× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e99e78f25b18ef88892accfe5004b7bcd7dbae5cb5f879d266113180eff22144
File name: d429609d0996a45c30e3ed62f6f13cad
Detection ratio: 20 / 56
Analysis date: 2015-07-06 11:15:09 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.656691 20150706
ALYac Gen:Variant.Kazy.656691 20150706
Arcabit Trojan.Kazy.DA0533 20150706
Avast Win32:Agent-AZLM [Trj] 20150706
AVG Zbot.AEQM 20150706
Avira (no cloud) TR/Crypt.EPACK.1456 20150706
BitDefender Gen:Variant.Kazy.656691 20150706
DrWeb Trojan.PWS.Panda.8087 20150706
Emsisoft Gen:Variant.Kazy.656691 (B) 20150706
ESET-NOD32 Win32/Spy.Zbot.ACB 20150706
F-Secure Gen:Variant.Kazy.656691 20150706
GData Gen:Variant.Kazy.656691 20150702
K7AntiVirus Spyware ( 004b89a11 ) 20150706
K7GW Spyware ( 004b89a11 ) 20150706
Kaspersky Trojan-Spy.Win32.Zbot.vqep 20150706
Malwarebytes Trojan.Zbot 20150706
eScan Gen:Variant.Kazy.656691 20150706
NANO-Antivirus Trojan.Win32.Zbot.dtkyzk 20150706
Panda Trj/Genetic.gen 20150706
Sophos AV Mal/Generic-S 20150706
AegisLab 20150706
Yandex 20150630
AhnLab-V3 20150706
Alibaba 20150630
Antiy-AVL 20150706
AVware 20150706
Baidu-International 20150706
Bkav 20150706
ByteHero 20150706
CAT-QuickHeal 20150706
ClamAV 20150706
Comodo 20150706
Cyren 20150706
F-Prot 20150706
Fortinet 20150706
Ikarus 20150706
Jiangmin 20150703
Kingsoft 20150706
McAfee 20150706
McAfee-GW-Edition 20150705
Microsoft 20150706
nProtect 20150703
Qihoo-360 20150706
Rising 20150705
SUPERAntiSpyware 20150706
Symantec 20150706
Tencent 20150706
TheHacker 20150706
TotalDefense 20150706
TrendMicro 20150706
TrendMicro-HouseCall 20150706
VBA32 20150703
VIPRE 20150706
ViRobot 20150706
Zillya 20150706
Zoner 20150706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-03 01:12:31
Entry Point 0x00001000
Number of sections 14
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RegSetValueExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetTextMetricsW
GetWindowOrgEx
SetICMMode
GetCharABCWidthsA
PlayMetaFile
GetEnhMetaFilePaletteEntries
GetPixel
GetObjectA
DeviceCapabilitiesExA
GetTextExtentPointA
EnumFontFamiliesW
CreateDiscardableBitmap
BitBlt
CreateBitmapIndirect
DescribePixelFormat
RectVisible
PolyPatBlt
GetLogColorSpaceW
SelectClipRgn
CreateCompatibleDC
ExtEscape
GetNearestPaletteIndex
CancelDC
SetDlgItemTextA
IsDialogMessageW
DdeReconnect
SetLayeredWindowAttributes
DdeAccessData
SetMenuDefaultItem
CallMsgFilterA
DefWindowProcW
CreateIconIndirect
CreateCaret
GetMonitorInfoA
MapVirtualKeyW
IMPQueryIMEA
PostQuitMessage
SetScrollPos
DrawTextExA
EnumDisplayMonitors
GetClipboardViewer
SetWindowLongW
ValidateRgn
AppendMenuA
MonitorFromRect
EnumClipboardFormats
LookupIconIdFromDirectory
OpenIcon
GetWindowWord
ChangeDisplaySettingsExA
CallNextHookEx
CascadeChildWindows
ChangeClipboardChain
RemovePropW
EnumThreadWindows
GetProcessWindowStation
GetMenuDefaultItem
ActivateKeyboardLayout
DdeCmpStringHandles
GetTabbedTextExtentW
CreateWindowExW
CreateDialogParamW
IsCharAlphaNumericA
EditWndProc
SetClassWord
LoadMenuIndirectA
RealGetWindowClassW
GetQueueStatus
OpenDesktopW
SetUserObjectSecurity
SendMessageA
GetWindowModuleFileNameW
UnregisterDeviceNotification
DrawMenuBar
PackDDElParam
CreateWindowStationW
BringWindowToTop
GetLastInputInfo
HideCaret
FindWindowW
CharPrevExA
GetAltTabInfoW
AnimateWindow
GetWindowLongA
CreateWindowExA
IsCharUpperA
GetKeyboardState
BlockInput
DrawFrame
SetDeskWallpaper
ImpersonateDdeClientWindow
MonitorFromPoint
EnableScrollBar
SetWindowsHookExW
CreateIconFromResourceEx
CreateIconFromResource
GetNextDlgTabItem
IsMenu
UserHandleGrantAccess
GetMenuBarInfo
TabbedTextOutW
GetWindowLongW
GetWindowInfo
DrawCaption
SendIMEMessageExW
DlgDirSelectComboBoxExA
DdeQueryStringA
CharToOemA
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:05:03 02:12:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

FileTypeExtension
exe

InitializedDataSize
34304

SubsystemVersion
4.1

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d429609d0996a45c30e3ed62f6f13cad
SHA1 16a2fe43c573403a8a70e54cf3ef04d9db669696
SHA256 e99e78f25b18ef88892accfe5004b7bcd7dbae5cb5f879d266113180eff22144
ssdeep
3072:O6tPiFvFKOW6mAtHEhgRMabIz4pS/umLdeG:O6tPiFtvNtkEO4pS/umLde

authentihash 98ad44c5f1077f901bc404829c1faa86df38b9c80af515fccc3862afbab9ce37
imphash ffa6daca7a57520316ad7d4284af6b0e
File size 283.0 KB ( 289792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.3%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
VXD Driver (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-06 11:15:09 UTC ( 3 years, 8 months ago )
Last submission 2015-07-06 11:15:09 UTC ( 3 years, 8 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs