× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df24a0dac8fa96511670aeb7690b6cc6e555bfb829a61fc54e5409d5daa0bebb
File name: Swift_Online_Instructions_details.scr
Detection ratio: 35 / 50
Analysis date: 2014-03-22 20:18:27 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.135495 20140322
Yandex TrojanSpy.Zbot!0IsyH/KZeJo 20140322
AhnLab-V3 Spyware/Win32.Zbot 20140322
AntiVir TR/Spy.Kryptik.iuzna 20140322
Avast Win32:Hesperbot-T [Cryp] 20140322
AVG PSW.Generic12.AGBM 20140322
Baidu-International Trojan.Win32.Zbot.aLF 20140322
BitDefender Gen:Variant.Graftor.135495 20140322
Bkav W32.FadoxbesLTG.Trojan 20140322
Comodo UnclassifiedMalware 20140322
DrWeb Trojan.PWS.Stealer.4118 20140322
Emsisoft Gen:Variant.Graftor.135495 (B) 20140322
ESET-NOD32 a variant of Win32/Injector.AZWU 20140322
F-Secure Gen:Variant.Graftor.135495 20140322
Fortinet W32/Zbot.AZWU!tr 20140322
GData Gen:Variant.Graftor.135495 20140322
Jiangmin Trojan/PSW.Tepfer.ddsj 20140322
K7AntiVirus Trojan ( 004972ad1 ) 20140321
K7GW Trojan ( 004972ad1 ) 20140321
Kaspersky Trojan-Spy.Win32.Zbot.rurj 20140322
Malwarebytes Trojan.Agent.ED 20140322
McAfee Downloader-FYH!0D28D8CA6BC6 20140322
McAfee-GW-Edition Downloader-FYH!0D28D8CA6BC6 20140322
Microsoft PWS:Win32/Zbot 20140322
eScan Gen:Variant.Graftor.135495 20140322
NANO-Antivirus Trojan.Win32.Inject.cvctmc 20140322
Norman Yakes.JTI 20140322
Panda Trj/CI.A 20140322
Qihoo-360 Win32/Trojan.9cd 20140322
Sophos AV Mal/Zbot-OA 20140322
Symantec Trojan.Zbot 20140322
TrendMicro TROJ_GEN.R0CBC0DCL14 20140322
TrendMicro-HouseCall TROJ_GEN.R0CBC0DCL14 20140322
VIPRE Trojan.Win32.Generic!BT 20140322
ViRobot Trojan.Win32.S.Zbot.300032.R 20140322
AegisLab 20140322
Antiy-AVL 20140320
ByteHero 20140322
CAT-QuickHeal 20140322
ClamAV 20140322
CMC 20140319
Commtouch 20140322
F-Prot 20140322
Ikarus 20140322
Kingsoft 20140322
nProtect 20140321
Rising 20140322
SUPERAntiSpyware 20140322
TheHacker 20140321
TotalDefense 20140321
VBA32 20140321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-24 02:51:08
Entry Point 0x00006182
Number of sections 4
PE sections
PE imports
CreatePen
CreateCompatibleBitmap
CreateSolidBrush
SetPixelV
CreateCompatibleDC
StretchBlt
Rectangle
GetStartupInfoA
GetCPInfo
MapViewOfFile
GetModuleHandleA
GetModuleFileNameW
VirtualQuery
ClearCommBreak
GetEnvironmentVariableA
HeapSize
GetSystemTimeAsFileTime
CreateFileMappingA
GetModuleFileNameA
GetVersionExW
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(4635)
Ord(1641)
Ord(3136)
Ord(6383)
Ord(665)
Ord(5440)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(4297)
Ord(1979)
Ord(4852)
Ord(815)
Ord(641)
Ord(5788)
Ord(1175)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4750)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(4716)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(5442)
Ord(5067)
Ord(4375)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4229)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1834)
Ord(3262)
Ord(5241)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4608)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(2405)
Ord(4607)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(3571)
Ord(6394)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(355)
Ord(1640)
Ord(4133)
Ord(5016)
Ord(2841)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(3452)
Ord(4834)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
Ord(3318)
__p__fmode
_acmdln
_ftol
memset
strcat
__dllonexit
_controlfp
fopen
_except_handler3
sqrt
_onexit
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
__CxxFrameHandler
__p__commode
__getmainargs
_exit
_setmbcp
exp
_initterm
acos
__set_app_type
DrawDibClose
DrawDibOpen
GetSystemMetrics
GetSystemMenu
LoadCursorA
AppendMenuA
TrackPopupMenu
LoadIconA
EnableWindow
SetDlgItemTextA
DrawIcon
EnableMenuItem
SendMessageA
GetClientRect
WindowFromDC
GetWindowTextLengthA
InsertMenuW
IsWindow
IsIconic
FrameRect
SetActiveWindow
GetDC
SetCursor
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:24 03:51:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24832

LinkerVersion
7.0

FileAccessDate
2014:03:22 21:18:45+01:00

Warning
Error processing PE data dictionary

EntryPoint
0x6182

InitializedDataSize
270336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:03:22 21:18:45+01:00

UninitializedDataSize
0

File identification
MD5 0d28d8ca6bc6de56a6f2ba66f6f9d12a
SHA1 7a725c41983545280d6f9007d45a21ad93afe2ee
SHA256 df24a0dac8fa96511670aeb7690b6cc6e555bfb829a61fc54e5409d5daa0bebb
ssdeep
6144:/N5r+gV6B7c5ta2WdTk3KXkUATBBp5kyvZKYq8owJKT:z3acSJGK0UoBBp5kNYi9T

imphash b0f5879d6b28b61bc516c62935a5f0a2
File size 293.0 KB ( 300032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-19 21:09:59 UTC ( 4 years, 8 months ago )
Last submission 2014-03-22 20:18:27 UTC ( 4 years, 8 months ago )
File names Swift_Online_Instructions_details.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.