× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfd9c4547ba4c2b6b95ec0d210dc7284563c654c52297aff775c6b053671dcc4
File name: c8482a4d3135a1262dcf918555c09b09
Detection ratio: 32 / 57
Analysis date: 2015-02-02 07:08:38 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.540128 20150202
AhnLab-V3 Malware/Win32.Generic 20150202
ALYac Gen:Variant.Kazy.540128 20150202
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150202
Avast Win32:Malware-gen 20150202
AVG Luhe.Fiha.A 20150202
Avira (no cloud) TR/Zbot.A.1603 20150201
AVware Trojan.Win32.Generic!BT 20150202
BitDefender Gen:Variant.Kazy.540128 20150202
ByteHero Trojan.Malware.Obscu.Gen.002 20150202
CMC Packed.Win32.Fareit.2!O 20150129
Comodo Backdoor.Win32.Simda.DA 20150202
Emsisoft Gen:Variant.Kazy.540128 (B) 20150202
ESET-NOD32 Win32/Spy.Zbot.ACB 20150202
F-Secure Gen:Variant.Kazy.540128 20150201
Fortinet W32/Zbot.ACB!tr.spy 20150202
GData Gen:Variant.Kazy.540128 20150202
K7AntiVirus Spyware ( 004a08e61 ) 20150202
K7GW Spyware ( 004a08e61 ) 20150130
Kaspersky Trojan-Spy.Win32.Zbot.uwoz 20150202
Malwarebytes Trojan.Zbot 20150201
McAfee RDN/Suspicious.bfr!bh 20150202
McAfee-GW-Edition RDN/Suspicious.bfr!bh 20150202
Microsoft PWS:Win32/Zbot.gen!VM 20150202
eScan Gen:Variant.Kazy.540128 20150202
NANO-Antivirus Trojan.Win32.Zbot.dmuqop 20150202
Norman Simda.TLX 20150202
Panda Trj/CI.A 20150201
Sophos AV Mal/Generic-S 20150202
TotalDefense Win32/Zbot.RMfVfeD 20150201
VBA32 BScope.Trojan-Spy.Zbot 20150129
VIPRE Trojan.Win32.Generic!BT 20150202
AegisLab 20150202
Yandex 20150201
Alibaba 20150201
Baidu-International 20150130
Bkav 20150202
CAT-QuickHeal 20150202
ClamAV 20150202
Cyren 20150202
DrWeb 20150202
F-Prot 20150202
Ikarus 20150202
Jiangmin 20150131
Kingsoft 20150202
nProtect 20150130
Qihoo-360 20150202
Rising 20150130
SUPERAntiSpyware 20150201
Symantec 20150202
Tencent 20150202
TheHacker 20150131
TrendMicro 20150202
TrendMicro-HouseCall 20150202
ViRobot 20150202
Zillya 20150202
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-22 07:15:16
Entry Point 0x00001140
Number of sections 4
PE sections
Overlays
MD5 f8d20290061eead8e8f6db925853d97f
File type data
Offset 363008
Size 4
Entropy 2.00
PE imports
CloseServiceHandle
RegOpenKeyA
OpenServiceA
RegQueryValueExA
ControlService
OpenSCManagerA
AddFontResourceA
FlattenPath
EndPage
CloseFigure
SelectObject
GetBkMode
SaveDC
GetDCPenColor
SetTextAlign
CreateCompatibleDC
DeleteMetaFile
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetSystemInfo
DeviceIoControl
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
lstrcatA
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VirtualAllocEx
GetCommandLineA
GetProcAddress
FormatMessageA
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
FreeLibrary
LocalFree
SetThreadUILanguage
TerminateProcess
QueryPerformanceCounter
HeapCreate
lstrcpyA
CreateFileW
VirtualQuery
VirtualFree
GetEnvironmentStringsW
Sleep
GetFileType
GetTickCount
GetCurrentThreadId
VirtualAlloc
CharToOemBuffA
SetWindowLongW
IsWindow
LoadIconA
LoadIconW
GetDlgItem
LoadBitmapA
GetDC
timeGetTime
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
Number of PE resources by type
RT_ICON 9
RT_STRING 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
SWEDISH 10
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:22 08:15:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14848

LinkerVersion
8.0

EntryPoint
0x1140

InitializedDataSize
347136

SubsystemVersion
5.0

ImageVersion
6.1

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 c8482a4d3135a1262dcf918555c09b09
SHA1 208f19aa3f977b5cf52d824e99dda143409afd57
SHA256 dfd9c4547ba4c2b6b95ec0d210dc7284563c654c52297aff775c6b053671dcc4
ssdeep
6144:TwKJs3jqhyBxpuZvecRMq/KZlwE8K95YNAfyH/tKzQ:TTJsTqhyLpcmqaWExwyfyfE8

authentihash 8593deefb09873df0ce21192f9079510e7ff33291aa2bb9e35634707b223a6fd
imphash b6c2329e79f37905c5397a4ef3126c5f
File size 354.5 KB ( 363012 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-02 07:08:38 UTC ( 4 years, 1 month ago )
Last submission 2015-04-03 10:10:18 UTC ( 3 years, 11 months ago )
File names c8482a4d3135a1262dcf918555c09b09_c8482a4d3135a1262dcf918555c09b09.MRG.exe
c8482a4d3135a1262dcf918555c09b09
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications