× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe
File name: 34ac3d1ab72e67df7d60b3bd11604b02.exe
Detection ratio: 49 / 50
Analysis date: 2014-02-21 03:57:44 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
AVG BackDoor.Generic15.BHFC 20140220
Ad-Aware Gen:Variant.Kazy.79773 20140221
Agnitum Backdoor.ZAccess!JXMl8CNNBRc 20140220
AhnLab-V3 Backdoor/Win32.ZAccess 20140220
AntiVir TR/Crypt.ZPACK.Gen8 20140221
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20140219
Avast Win32:Susn-AN [Trj] 20140221
Baidu-International Backdoor.Win32.ZAccess.aZ 20140220
BitDefender Gen:Variant.Kazy.79773 20140221
Bkav W32.Clodc8a.Trojan.86cf 20140220
CAT-QuickHeal Trojan.Sirefef.A 20140220
CMC Backdoor.Win32.ZAccess!O 20140220
ClamAV Trojan.Zeroaccess-134 20140221
Commtouch W32/Sirefef.AE.gen!Eldorado 20140221
Comodo Backdoor.Win32.ZAccess.TZS 20140221
DrWeb BackDoor.Maxplus.5220 20140221
ESET-NOD32 Win32/Sirefef.EV 20140221
Emsisoft Gen:Variant.Kazy.79773 (B) 20140221
F-Prot W32/Sirefef.AE.gen!Eldorado 20140221
F-Secure Gen:Variant.Kazy.79773 20140221
Fortinet W32/Kryptik.FD!tr 20140221
GData Gen:Variant.Kazy.79773 20140221
Ikarus Backdoor.Win32.ZAccess 20140221
Jiangmin Backdoor/ZAccess.dkp 20140220
K7AntiVirus Backdoor ( 003b4a821 ) 20140220
K7GW Backdoor ( 003b4a821 ) 20140220
Kaspersky Backdoor.Win32.ZAccess.tzs 20140221
Kingsoft Win32.Hack.ZAccess.(kcloud) 20140221
Malwarebytes Rootkit.0Access 20140221
McAfee ZeroAccess.fe 20140221
McAfee-GW-Edition ZeroAccess.fe 20140221
MicroWorld-eScan Gen:Variant.Kazy.79773 20140221
Microsoft Trojan:Win32/Sirefef.P 20140221
NANO-Antivirus Trojan.Win32.ZAccess.vqmcv 20140220
Norman ZAccess.JVV 20140220
Panda Trj/Genetic.gen 20140220
Qihoo-360 Win32/Backdoor.91d 20140221
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140219
SUPERAntiSpyware Trojan.Agent/Gen-IRCBot 20140221
Sophos Troj/ZAccess-CH 20140221
Symantec Backdoor.Trojan 20140221
TheHacker Backdoor/ZAccess.txe 20140220
TotalDefense Win32/Tnega.ANCD 20140221
TrendMicro TROJ_GEN.RCBOCE5 20140221
TrendMicro-HouseCall TROJ_SIREFEF.SM 20140221
VBA32 Backdoor.ZAccess 20140220
VIPRE Lookslike.Win32.Sirefef.e (v) 20140221
ViRobot Backdoor.Win32.A.ZAccess.192512.F 20140220
nProtect Trojan/W32.Agent.192512.ASB 20140220
ByteHero 20140221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-02-04 19:08:40
Link date 8:08 PM 2/4/2004
Entry Point 0x00004314
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
CertVerifyCertificateChainPolicy
GetDIBColorTable
SetMapMode
GetGlyphOutlineW
SaveDC
CreateRectRgnIndirect
LPtoDP
RemoveFontMemResourceEx
Rectangle
GetDeviceCaps
DeleteDC
RestoreDC
CreateFontW
CreateSolidBrush
GetObjectW
CreateDCW
CreateDIBSection
BitBlt
GetStockObject
AddFontMemResourceEx
SetViewportOrgEx
GdiFlush
CreateCompatibleDC
StretchBlt
SelectObject
SetDIBColorTable
SetWindowOrgEx
DeleteObject
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetHandleInformation
GetFileAttributesW
VerifyVersionInfoW
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetFilePointer
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetThreadPriority
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
TlsGetValue
CopyFileW
GetNamedPipeInfo
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
VerSetConditionMask
EnumSystemLocalesA
SetThreadPriority
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateEventW
LockFileEx
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
UnlockFile
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetModuleHandleExW
SetCurrentDirectoryW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
OpenMutexW
EnterCriticalSection
SetHandleCount
CreateMailslotW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
LCMapStringW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
CompareStringW
WaitNamedPipeW
RemoveDirectoryW
FindNextFileW
CreateHardLinkW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
SetEvent
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
GetComputerNameW
UnmapViewOfFile
CreateNamedPipeW
GetConsoleCP
OpenEventW
LCMapStringA
GetEnvironmentStringsW
VirtualFree
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
GetFileSizeEx
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
PulseEvent
CloseHandle
GetTimeFormatA
SetDllDirectoryW
GetACP
CreatePipe
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
SetConsoleCtrlHandler
VirtualAlloc
GetOEMCP
CompareStringA
LresultFromObject
VarUI4FromDec
DispGetIDsOfNames
SetErrorInfo
SetupIterateCabinetW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SetFocus
GetForegroundWindow
SetWindowRgn
DestroyMenu
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
DispatchMessageW
GetCursorPos
CharLowerBuffW
GetDlgCtrlID
SendMessageW
UnregisterClassA
UnregisterClassW
GetClientRect
IsClipboardFormatAvailable
GetSysColor
GetKeyboardState
GetActiveWindow
GetWindowTextW
PostThreadMessageW
MsgWaitForMultipleObjects
LoadMenuIndirectW
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
ShowWindow
SetPropW
PeekMessageW
EnableWindow
TranslateMessage
GetWindow
SetClipboardData
RegisterClassW
EnumDisplayDevicesW
GetSubMenu
SetTimer
IsDialogMessageW
ToUnicode
GetWindowLongW
WindowFromDC
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
TrackMouseEvent
GetClipboardData
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
GetMessageExtraInfo
PostMessageW
CheckDlgButton
PtInRect
SetWindowTextW
GetDlgItem
RemovePropW
ClientToScreen
TrackPopupMenu
DialogBoxIndirectParamW
IsDlgButtonChecked
GetDesktopWindow
GetKeyboardLayout
LoadCursorW
GetDC
NotifyWinEvent
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
ReleaseDC
IntersectRect
EndDialog
HideCaret
CreateWindowExW
FindWindowW
ScreenToClient
RemoveMenu
MessageBoxW
RegisterClassExW
SetRectEmpty
DialogBoxParamW
GetWindowDC
MsgWaitForMultipleObjectsEx
GetKeyState
GetDoubleClickTime
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
CharNextW
CallWindowProcW
GetFocus
CloseClipboard
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps
CoInitializeEx
OleLoadFromStream
OleRegGetUserType
CoTaskMemAlloc
WriteClassStm
CreateStreamOnHGlobal
OleRegGetMiscStatus
CoTaskMemRealloc
CoCreateInstance
OleRegEnumVerbs
StringFromGUID2
CreateBindCtx
CoUninitialize
CoGetMalloc
OleSaveToStream
CoInitialize
CoTaskMemFree
CreateOleAdviseHolder
PdhCloseQuery
PdhCollectQueryData
PdhMakeCounterPathW
PdhAddCounterW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhLookupPerfNameByIndexW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:02:04 20:08:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
9.0

FileAccessDate
2014:02:21 04:58:34+01:00

EntryPoint
0x4314

InitializedDataSize
52224

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:21 04:58:34+01:00

UninitializedDataSize
4096

Compressed bundles
PCAP parents
File identification
MD5 34ac3d1ab72e67df7d60b3bd11604b02
SHA1 3b84b185c1c633fbe8d6a3de37973214032de0d5
SHA256 e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe
ssdeep
3072:JYvl2zvSfbyMMAC24MKCCyhkyEstq1HcS5fZIxfuzC8Qt+2ynlTcPK1SQPUZYFq:e2zv2y6+FLyBtq1HcjxfMC8blT2K1SQ

imphash 3d48664a677eecf16787ec037d2b14ab
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows Screen Saver (14.6%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe mz

VirusTotal metadata
First submission 2012-07-02 05:53:43 UTC ( 1 year, 9 months ago )
Last submission 2014-02-21 03:57:44 UTC ( 1 month, 4 weeks ago )
File names pd.exe
34ac3d1ab72e67df7d60b3bd11604b02.exe
sample_3b84b185c1c633fbe8d6a3de37973214032de0d5
pd.exe
file
zeroaccess.exe
1774584
e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe.bin
{3E0E7937-4685-42F2-A039-72302A62E301}-pd.exe
file-4187610_exe
e45083126f7a87743c4aa375597b3efe867975ab5bae89b496262e5a0b5831fe
pd.exe-M5iA6Q
3b84b185c1c633fbe8d6a3de37973214032de0d5
34ac3d1ab72e67df7d60b3bd11604b02
Trojan ZeroAcess.exe
output.1774584.txt
34AC3D1AB72E67DF7D60B3BD11604B02
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!