× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4480abfcbef717bc6c7dc253b1dcdafb656ba8d355fc1063999e64966d6238f
File name: 45946edd903fc3c3b3de0667c4a78ee3.bin
Detection ratio: 16 / 57
Analysis date: 2015-01-15 10:35:59 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150115
Avira (no cloud) TR/Zbot.A.1420 20150115
Baidu-International Trojan.Win32.Zbot.ACB 20150115
Bkav HW32.Packed.B61A 20150114
DrWeb Trojan.PWS.Panda.7708 20150115
ESET-NOD32 Win32/Spy.Zbot.ACB 20150115
Fortinet W32/Zbot.ACB!tr.spy 20150115
K7AntiVirus Spyware ( 004a08e61 ) 20150115
Kaspersky Trojan-Spy.Win32.Zbot.uvev 20150115
Malwarebytes Trojan.Agent.ED 20150115
McAfee Artemis!45946EDD903F 20150115
McAfee-GW-Edition BehavesLike.Win32.Tool.dh 20150115
Panda Generic Malware 20150115
Qihoo-360 Win32/Trojan.BO.1ee 20150115
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150114
TrendMicro-HouseCall Suspicious_GEN.F47V0114 20150115
Ad-Aware 20150115
AegisLab 20150115
Yandex 20150114
AhnLab-V3 20150115
Alibaba 20150115
ALYac 20150115
Antiy-AVL 20150115
AVG 20150115
AVware 20150115
BitDefender 20150115
ByteHero 20150115
CAT-QuickHeal 20150115
ClamAV 20150115
CMC 20150113
Comodo 20150115
Cyren 20150115
Emsisoft 20150115
F-Prot 20150115
F-Secure 20150115
GData 20150115
Ikarus 20150115
Jiangmin 20150114
K7GW 20150114
Kingsoft 20150115
Microsoft 20150115
eScan 20150115
NANO-Antivirus 20150115
Norman 20150115
nProtect 20150115
Sophos AV 20150115
SUPERAntiSpyware 20150115
Symantec 20150115
Tencent 20150115
TheHacker 20150112
TotalDefense 20150114
TrendMicro 20150115
VBA32 20150115
VIPRE 20150115
ViRobot 20150115
Zillya 20150115
Zoner 20150114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-13 18:14:46
Entry Point 0x000082F0
Number of sections 5
PE sections
PE imports
RegisterClusterNotify
OpenClusterNetwork
CloseClusterNetInterface
ClusterRegGetKeySecurity
EvictClusterNode
GetClusterGroupState
ClusterRegDeleteValue
ClusterOpenEnum
SetClusterNetworkPriorityOrder
ClusterRegQueryInfoKey
SetClusterGroupNodeList
OpenClusterResource
SetClusterResourceName
CreateClusterGroup
ClusterRegOpenKey
GetClusterNetworkKey
CloseCluster
ClusterNodeEnum
OnlineClusterGroup
DeleteClusterGroup
ClusterNetInterfaceControl
ClusterNetworkOpenEnum
GetClusterKey
GetClusterNetInterfaceKey
GetClusterNetInterface
CreateToolbarEx
ImageList_SetOverlayImage
ImageList_Destroy
CreateStatusWindowW
ImageList_DragMove
ImageList_SetIconSize
Ord(4)
FlatSB_SetScrollPos
CreatePropertySheetPageA
GetKerningPairsA
RemovePrivateCvSymbolicEx
SymGetSymFromName
GetImageConfigInformation
ImmSetCompositionStringW
ImmGetConversionListA
ImmGetCandidateListW
ImmCreateContext
ImmGetCandidateListA
ImmIsIME
VerLanguageNameA
GlobalGetAtomNameW
GetNumberFormatA
GetStdHandle
DosDateTimeToFileTime
GetUserDefaultLangID
GetShortPathNameW
DefineDosDeviceW
GetConsoleCP
BeginUpdateResourceA
GlobalFindAtomA
DebugBreak
GenerateConsoleCtrlEvent
VerLanguageNameW
FoldStringA
HeapAlloc
HeapCompact
GetCommTimeouts
GetVolumeInformationA
CompareFileTime
GetCurrentDirectoryW
GetStringTypeW
GetCurrentProcessId
AddAtomA
GetProfileSectionW
GetConsoleTitleW
EnumTimeFormatsA
FoldStringW
CreateDirectoryW
GetProcAddress
FillConsoleOutputAttribute
GetCurrentThread
GetComputerNameW
GetSystemDefaultLangID
GetModuleHandleA
GlobalAddAtomA
EnumTimeFormatsW
GetProfileStringA
FatalAppExitW
EnumSystemCodePagesA
EnumResourceLanguagesA
FindNextFileA
FindAtomW
ExitThread
GetLongPathNameW
CreateConsoleScreenBuffer
AddAtomW
GetProcessAffinityMask
GetFileAttributesExW
GetDefaultCommConfigA
GetDiskFreeSpaceExA
GetThreadPriority
GetEnvironmentVariableA
GetAtomNameA
GetNumberFormatW
DebugActiveProcess
GetLogicalDriveStringsW
GetProcessPriorityBoost
GetProfileIntA
GetTickCount
GetPrivateProfileSectionA
GlobalGetAtomNameA
FindResourceA
GetCurrencyFormatW
CompareStringA
GetExpandedNameW
LZInit
WNetDisconnectDialog1W
WNetGetUniversalNameW
WNetGetNetworkInformationW
WNetGetLastErrorW
WNetAddConnection2A
WNetCloseEnum
AlphaBlend
??2@YAPAXI@Z
??3@YAXPAX@Z
Ord(38)
NetServerTransportAddEx
RasEnumConnectionsA
RasGetCountryInfoA
RasGetConnectStatusW
RasValidateEntryNameA
RasEnumEntriesA
RasRenameEntryA
RasGetEntryDialParamsW
ResUtilGetProperty
ResUtilGetBinaryValue
ResUtilSetPropertyTable
ResUtilGetDwordValue
ResUtilGetSzValue
ResUtilGetEnvironmentWithNetName
ResUtilDupString
ResUtilFindDwordProperty
ClusWorkerTerminate
ClusWorkerCreate
NdrConformantVaryingArrayMarshall
NdrStubCall2
RpcEpRegisterNoReplaceW
RpcSmDisableAllocate
NdrConformantStringMarshall
NdrComplexArrayMemorySize
NdrConformantStringUnmarshall
RpcSsSwapClientAllocFree
tree_size_ndr
NdrConformantArrayBufferSize
NdrConformantStructMemorySize
NdrPointerMemorySize
RpcMgmtEpEltInqBegin
RpcBindingReset
NdrRpcSmClientAllocate
RpcMgmtSetCancelTimeout
NdrServerCall2
I_RpcBindingIsClientLocal
I_RpcReceive
NdrConformantArrayFree
I_RpcBindingInqDynamicEndpointA
RpcSsDisableAllocate
NdrVaryingArrayFree
RpcBindingInqAuthInfoExA
RpcBindingSetAuthInfoA
I_RpcFree
RpcServerUseProtseqIfExW
RpcBindingInqOption
RpcServerUseProtseqIfExA
NdrNonEncapsulatedUnionMarshall
UuidHash
SetupDiEnumDeviceInterfaces
SetupDiOpenClassRegKeyExW
SetupDiGetSelectedDevice
SetupGetIntField
SetupDiCreateDeviceInterfaceRegKeyW
SetupRemoveSectionFromDiskSpaceListW
SetupDiGetDeviceInstanceIdA
SetupDiCreateDeviceInterfaceRegKeyA
SetupGetLineByIndexW
SetupDiSelectBestCompatDrv
SetupOpenAppendInfFileA
SetupDiInstallClassExW
SetupOpenInfFileA
SetupLogErrorW
SetupDiOpenDeviceInterfaceW
SetupCreateDiskSpaceListW
SetupDiDestroyDriverInfoList
SetupInstallFromInfSectionA
SetupQueueDefaultCopyW
SetupGetInfInformationA
SHGetPathFromIDListW
StrFormatByteSizeW
PathRenameExtensionW
PathIsSystemFolderA
SHRegDeleteUSValueW
PathCanonicalizeA
PathIsUNCW
PathGetDriveNumberW
SHSetValueA
PathRemoveArgsW
PathCanonicalizeW
PathBuildRootW
PathIsRootW
SHGetValueW
PathSetDlgItemPathA
SHRegGetUSValueA
PathAddBackslashA
PathFileExistsW
PathCombineA
SHGetValueA
PathMakePrettyA
PathRemoveBackslashW
PathRemoveBackslashA
PathCommonPrefixW
PathStripToRootW
PathMakeSystemFolderW
PathRelativePathToW
SHRegGetBoolUSValueA
SHEnumKeyExA
PathSetDlgItemPathW
PathAppendA
PathRemoveFileSpecW
PathIsRootA
PathCommonPrefixA
SHRegQueryUSValueW
PathRenameExtensionA
SHRegCloseUSKey
PathAddExtensionA
PathUnquoteSpacesW
PathIsURLA
SHRegWriteUSValueA
SHRegGetUSValueW
PathIsSameRootW
PathUnquoteSpacesA
PathMatchSpecA
SHDeleteEmptyKeyA
PathSearchAndQualifyA
StrFromTimeIntervalA
DdeDisconnectList
InternetCanonicalizeUrlW
GetUrlCacheEntryInfoExW
HttpSendRequestExW
InternetUnlockRequestFile
HttpEndRequestA
HttpOpenRequestW
InternetReadFileExW
FtpDeleteFileA
InternetAttemptConnect
FtpRenameFileW
HttpQueryInfoW
InternetWriteFile
FtpGetFileW
InternetReadFile
CommitUrlCacheEntryW
InternetCheckConnectionA
GopherGetLocatorTypeA
InternetCreateUrlA
HttpSendRequestA
FtpPutFileA
FindFirstUrlCacheEntryA
InternetSetOptionW
HttpSendRequestW
DeleteUrlCacheEntry
GopherGetAttributeA
ConnectToPrinterDlg
AddPrinterDriverExW
EnumFormsW
ReadPrinter
DeletePortA
SetFormA
AddPrinterDriverExA
GetFormA
EnumPrinterDriversW
DeviceCapabilitiesA
EnumFormsA
DeletePrinterConnectionA
WaitForPrinterChange
EnumPrintProcessorsW
DeletePrinterDataExA
EnumPrinterDataW
AddPrinterConnectionA
DeletePrinterConnectionW
SetJobA
SetPortA
StartPagePrinter
EnumJobsA
DeletePrinterKeyW
AddPortW
SetPortW
EnumMonitorsA
EndPagePrinter
SetPrinterW
SetJobW
DeleteFormW
GetPrinterDriverDirectoryA
StartDocPrinterA
AddFormA
FindFirstPrinterChangeNotification
AddPrinterDriverA
EnumPrinterKeyA
AddPrintProvidorA
SetPrinterDataA
AddFormW
FindTextA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
65.6.42166.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Korea (Shift - KSC 5601)

InitializedDataSize
1490944

MIMEType
application/octet-stream

FileVersion
3.6.8.2

TimeStamp
2015:01:13 19:14:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.6.8.2

FileDescription
L37vBbZ50S90

OSVersion
4.0

FileOS
Unknown (0xb80004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CNN.com

CodeSize
86016

ProductName
f0u37306

ProductVersionNumber
115.6.8281.2

EntryPoint
0x82f0

ObjectFileType
Executable application

File identification
MD5 45946edd903fc3c3b3de0667c4a78ee3
SHA1 ec62bc94522966bea2613b1bbc15c2150aa6db2b
SHA256 e4480abfcbef717bc6c7dc253b1dcdafb656ba8d355fc1063999e64966d6238f
ssdeep
3072:EjZoFVcZio9Udf3bBIzyfBnyeYlvWa194GEmjsu2D1FL7VhLBfckgC6kqC0AO7IH:bazyGfsGEqsd1FtLck+1

authentihash 47a36a9b52da43b5b4e481ddb71579094477f6b74bd2de2f18caad58e98b6dce
imphash 14dba82e0e582ed1b3b5507b3a9230a7
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-14 23:54:38 UTC ( 4 years, 2 months ago )
Last submission 2015-01-20 11:53:54 UTC ( 4 years, 2 months ago )
File names e4480abfcbef717bc6c7dc253b1dcdafb656ba8d355fc1063999e64966d6238f
45946edd903fc3c3b3de0667c4a78ee3
e4480abfcbef717bc6c7dc253b1dcdafb656ba8d355fc1063999e64966d6238f.exe
45946edd903fc3c3b3de0667c4a78ee3.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.