× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
File name: 007042739
Detection ratio: 50 / 56
Analysis date: 2015-07-27 18:15:56 UTC ( 1 month ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1342418 20150727
AVG PSW.Generic12.COW 20150727
AVware Trojan.Win32.Zbot.f (v) 20150727
Ad-Aware Trojan.GenericKD.1342418 20150727
Agnitum Trojan.Sharik!AXdfEAJaoA8 20150727
AhnLab-V3 Trojan/Win32.Sharik 20150727
Antiy-AVL Trojan/Win32.VB.gic 20150727
Arcabit Trojan.Generic.D147BD2 20150727
Avast Win32:Malware-gen 20150727
Avira TR/Buzus.KK.3216 20150727
Baidu-International Trojan.Win32.Sharik.qgi 20150727
BitDefender Trojan.GenericKD.1342418 20150727
Bkav W32.CapietH.Trojan 20150727
CAT-QuickHeal TrojanDownloader.Dimegup.gen.cw2 20150727
Comodo TrojWare.Win32.Injector.AOJ 20150727
Cyren W32/Trojan.PEXZ-6734 20150727
DrWeb Trojan.DownLoader9.22851 20150727
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20150727
Emsisoft Trojan.GenericKD.1342418 (B) 20150727
F-Prot W32/Trojan3.GFD 20150727
F-Secure Trojan.GenericKD.1342418 20150727
Fortinet W32/Agent.AEFU!tr 20150727
GData Trojan.GenericKD.1342418 20150727
Ikarus Trojan.Injector 20150727
Jiangmin TrojanSpy.Zbot.fnbp 20150726
K7AntiVirus Riskware ( 0040f0fb1 ) 20150727
K7GW Riskware ( 0040f0fb1 ) 20150727
Kaspersky Trojan.Win32.Sharik.qgi 20150727
Kingsoft Win32.Troj.Sharik.q.(kcloud) 20150727
Malwarebytes Trojan.Downloader.Zurgop 20150727
McAfee PWS-Zbot.dx 20150727
McAfee-GW-Edition PWS-Zbot.dx 20150727
MicroWorld-eScan Trojan.GenericKD.1342418 20150727
Microsoft VirTool:Win32/CeeInject.gen!KK 20150727
NANO-Antivirus Trojan.Win32.Zbot.cirqfs 20150727
Panda Trj/WLT.A 20150727
Qihoo-360 Win32/Trojan.eef 20150727
Rising PE:Trojan.Win32.Generic.15F09FD8!368091096 20150722
Sophos Troj/Agent-AEFU 20150727
Symantec Trojan.Zbot 20150727
Tencent Win32.Trojan.Sharik.Wsjo 20150727
TotalDefense Win32/CInject.XF 20150727
TrendMicro TROJ_INJECTO.CBY 20150727
TrendMicro-HouseCall TROJ_INJECTO.CBY 20150727
VBA32 Trojan.Sharik 20150727
VIPRE Trojan.Win32.Zbot.f (v) 20150727
ViRobot Trojan.Win32.Agent.49877[h] 20150727
Zillya Trojan.Sharik.Win32.233 20150727
Zoner Trojan.Zurgop.BI 20150727
nProtect Trojan/W32.Sharik.49877 20150727
AegisLab 20150727
Alibaba 20150727
ByteHero 20150727
ClamAV 20150727
SUPERAntiSpyware 20150727
TheHacker 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 17:01:02
Link date 6:01 PM 10/11/2013
Entry Point 0x00001000
Number of sections 2
PE sections
Overlays
MD5 deeafcc380bed0733eebd63e35431d51
File type data
Offset 14848
Size 35029
Entropy 7.93
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_STRING 12
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:11 18:01:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x1000

InitializedDataSize
16384

SubsystemVersion
4.512

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d880cd5e3fe803c17f4208552ec22698
SHA1 e09358933f57bf6b203f3ba189219c7800a48eef
SHA256 dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
ssdeep
1536:DE/tbRRkFA1UqWzOiEjt3csQYcEfhmV8r7jJ:Q1CkDWu3EEpDHjJ

authentihash 78b317f6f81d30730abe9e816fe111d263b42bc71e907268386778f2f4056499
imphash 09d0478591d4f788cb3e5ea416c25237
File size 48.7 KB ( 49877 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (54.1%)
Win32 EXE PECompact compressed (generic) (38.0%)
Win32 Executable (generic) (4.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Tags
pecompact peexe overlay

VirusTotal metadata
First submission 2013-10-15 09:15:11 UTC ( 1 year, 10 months ago )
Last submission 2015-06-12 11:29:42 UTC ( 2 months, 2 weeks ago )
File names c-8eba4-356-1381828503
007042739
image_1015_900511_300.jpeg.exe
d880cd5e3fe803c17f4208552ec22698.exe
d880cd5e3fe803c17f4208552ec22698
d880cd5e3fe803c17f4208552ec22698
dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
image.jpeg.exe
2.exe
Confirming.docx.exe
image_1015_900511_300_jpeg_exe
Confirming 874009485990.docx.exe
Confirming 874009485990.docx.ex
file-6149672_exe
avast-Antivirus-Order-Details.pdf.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!