× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e919c49e0bf8c5632ab39837741ba4e3d5d986bf82aa01eafe3420156da450e1
File name: 0b3057442a38c6180c75009e2f5a3165f572aa747dcd27379c5f7c6f818b487b
Detection ratio: 37 / 55
Analysis date: 2014-09-25 07:00:56 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1874351 20140925
Avast Win32:Agent-AUED [Trj] 20140925
AVG Dropper.Generic_c.ABDB 20140924
Avira (no cloud) TR/PSW.Zbot.16477 20140925
AVware Trojan.Win32.Generic!BT 20140925
Baidu-International Trojan.Win32.Zbot.AP 20140924
BitDefender Trojan.GenericKD.1874351 20140925
CMC Trojan.Win32.Generic!O 20140924
Comodo UnclassifiedMalware 20140925
DrWeb BackDoor.Comet.1783 20140925
Emsisoft Trojan.GenericKD.1874351 (B) 20140925
ESET-NOD32 a variant of Win32/Injector.Autoit.AXW 20140925
F-Prot W32/AutoIt.CE.gen!Eldorado 20140925
F-Secure Trojan.GenericKD.1874351 20140925
Fortinet W32/Autoit.AXW!tr 20140925
GData Trojan.GenericKD.1874351 20140925
Ikarus Trojan.Win32.Inject 20140924
K7AntiVirus Trojan ( 004abfe91 ) 20140924
K7GW Trojan ( 004abfe91 ) 20140924
Kaspersky Trojan-Spy.Win32.Zbot.ufeb 20140925
Kingsoft Win32.Troj.Zbot.UF.(kcloud) 20140925
Malwarebytes Trojan.Autoit 20140925
McAfee Generic-FAVA!74AC9D818AA9 20140925
McAfee-GW-Edition BehavesLike.Win32.Autorun.bh 20140924
Microsoft PWS:Win32/Zbot 20140925
eScan Trojan.GenericKD.1874351 20140925
Norman Suspicious_Gen4.HAIYW 20140925
nProtect Trojan.GenericKD.1874351 20140924
Panda Trj/Zbot.M 20140924
Qihoo-360 HEUR/Malware.QVM11.Gen 20140925
Sophos AV Troj/AutoIt-APA 20140925
Symantec Trojan.Zbot 20140925
Tencent Win32.Trojan.Inject.Auto 20140925
TheHacker Trojan/Cosmu.bizd 20140924
TrendMicro TROJ_FORUCON.BME 20140925
TrendMicro-HouseCall TROJ_FORUCON.BME 20140925
VIPRE Trojan.Win32.Generic!BT 20140925
AegisLab 20140925
Yandex 20140924
AhnLab-V3 20140924
Antiy-AVL 20140925
Bkav 20140923
ByteHero 20140925
CAT-QuickHeal 20140925
ClamAV 20140925
Cyren 20140925
Jiangmin 20140924
NANO-Antivirus 20140925
Rising 20140924
SUPERAntiSpyware 20140925
TotalDefense 20140924
VBA32 20140924
ViRobot 20140925
Zillya 20140925
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
File version 3, 3, 8, 1
Packers identified
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000B8E70
Number of sections 3
PE sections
Number of PE resources by type
Number of PE resources by language
PE resources
Compressed bundles
File identification
MD5 74ac9d818aa93214f31b8277636fe811
SHA1 4eb00452bd4699f4465a2441edea6eaefc59f79c
SHA256 e919c49e0bf8c5632ab39837741ba4e3d5d986bf82aa01eafe3420156da450e1

authentihash 5d7eb177af567823134a9aaf12c46dc1a162b18973ed695292af07cb897f6a3f
imphash 890e522b31701e079a367b89393329e6
File size 745.3 KB ( 763184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.6%)
UPX compressed Win32 Executable (5.2%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
peexe upx

VirusTotal metadata
First submission 2014-09-21 22:28:19 UTC ( 3 years, 7 months ago )
Last submission 2014-09-21 22:28:21 UTC ( 3 years, 7 months ago )
File names New Order.exe
Advanced heuristic and reputation engines
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications