× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4c899577a1c98608205befd4467403774ac4e6a77cff444330dc1f5781af923
File name: 10cf719cbd04195d8552f0daf59070e0.virobj
Detection ratio: 52 / 67
Analysis date: 2018-11-12 02:19:00 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zbot.119 20181112
AegisLab Trojan.Win32.Generic.4!c 20181112
AhnLab-V3 Trojan/Win32.Zbot.R91060 20181111
ALYac Gen:Variant.Zbot.119 20181112
Antiy-AVL Trojan/Win32.AGeneric 20181112
Arcabit Trojan.Zbot.119 20181112
Avast FileRepMetagen [Malware] 20181112
AVG FileRepMetagen [Malware] 20181112
Avira (no cloud) HEUR/AGEN.1009539 20181111
BitDefender Gen:Variant.Zbot.119 20181112
CAT-QuickHeal TrojanPWS.Zbot.Gen 20181111
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cybereason malicious.cbd041 20180225
Cylance Unsafe 20181112
Cyren W32/Trojan.TPBU-6911 20181112
DrWeb Trojan.PWS.Panda.547 20181112
Emsisoft Gen:Variant.Zbot.119 (B) 20181112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ATFQ 20181111
F-Secure Gen:Variant.Zbot.119 20181112
Fortinet W32/Generic.AP.37830 20181112
GData Gen:Variant.Zbot.119 20181112
Ikarus Trojan.Inject2 20181111
Sophos ML heuristic 20181108
Jiangmin TrojanSpy.Zbot.ednh 20181112
K7AntiVirus Trojan ( 0049121a1 ) 20181112
K7GW Trojan ( 0049121a1 ) 20181109
Kaspersky HEUR:Trojan.Win32.Generic 20181112
MAX malware (ai score=100) 20181112
McAfee PWSZbot-FEK!10CF719CBD04 20181112
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.fc 20181111
Microsoft Trojan:Win32/Vigorf.A 20181111
eScan Gen:Variant.Zbot.119 20181112
NANO-Antivirus Trojan.Win32.Buterat.cwcbbu 20181111
Palo Alto Networks (Known Signatures) generic.ml 20181112
Panda Trj/Genetic.gen 20181111
Qihoo-360 Win32/Trojan.e6d 20181112
Rising Trojan.Injector!8.C4 (CLOUD) 20181112
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-L 20181111
Symantec Trojan.Zbot!gen43 20181111
Tencent Win32.Trojan.Generic.Dxnj 20181112
TheHacker Trojan/Injector.atfq 20181108
TrendMicro TSPY_ZBOT.SMAA2 20181112
TrendMicro-HouseCall TSPY_ZBOT.SMAA2 20181111
VBA32 TrojanPSW.Panda 20181109
VIPRE Trojan.Win32.Generic!BT 20181112
ViRobot Trojan.Win32.Z.Zbot.346254.D 20181111
Webroot W32.InfoStealer.Zeus 20181112
Yandex Trojan.Injector!SHOTru1rI4I 20181109
Zillya Trojan.Zbot.Win32.176803 20181109
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181111
Alibaba 20180921
Avast-Mobile 20181111
Babable 20180918
Baidu 20181109
Bkav 20181110
ClamAV 20181111
CMC 20181111
F-Prot 20181112
Kingsoft 20181112
Malwarebytes 20181111
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181112
TotalDefense 20181111
Trustlook 20181112
Zoner 20181112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-10 14:46:56
Entry Point 0x00005D95
Number of sections 5
PE sections
Overlays
MD5 e74dd630efcc8ad53b03c369ba3f7a06
File type data
Offset 186368
Size 159886
Entropy 7.89
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LockResource
GetModuleHandleW
IsValidCodePage
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoW
SetStdHandle
SetFilePointer
RaiseException
UnhandledExceptionFilter
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
GetProcessHeap
TerminateProcess
InitializeCriticalSection
LoadResource
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
HeapAlloc
GetCurrentThreadId
FindResourceA
HeapCreate
WriteConsoleW
InterlockedIncrement
MessageBoxW
Number of PE resources by type
KCEBTP 2
RT_GROUP_ICON 1
RT_MANIFEST 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:10 15:46:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
82432

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
102912

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x5d95

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 10cf719cbd04195d8552f0daf59070e0
SHA1 1349b53d676114149a100ee99ca0976a11ffb016
SHA256 e4c899577a1c98608205befd4467403774ac4e6a77cff444330dc1f5781af923
ssdeep
6144:EnTYWIiyRN+e4b83BHQHmmwfjXkyX+XiUNOP:ETdDyLFq83BHQHNwfjoXip

authentihash a7d4a123ab7c2d80debea5ffb50a1e2c05fdc48a5f0d8e4b0adf1e535b022490
imphash 909485f2ab92dbdf3ad50ae4e840a1fd
File size 338.1 KB ( 346254 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-12-11 20:20:04 UTC ( 5 years, 1 month ago )
Last submission 2018-08-10 19:58:19 UTC ( 5 months, 1 week ago )
File names virussign.com_10cf719cbd04195d8552f0daf59070e0.vir
JKZoKoMzT.zip
Payment___Invoice___Transfer___Slips.exe
10cf719cbd04195d8552f0daf59070e0.virobj
e4c899577a1c98608205befd4467403774ac4e6a77cff444330dc1f5781af923
VirusShare_10cf719cbd04195d8552f0daf59070e0
file-6765970_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs