8f5f335e792c8bdff9e3cd1ee7bb81106e361
imphash 09271399b8c07abd4ee618faf8d477c8
File size 306.0 KB ( 313344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-13 04:22:21 UTC ( 4 years ago )
Last submission 2015-03-13 12:03:53 UTC ( 4 years ago )
File names 36f4698ac826092157e71d6ed5972d2d697d93ba
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications