× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe
File name: 34ac3d1ab72e67df7d60b3bd11604b02.exe
Detection ratio: 52 / 55
Analysis date: 2016-05-01 00:40:50 UTC ( 3 weeks, 6 days ago )
Antivirus Result Update
ALYac Gen:Variant.Kazy.79773 20160501
AVG Agent 20160501
AVware Lookslike.Win32.Sirefef.e (v) 20160501
Ad-Aware Gen:Variant.Kazy.79773 20160501
AegisLab BDS-ZAccess.Gen.lz22 20160430
AhnLab-V3 Backdoor/Win32.ZAccess 20160430
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20160501
Arcabit Trojan.Kazy.D1379D 20160501
Avast Win32:Susn-AN [Trj] 20160501
Avira (no cloud) TR/Crypt.ZPACK.Gen8 20160430
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160429
Baidu-International Backdoor.Win32.ZAccess.tzs 20160430
BitDefender Gen:Variant.Kazy.79773 20160501
CAT-QuickHeal Trojan.Sirefef.A 20160430
CMC Backdoor.Win32.ZAccess!O 20160429
ClamAV Win.Trojan.Zeroaccess-125 20160430
Comodo Backdoor.Win32.ZAccess.TZS 20160430
Cyren W32/Sirefef.AE.gen!Eldorado 20160501
DrWeb BackDoor.Maxplus.5220 20160501
ESET-NOD32 Win32/Sirefef.EV 20160430
Emsisoft Gen:Variant.Kazy.79773 (B) 20160501
F-Prot W32/Sirefef.AE.gen!Eldorado 20160501
Fortinet W32/ZAccess.CH!tr 20160501
GData Gen:Variant.Kazy.79773 20160430
Ikarus Backdoor.Win32.Gbot 20160430
Jiangmin Backdoor/ZAccess.dcb 20160430
K7AntiVirus Trojan ( 003f0fbc1 ) 20160430
K7GW Trojan ( 003f0fbc1 ) 20160430
Kaspersky Backdoor.Win32.ZAccess.tzs 20160430
Malwarebytes Rootkit.0Access 20160430
McAfee ZeroAccess.fe 20160430
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.cc 20160430
eScan Gen:Variant.Kazy.79773 20160430
Microsoft Trojan:Win32/Sirefef.P 20160430
NANO-Antivirus Trojan.Win32.ZAccess.vqmcv 20160430
Panda Trj/Genetic.gen 20160430
Qihoo-360 Malware.Radar01.Gen 20160501
Rising Malware.Generic!SF4HW9Uc7aE@2 (Thunder) 20160430
SUPERAntiSpyware Trojan.Agent/Gen-IRCBot 20160430
Sophos Troj/ZAccess-CH 20160430
Symantec Backdoor.Trojan 20160430
Tencent Win32.Backdoor.Zaccess.Lkee 20160501
TheHacker Backdoor/ZAccess.txe 20160430
TotalDefense Win32/Tnega.ANCD 20160430
TrendMicro TROJ_SIREFEF.SM 20160430
TrendMicro-HouseCall TROJ_SIREFEF.SM 20160430
VBA32 Backdoor.ZAccess 20160430
VIPRE Lookslike.Win32.Sirefef.e (v) 20160430
ViRobot Trojan.Win32.Z.Zaccess.192512.AH[h] 20160430
Yandex Backdoor.ZAccess!JXMl8CNNBRc 20160501
Zillya Backdoor.ZAccess.Win32.5449 20160430
nProtect Trojan/W32.Agent.192512.ASB 20160429
Alibaba 20160429
Kingsoft 20160501
Zoner 20160430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-02-04 19:08:40
Entry Point 0x00004314
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
CertVerifyCertificateChainPolicy
GetDIBColorTable
SetMapMode
GetGlyphOutlineW
SaveDC
CreateRectRgnIndirect
LPtoDP
RemoveFontMemResourceEx
Rectangle
GetDeviceCaps
DeleteDC
RestoreDC
CreateFontW
CreateSolidBrush
GetObjectW
CreateDCW
CreateDIBSection
BitBlt
GetStockObject
AddFontMemResourceEx
SetViewportOrgEx
GdiFlush
CreateCompatibleDC
StretchBlt
SelectObject
SetDIBColorTable
SetWindowOrgEx
DeleteObject
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetHandleInformation
GetFileAttributesW
VerifyVersionInfoW
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetFilePointer
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetThreadPriority
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
TlsGetValue
CopyFileW
GetNamedPipeInfo
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
VerSetConditionMask
EnumSystemLocalesA
SetThreadPriority
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateEventW
LockFileEx
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
UnlockFile
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetModuleHandleExW
SetCurrentDirectoryW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
OpenMutexW
EnterCriticalSection
SetHandleCount
CreateMailslotW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
LCMapStringW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
CompareStringW
WaitNamedPipeW
RemoveDirectoryW
FindNextFileW
CreateHardLinkW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
SetEvent
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
GetComputerNameW
UnmapViewOfFile
CreateNamedPipeW
GetConsoleCP
OpenEventW
LCMapStringA
GetEnvironmentStringsW
VirtualFree
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
GetFileSizeEx
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
PulseEvent
CloseHandle
GetTimeFormatA
SetDllDirectoryW
GetACP
CreatePipe
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
SetConsoleCtrlHandler
VirtualAlloc
GetOEMCP
CompareStringA
LresultFromObject
VarUI4FromDec
DispGetIDsOfNames
SetErrorInfo
SetupIterateCabinetW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SetFocus
GetForegroundWindow
SetWindowRgn
DestroyMenu
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
DispatchMessageW
GetCursorPos
CharLowerBuffW
GetDlgCtrlID
SendMessageW
UnregisterClassA
UnregisterClassW
GetClientRect
IsClipboardFormatAvailable
GetSysColor
GetKeyboardState
GetActiveWindow
GetWindowTextW
PostThreadMessageW
MsgWaitForMultipleObjects
LoadMenuIndirectW
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
ShowWindow
SetPropW
PeekMessageW
EnableWindow
TranslateMessage
GetWindow
SetClipboardData
RegisterClassW
EnumDisplayDevicesW
GetSubMenu
SetTimer
IsDialogMessageW
ToUnicode
GetWindowLongW
WindowFromDC
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
TrackMouseEvent
GetClipboardData
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
GetMessageExtraInfo
PostMessageW
CheckDlgButton
PtInRect
SetWindowTextW
GetDlgItem
RemovePropW
ClientToScreen
TrackPopupMenu
DialogBoxIndirectParamW
IsDlgButtonChecked
GetDesktopWindow
GetKeyboardLayout
LoadCursorW
GetDC
NotifyWinEvent
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
ReleaseDC
IntersectRect
EndDialog
HideCaret
CreateWindowExW
FindWindowW
ScreenToClient
RemoveMenu
MessageBoxW
RegisterClassExW
SetRectEmpty
DialogBoxParamW
GetWindowDC
MsgWaitForMultipleObjectsEx
GetKeyState
GetDoubleClickTime
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
CharNextW
CallWindowProcW
GetFocus
CloseClipboard
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps
CoInitializeEx
OleLoadFromStream
OleRegGetUserType
CoTaskMemAlloc
WriteClassStm
CreateStreamOnHGlobal
OleRegGetMiscStatus
CoTaskMemRealloc
CoCreateInstance
OleRegEnumVerbs
StringFromGUID2
CreateBindCtx
CoUninitialize
CoGetMalloc
OleSaveToStream
CoInitialize
CoTaskMemFree
CreateOleAdviseHolder
PdhCloseQuery
PdhCollectQueryData
PdhMakeCounterPathW
PdhAddCounterW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhLookupPerfNameByIndexW
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:02:04 20:08:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
9.0

EntryPoint
0x4314

InitializedDataSize
52224

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
4096

File identification
MD5 34ac3d1ab72e67df7d60b3bd11604b02
SHA1 3b84b185c1c633fbe8d6a3de37973214032de0d5
SHA256 e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe
ssdeep
3072:JYvl2zvSfbyMMAC24MKCCyhkyEstq1HcS5fZIxfuzC8Qt+2ynlTcPK1SQPUZYFql:e2zv2y6+FLyBtq1HcjxfMC8blT2K1SQy

authentihash 2d74f091a8422ac893fdc62252bee3de107c42547a30d07f0d40fcc43368f18b
imphash 3d48664a677eecf16787ec037d2b14ab
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.6%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-02 05:53:43 UTC ( 3 years, 11 months ago )
Last submission 2014-02-21 03:57:44 UTC ( 2 years, 3 months ago )
File names pd.exe
34ac3d1ab72e67df7d60b3bd11604b02.exe
sample_3b84b185c1c633fbe8d6a3de37973214032de0d5
pd.exe
file
zeroaccess.exe
1774584
e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe.bin
{3E0E7937-4685-42F2-A039-72302A62E301}-pd.exe
file-4187610_exe
e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe
pd.exe-M5iA6Q
3b84b185c1c633fbe8d6a3de37973214032de0d5
34ac3d1ab72e67df7d60b3bd11604b02
Trojan ZeroAcess.exe
output.1774584.txt
34AC3D1AB72E67DF7D60B3BD11604B02
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!