× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e68e3996376ef5b38a38bbee6dc07552eb7cead25152d0273e5902a0cc40596b
File name: B268.tmp.exe
Detection ratio: 17 / 54
Analysis date: 2014-09-15 04:12:28 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20140914
Avast Win32:Malware-gen 20140915
AVG Zbot.NYC 20140915
DrWeb Trojan.Siggen6.23479 20140915
ESET-NOD32 Win32/Spy.Zbot.ACB 20140915
GData Win32.Trojan.Agent.AQGKD4 20140915
Ikarus Trojan-Spy.Win32.Zbot 20140915
Kaspersky Trojan-Spy.Win32.Zbot.ubjn 20140915
McAfee Artemis!948C07DCDEA4 20140915
McAfee-GW-Edition BehavesLike.Win32.BadFile.dc 20140914
Microsoft PWS:Win32/Zbot 20140915
Qihoo-360 Win32/Trojan.Multi.daf 20140915
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140914
Sophos AV Mal/Generic-S 20140915
Symantec WS.Reputation.1 20140914
TrendMicro TROJ_FORUCON.BMC 20140915
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140915
Ad-Aware 20140915
AegisLab 20140915
Yandex 20140914
Antiy-AVL 20140915
Avira (no cloud) 20140914
AVware 20140915
Baidu-International 20140914
BitDefender 20140915
Bkav 20140913
ByteHero 20140915
CAT-QuickHeal 20140915
ClamAV 20140914
CMC 20140915
Comodo 20140915
Cyren 20140915
Emsisoft 20140915
F-Prot 20140913
F-Secure 20140914
Fortinet 20140915
Jiangmin 20140914
K7AntiVirus 20140912
K7GW 20140912
Kingsoft 20140915
Malwarebytes 20140915
eScan 20140915
NANO-Antivirus 20140915
Norman 20140914
nProtect 20140914
Panda 20140914
SUPERAntiSpyware 20140914
Tencent 20140915
TheHacker 20140913
VBA32 20140911
VIPRE 20140915
ViRobot 20140915
Zillya 20140914
Zoner 20140912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-13 16:16:38
Entry Point 0x00005436
Number of sections 4
PE sections
PE imports
OpenProcessToken
InitCommonControlsEx
PageSetupDlgA
GetObjectA
LineTo
CreateFontIndirectW
SetBkMode
MoveToEx
CreatePen
GetStockObject
CreateCompatibleBitmap
CreateFontIndirectA
SelectObject
GetDIBits
BitBlt
SetBkColor
Polyline
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
ImmGetCompositionStringA
GetStdHandle
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCommState
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteFileA
GetDateFormatW
SetCommMask
GetStartupInfoW
GlobalLock
lstrcpyW
GlobalReAlloc
lstrcpyA
GetProcAddress
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
SetupComm
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
WNetAddConnection2A
GradientFill
NetUserEnum
NetApiBufferFree
AccessibleObjectFromEvent
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate
RegisterActiveObject
SafeArrayPutElement
VariantInit
EnumDeviceDrivers
GetDeviceDriverFileNameA
GetDeviceDriverBaseNameA
SetupDiGetClassDevsA
Shell_NotifyIconA
PathFindExtensionW
SetFocus
RedrawWindow
UpdateWindow
LoadMenuA
FindWindowW
KillTimer
CreateDialogParamW
DestroyMenu
ShowWindow
DefWindowProcA
FindWindowA
GetPropA
GetNextDlgGroupItem
ShowCaret
GetMenuState
GetSystemMetrics
EnableMenuItem
IsWindow
GetMenu
GetWindowRect
EnableWindow
SetMenu
LoadImageA
MessageBoxA
GetMenuItemCount
SetDlgItemTextW
GetMenuItemID
RegisterClassExA
GetCursorPos
ReleaseDC
BeginPaint
CreatePopupMenu
CheckMenuItem
SendMessageW
GetWindowLongA
IsWindowVisible
SendMessageA
GetUpdateRect
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
AppendMenuA
IsIconic
RegisterClassA
DeleteMenu
InvalidateRect
LoadAcceleratorsA
GetSubMenu
SendMessageTimeoutA
CreateMenu
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
GetSysColorBrush
ValidateRect
IsRectEmpty
GetClassNameA
FindWindowExW
GetDC
GetMenuStringA
SetForegroundWindow
GetClassNameW
IsChild
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
getsockopt
bind
WSACleanup
WSAStartup
closesocket
socket
EnumerateLoadedModules
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
Struct(240) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:13 17:16:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
217600

LinkerVersion
10.0

EntryPoint
0x5436

InitializedDataSize
37376

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 948c07dcdea46c1968fc631fe7e9f6c6
SHA1 15236b1e57ab4967c38d4d31c2665aa7c2d7daf5
SHA256 e68e3996376ef5b38a38bbee6dc07552eb7cead25152d0273e5902a0cc40596b
ssdeep
6144:HqGjGyew4A7nxwuQpHNvSOxQ5Zf/RcAW0ZrC8uAb7cOcoK:HqGjN4Atw7qJ5ZfuAW0iAPA

authentihash df78e91bc3d5546d82b1809a3c34b6f684790c6bfc9a1db0f18394bc926bf1d4
imphash df6e2387cc4e772c18792d453d449371
File size 250.0 KB ( 256000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-14 04:55:00 UTC ( 4 years, 6 months ago )
Last submission 2015-12-20 21:50:22 UTC ( 3 years, 3 months ago )
File names e68e3996376ef5b38a38bbee6dc07552eb7cead25152d0273e5902a0cc40596b.vir
B268.tmp.exe
e68e3996376ef5b38a38bbee6dc07552eb7cead25152d0273e5902a0cc40596b.exe
16F2.tmp.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests