× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea825c6dca6fb02c00c1736a2fe9de26fd3007ecd19e060a7bd32c8fdf76ad18
File name: bot.exe
Detection ratio: 15 / 57
Analysis date: 2015-01-20 11:06:21 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.Zbot.fmW@c0B0AEe 20150120
AhnLab-V3 Win-Trojan/Zbot.88576 20150119
AVware Trojan-Spy.Win32.Zbot.gen (v) 20150120
BitDefender Gen:Trojan.Heur.Zbot.fmW@c0B0AEe 20150120
Bkav HW32.Packed.C4AE 20150120
CAT-QuickHeal Win32.Trojan-Spy.Zbot.gen.3 20150120
ClamAV Trojan.Spy.Zbot-435 20150120
Cyren W32/Zbot.V.gen!Eldorado 20150120
Emsisoft Gen:Trojan.Heur.Zbot.fmW@c0B0AEe (B) 20150120
Fortinet W32/Zbot.gen!tr 20150119
GData Gen:Trojan.Heur.Zbot.fmW@c0B0AEe 20150120
Ikarus Trojan-Spy.Win32.Zbot 20150120
Malwarebytes Spyware.Zbot 20150120
Qihoo-360 Malware.QVM20.Gen 20150120
VIPRE Trojan-Spy.Win32.Zbot.gen (v) 20150120
AegisLab 20150120
Yandex 20150126
Alibaba 20150120
ALYac 20150120
Antiy-AVL 20150120
Avast 20150127
AVG 20150127
Avira (no cloud) 20150127
Baidu-International 20150120
ByteHero 20150120
CMC 20150127
Comodo 20150127
DrWeb 20150127
ESET-NOD32 20150127
F-Prot 20150127
F-Secure 20150127
Jiangmin 20150126
K7AntiVirus 20150126
K7GW 20150120
Kaspersky 20150127
Kingsoft 20150120
McAfee 20150127
McAfee-GW-Edition 20150126
Microsoft 20150127
eScan 20150120
NANO-Antivirus 20150127
Norman 20150127
nProtect 20150120
Panda 20150120
Rising 20150126
Sophos AV 20150127
SUPERAntiSpyware 20150119
Symantec 20150127
Tencent 20150120
TheHacker 20150120
TotalDefense 20150127
TrendMicro 20150127
TrendMicro-HouseCall 20150127
VBA32 20150127
ViRobot 20150120
Zillya 20150126
Zoner 20150119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-26 16:51:49
Entry Point 0x000088E9
Number of sections 3
PE sections
PE imports
CreatePrivateObjectSecurity
CopySid
RegFlushKey
AreAnyAccessesGranted
BuildImpersonateTrusteeA
ObjectDeleteAuditAlarmW
LookupAccountNameW
SetTokenInformation
GetTokenInformation
SetServiceBits
GetUserNameW
ImpersonateSelf
GetSecurityDescriptorDacl
IsValidAcl
RegQueryValueW
GetKernelObjectSecurity
RegSetValueExW
SetSecurityDescriptorOwner
LookupPrivilegeNameW
AddAccessDeniedAce
RegSetValueA
RegCreateKeyExA
BuildExplicitAccessWithNameW
UnlockServiceDatabase
RegQueryValueExW
SetSecurityDescriptorDacl
GetFileSecurityW
RegisterEventSourceW
RegQueryMultipleValuesW
ClearEventLogW
SetServiceObjectSecurity
StartServiceA
PrivilegedServiceAuditAlarmW
CryptGenKey
NotifyBootConfigStatus
CreateProcessAsUserA
ObjectPrivilegeAuditAlarmW
GetMultipleTrusteeOperationA
SetEntriesInAccessListA
BuildImpersonateExplicitAccessWithNameA
RegLoadKeyW
SetEntriesInAccessListW
GetMultipleTrusteeOperationW
ObjectPrivilegeAuditAlarmA
ConvertSecurityDescriptorToAccessA
ReadEventLogA
SetSecurityInfoExW
SetAclInformation
GetEffectiveRightsFromAclA
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetNamedSecurityInfoExW
RegCloseKey
OpenBackupEventLogW
AccessCheck
GetSecurityInfoExA
GetNumberOfEventLogRecords
DeleteService
OpenBackupEventLogA
DeregisterEventSource
SetFileSecurityW
CancelOverlappedAccess
CryptSetProviderExA
GetSidIdentifierAuthority
RegEnumKeyExW
LockServiceDatabase
CryptSetProviderExW
AddAuditAccessAce
RegisterServiceCtrlHandlerA
MapGenericMask
CryptAcquireContextW
SetEntriesInAclW
RevertToSelf
RegSaveKeyA
MakeSelfRelativeSD
AllocateAndInitializeSid
RegSaveKeyW
EnumServicesStatusW
RegEnumValueA
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
CryptSetHashParam
GetAce
FindFirstFreeAce
QueryServiceConfigW
CryptHashData
EqualPrefixSid
GetMultipleTrusteeA
CloseEventLog
TrusteeAccessToObjectW
GetSecurityDescriptorOwner
RegOpenKeyW
RegEnumKeyA
RegConnectRegistryA
AllocateLocallyUniqueId
DuplicateTokenEx
GetSidSubAuthority
CryptGetDefaultProviderW
RegQueryInfoKeyA
ChangeServiceConfigW
GetTrusteeNameA
QueryServiceLockStatusA
StartServiceCtrlDispatcherA
CryptSetKeyParam
PrivilegeCheck
QueryServiceObjectSecurity
ReportEventW
BackupEventLogA
ImpersonateLoggedOnUser
OpenSCManagerA
EnumDependentServicesA
FileTimeToDosDateTime
GetFileAttributesA
GetHandleInformation
GetLocalTime
SetComputerNameA
BuildCommDCBAndTimeoutsW
Heap32Next
GetStringTypeW
MapViewOfFileEx
GetConsoleCursorInfo
GetFileInformationByHandle
GetTapePosition
EnumDateFormatsW
FindResourceExA
GetCPInfo
EnumCalendarInfoExW
SetComputerNameW
GetDiskFreeSpaceA
EnumCalendarInfoExA
SetFileAttributesA
QueryDosDeviceA
GetProfileIntW
ConnectNamedPipe
BeginUpdateResourceW
LoadResource
GetLogicalDriveStringsW
SetFileAttributesW
OpenMutexA
GlobalFindAtomW
GetUserDefaultLangID
GetNumberOfConsoleInputEvents
VerLanguageNameW
FlushViewOfFile
OpenWaitableTimerA
SetConsoleCtrlHandler
Heap32First
CreateDirectoryExW
GetCalendarInfoW
WritePrivateProfileSectionW
OpenWaitableTimerW
FatalAppExitA
FlushInstructionCache
CreateSemaphoreA
LocalFlags
CreateDirectoryExA
GetProcessPriorityBoost
GetMailslotInfo
ReadConsoleA
TerminateProcess
ConvertThreadToFiber
RtlFillMemory
GetNumberFormatA
GetCommState
GetLocaleInfoA
GetCurrentThreadId
HeapFree
VerLanguageNameA
TerminateThread
EraseTape
GetOEMCP
SetConsoleTextAttribute
VirtualProtect
GetVersionExA
WriteConsoleOutputAttribute
EndUpdateResourceA
Process32Next
UnlockFile
GetWindowsDirectoryW
GetFileSize
AddAtomA
GetProcAddress
GetPrivateProfileIntW
AddAtomW
SetSystemTimeAdjustment
GetProcessHeap
GetComputerNameW
EnumResourceNamesW
GlobalReAlloc
SetDefaultCommConfigA
lstrcpyA
GetTimeFormatA
FindFirstFileW
SetVolumeLabelW
GetConsoleScreenBufferInfo
GetTimeZoneInformation
GetCurrencyFormatA
SetFileApisToOEM
CreateEventA
ReadConsoleOutputW
GetCurrencyFormatW
ReadConsoleOutputAttribute
BuildCommDCBA
GetLastError
LCMapStringW
GlobalFree
SetupComm
EnumTimeFormatsW
FileTimeToLocalFileTime
GetEnvironmentStrings
BuildCommDCBAndTimeoutsA
CreateIoCompletionPort
GetCurrentDirectoryA
ClearCommBreak
GetAtomNameW
GetConsoleTitleA
GetCompressedFileSizeA
CopyFileExW
GetCurrentThread
EnumSystemCodePagesW
TlsFree
GetModuleHandleA
GetDiskFreeSpaceW
CancelWaitableTimer
DeleteAtom
OpenMutexW
GetVersion
SetThreadExecutionState
SwitchToThread
IsBadStringPtrW
GetLongPathNameW
WriteConsoleOutputCharacterW
IsValidCodePage
OpenEventW
CreateProcessW
TransactNamedPipe
SetMailslotInfo
VirtualAlloc
ResetEvent
PathRemoveBackslashA
SHGetInverseCMAP
PathIsDirectoryA
StrFormatByteSize64A
PathIsRootA
PathGetCharTypeW
SHCopyKeyA
PathIsRootW
UrlUnescapeW
SHDeleteValueA
StrRChrIA
PathMakePrettyA
UrlUnescapeA
StrCSpnW
SHEnumKeyExA
UrlHashW
PathSetDlgItemPathA
PathCreateFromUrlA
StrToIntA
SHRegGetUSValueW
PathSetDlgItemPathW
UrlHashA
SHEnumKeyExW
StrStrA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyW
PathFindFileNameW
StrPBrkA
PathQuoteSpacesW
StrTrimA
UrlCanonicalizeW
PathRemoveBlanksW
PathRemoveExtensionW
StrPBrkW
UrlGetLocationW
SHRegEnumUSKeyW
StrRetToBufW
PathParseIconLocationW
PathFindExtensionW
PathIsContentTypeA
StrRetToBufA
UrlApplySchemeA
SHRegDeleteUSValueA
PathIsSystemFolderW
PathFindFileNameA
SHEnumValueW
StrCatW
SHCreateStreamOnFileA
SHEnumValueA
PathAppendA
PathIsUNCServerW
SHDeleteKeyA
PathIsUNCServerShareW
SHRegEnumUSValueW
StrCpyNW
PathGetArgsA
PathAppendW
PathGetArgsW
PathIsPrefixA
StrSpnW
wvnsprintfW
StrFormatKBSizeW
SHRegDuplicateHKey
PathGetDriveNumberA
ColorHLSToRGB
PathStripToRootA
SHRegSetUSValueA
UrlApplySchemeW
SHRegSetUSValueW
AssocQueryKeyA
SHRegDeleteEmptyUSKeyW
PathSearchAndQualifyW
SHRegCloseUSKey
PathBuildRootA
PathIsURLA
SHSetThreadRef
IntlStrEqWorkerA
PathIsURLW
StrDupA
UrlGetPartA
PathIsNetworkPathA
UrlCreateFromPathA
UrlCombineA
PathUndecorateW
StrFormatByteSizeA
StrNCatW
SHStrDupA
StrCmpNIA
UrlCreateFromPathW
SHOpenRegStream2A
StrNCatA
UrlGetLocationA
StrFormatByteSizeW
StrChrW
SHOpenRegStreamW
PathIsLFNFileSpecW
StrChrA
SHGetValueW
SHOpenRegStreamA
wnsprintfA
PathFileExistsA
PathRenameExtensionW
SHQueryInfoKeyW
StrFromTimeIntervalA
ChrCmpIW
StrFromTimeIntervalW
SHQueryInfoKeyA
PathFindNextComponentW
StrRStrIW
PathIsSameRootW
PathSkipRootW
StrRetToStrW
PathSearchAndQualifyA
RedrawWindow
EnumWindowStationsA
GetMessagePos
GetMenuInfo
UnregisterHotKey
DdeAccessData
SetUserObjectSecurity
EnumDesktopsW
DestroyMenu
IsWindow
SetDeskWallpaper
CharUpperBuffA
GrayStringA
WindowFromPoint
DlgDirSelectComboBoxExW
GetInputDesktop
ChildWindowFromPoint
VkKeyScanW
GetClipboardSequenceNumber
GetMenuItemID
GetAsyncKeyState
CharLowerBuffW
UnregisterClassW
CharLowerBuffA
EnumClipboardFormats
InSendMessage
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
GetActiveWindow
PostThreadMessageW
MsgWaitForMultipleObjects
GetTopWindow
GetClassInfoExW
GetWindow
SetWindowsHookW
GetKeyboardType
DefMDIChildProcA
SetProcessDefaultLayout
ShowWindow
GetPropA
CharToOemBuffA
TranslateMDISysAccel
InsertMenuItemW
DdeFreeDataHandle
CharToOemBuffW
TranslateMessage
GetDlgItemTextW
CharNextExA
GetIconInfo
LoadAcceleratorsW
LoadMenuIndirectW
IsCharLowerA
DlgDirSelectComboBoxExA
DdeClientTransaction
IsDialogMessageW
CopyRect
DeferWindowPos
GetDialogBaseUnits
GetUpdateRect
GetWindowInfo
IsDialogMessageA
MapWindowPoints
DdeAbandonTransaction
SwitchDesktop
SetCaretPos
GetKeyboardLayoutNameW
RegisterWindowMessageA
DefWindowProcA
EnumDisplaySettingsExA
GetMessageExtraInfo
RegisterDeviceNotificationW
SendDlgItemMessageW
DrawCaption
CreateDialogParamW
WaitMessage
CreatePopupMenu
SetCaretBlinkTime
CharToOemW
SetCursor
CloseWindowStation
DialogBoxIndirectParamW
GetMenuItemCount
GetDC
SetForegroundWindow
ExitWindowsEx
CharToOemA
GetCaretBlinkTime
GetScrollBarInfo
CallMsgFilter
EndTask
RealGetWindowClass
ChangeDisplaySettingsExW
GetKBCodePage
DrawFrameControl
SetMenu
SetDlgItemTextA
LoadKeyboardLayoutW
ChangeMenuW
GetWindowDC
LookupIconIdFromDirectoryEx
DialogBoxParamA
LoadKeyboardLayoutA
SetDlgItemTextW
CopyImage
EndDeferWindowPos
GetWindowRgn
IsWindowVisible
IsCharAlphaNumericW
WinHelpA
UnionRect
FrameRect
AnimateWindow
SendMessageTimeoutA
ImpersonateDdeClientWindow
DefDlgProcW
DefDlgProcA
TranslateAccelerator
CallWindowProcA
IsCharUpperW
SendMessageTimeoutW
ModifyMenuA
GetAncestor
TranslateAcceleratorW
CoFileTimeNow
CoRegisterPSClsid
CoUnmarshalHresult
EnableHookObject
OleCreateLinkEx
CoMarshalInterThreadInterfaceInStream
CoGetCallerTID
IIDFromString
StgGetIFillLockBytesOnFile
CoLoadLibrary
CoRegisterMessageFilter
OleDuplicateData
OleDraw
StgOpenStorage
WriteOleStg
OleLoad
OleRegEnumFormatEtc
OleCreateMenuDescriptor
CoInitializeSecurity
CoGetCurrentProcess
CreateObjrefMoniker
OleSaveToStream
OleGetIconOfClass
CoBuildVersion
OleBuildVersion
OleCreate
ReadStringStream
StgCreateDocfile
StringFromGUID2
CoSetProxyBlanket
ReadClassStg
CoRegisterSurrogate
UtGetDvtd32Info
ReadClassStm
CreateILockBytesOnHGlobal
CoIsOle1Class
OleLoadFromStream
SetDocumentBitStg
CoCreateInstanceEx
CreateDataCache
CoInitializeEx
OleQueryLinkFromData
CoRevertToSelf
CreateDataAdviseHolder
CoFreeAllLibraries
CoGetObject
CoQueryReleaseObject
CoRegisterMallocSpy
GetHookInterface
OleUninitialize
CoQueryClientBlanket
OleCreateFromData
CoGetInstanceFromFile
OpenOrCreateStream
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
CoTreatAsClass
CreateClassMoniker
CoAddRefServerProcess
IsAccelerator
OleRegGetMiscStatus
RegisterDragDrop
OleCreateStaticFromData
OleConvertOLESTREAMToIStorageEx
OleSave
OleDoAutoConvert
CoResumeClassObjects
OleCreateFromDataEx
OleSetAutoConvert
IsEqualGUID
CoQueryProxyBlanket
CoTaskMemRealloc
CoCreateInstance
CoUnmarshalInterface
BindMoniker
UtGetDvtd16Info
OleConvertIStorageToOLESTREAM
CoFreeUnusedLibraries
CoDosDateTimeToFileTime
OleSetMenuDescriptor
CoGetMalloc
CoReleaseServerProcess
CoTaskMemFree
WriteFmtUserTypeStg
OleLockRunning
CoImpersonateClient
OleGetAutoConvert
UtConvertDvtd16toDvtd32
CoMarshalHresult
DoDragDrop
CoIsHandlerConnected
CoGetTreatAsClass
OleCreateLink
OleSetContainedObject
OleGetIconOfFile
OleGetClipboard
GetDocumentBitStg
CoRegisterChannelHook
CreateOleAdviseHolder
StgIsStorageILockBytes
CoInitialize
OleIsCurrentClipboard
OleCreateLinkFromDataEx
CoGetStandardMarshal
CoCreateFreeThreadedMarshaler
StgIsStorageFile
CoFileTimeToDosDateTime
CLSIDFromProgID
PropVariantClear
CreateGenericComposite
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:04:26 16:51:49+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70144

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
17408

SubsystemVersion
4.0

EntryPoint
0x88e9

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 70a0f9cef4d7a4952eb659b049e98fc7
SHA1 dde0a253090c97487a831916b31f58d51027317f
SHA256 ea825c6dca6fb02c00c1736a2fe9de26fd3007ecd19e060a7bd32c8fdf76ad18
ssdeep
1536:j6uk9t6vY7jPXob0GOwFp44RT3dYJ1Y5/MYDNl31y6wPFd/2pBYTih/eIF3/:2h9gCPG0GOKG4dSJK5DT1hwPFd/2Xair

authentihash c1b10ca9cf7d01d16a41ac75f466c605b3d76be2b70b655c543ad2f91e8ee974
imphash 26128baab0582adac0a608aedfccda85
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-20 11:06:21 UTC ( 2 years, 10 months ago )
Last submission 2016-01-04 15:47:51 UTC ( 1 year, 10 months ago )
File names ZeuS_binary_70a0f9cef4d7a4952eb659b049e98fc7.exe
70A0F9CEF4D7A4952EB659B049E98FC7
bot.exe
test.exe
ZeuS_binary_70a0f9cef4d7a4952eb659b049e98fc7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Copied files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections