× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ddda8233d19f9b01bda48c895be08117e4166dbcea1695890368569858a5f98c
File name: 18abb38c43dafe50156f02c2600b0ec013d7e007
Detection ratio: 29 / 55
Analysis date: 2014-11-11 00:26:06 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1957482 20141111
AhnLab-V3 Trojan/Win32.Yakes 20141110
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141111
Avast Win32:Trojan-gen 20141111
AVG Zbot.UID 20141111
Avira (no cloud) TR/Crypt.ZPACK.105794 20141111
AVware Trojan.Win32.Generic!BT 20141111
Baidu-International Trojan.Win32.Zbot.Au 20141107
BitDefender Trojan.GenericKD.1957482 20141111
Emsisoft Trojan.GenericKD.1957482 (B) 20141111
ESET-NOD32 Win32/Spy.Zbot.ACB 20141111
F-Secure Trojan.GenericKD.1957482 20141111
Fortinet W32/Zbot.ACB!tr 20141111
GData Trojan.GenericKD.1957482 20141111
Ikarus Trojan.SuspectCRC 20141111
Kaspersky Trojan-Spy.Win32.Zbot.umxq 20141111
Malwarebytes Trojan.Sharik 20141111
McAfee Generic-FAVF!733BAE969C9A 20141111
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20141111
eScan Trojan.GenericKD.1957482 20141111
NANO-Antivirus Trojan.Win32.Zbot.dicaod 20141111
nProtect Trojan.GenericKD.1957482 20141110
Panda Trj/Chgt.K 20141110
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141110
Sophos AV Mal/Generic-S 20141111
Symantec WS.Reputation.1 20141111
Tencent Win32.Trojan-spy.Zbot.Aexv 20141111
TrendMicro-HouseCall Suspicious_GEN.F47V1110 20141111
VIPRE Trojan.Win32.Generic!BT 20141111
AegisLab 20141111
Yandex 20141110
Bkav 20141110
ByteHero 20141111
CAT-QuickHeal 20141111
ClamAV 20141111
CMC 20141110
Comodo 20141111
Cyren 20141111
DrWeb 20141111
F-Prot 20141111
Jiangmin 20141110
K7AntiVirus 20141110
K7GW 20141110
Kingsoft 20141111
Microsoft 20141111
Norman 20141110
Qihoo-360 20141111
SUPERAntiSpyware 20141111
TheHacker 20141111
TotalDefense 20141110
TrendMicro 20141111
VBA32 20141110
ViRobot 20141111
Zillya 20141110
Zoner 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013-2014 VSO Software

Publisher VSO Software
Product VSO Downloader
Original name VSO Downloader
Internal name VSO Downloader
File version 4.3.1.0
Description VSO Downloader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-03 14:25:42
Entry Point 0x00003E5F
Number of sections 4
PE sections
PE imports
OpenSCManagerW
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyA
ImageList_GetImageCount
ImageList_Create
Ord(17)
ImageList_AddMasked
ChooseFontW
GetObjectA
CreateDCA
CreateBitmapIndirect
DeleteDC
CreateFontIndirectW
PatBlt
TextOutA
CreateCompatibleBitmap
SetPixel
GetPixel
SelectObject
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
GetStdHandle
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InterlockedDecrement
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
GetTimeFormatW
lstrcpyA
Thread32Next
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetCurrentProcessId
GetProcessHeaps
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
GetProcessHandleCount
IsValidCodePage
HeapCreate
Sleep
AlphaBlend
SysStringLen
SysAllocStringLen
SysStringByteLen
SysReAllocString
SysFreeString
VariantInit
SHGetMalloc
EmptyClipboard
SetWindowPlacement
GetMessageA
DrawStateA
keybd_event
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetClipboardData
DdeCreateStringHandleA
DispatchMessageA
RegisterClipboardFormatA
WindowFromPoint
MessageBoxA
TranslateMessage
GetDC
InsertMenuItemA
ReleaseDC
SendMessageW
SetClipboardData
GetWindowPlacement
SendMessageA
LoadStringW
GetDlgItem
CreateDialogParamA
ClientToScreen
InvalidateRect
GetWindowLongA
GetDCEx
LoadImageW
DdeFreeStringHandle
GetWindowTextW
LoadImageA
GetWindowTextLengthW
CloseClipboard
OpenClipboard
IsDialogMessageA
DestroyWindow
Ord(201)
GdiplusShutdown
GdiplusStartup
CoCreateInstance
CoUninitialize
CoInitialize
CoGetMalloc
Number of PE resources by type
RT_ICON 10
Struct(28) 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.1.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
117760

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013-2014 VSO Software

FileVersion
4.3.1.0

TimeStamp
2014:11:03 15:25:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VSO Downloader

FileAccessDate
2014:11:11 06:29:14+01:00

ProductVersion
4.3.1.0

FileDescription
VSO Downloader

OSVersion
5.1

FileCreateDate
2014:11:11 06:29:14+01:00

OriginalFilename
VSO Downloader

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VSO Software

CodeSize
218112

ProductName
VSO Downloader

ProductVersionNumber
4.3.1.0

EntryPoint
0x3e5f

ObjectFileType
Executable application

File identification
MD5 733bae969c9af97d9ad454abe766461e
SHA1 18abb38c43dafe50156f02c2600b0ec013d7e007
SHA256 ddda8233d19f9b01bda48c895be08117e4166dbcea1695890368569858a5f98c
ssdeep
6144:hXYHLF+HIXY+yoAAsA7PY7oJDk904b19DTDRL4ABfYS:2LF+HIXLRzPqMk90y1DKAVYS

authentihash 20a845032d7d36696a2711e457b0ba1e994dd5071849c3dcb4528d61d01809e3
imphash 4fd88e85e19956255c0dabb0c3b5bae9
File size 329.0 KB ( 336896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-04 00:23:04 UTC ( 4 years, 4 months ago )
Last submission 2014-11-04 00:23:04 UTC ( 4 years, 4 months ago )
File names 18abb38c43dafe50156f02c2600b0ec013d7e007
ddda8233d19f9b01bda48c895be08117e4166dbcea1695890368569858a5f98c.exe
ddda8233d19f9b01bda48c895be08117e4166dbcea1695890368569858a5f98c.exe
VSO Downloader
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.