× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edf431f299749a3fdd679070a3d839d7124f8279b4f1dfaf51cb11e3b87370a9
File name: 5fa99771fc5fc7a708184dd801c03739195883d8
Detection ratio: 45 / 51
Analysis date: 2014-06-08 03:34:27 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Zbot.D 20140608
AhnLab-V3 Win-Trojan/Zbot.95744.BY 20140607
AntiVir TR/Kazy.MK 20140607
Avast Win32:Zbot-NRC [Trj] 20140608
AVG PSW.Generic8.BBWC 20140607
BitDefender Backdoor.Zbot.D 20140608
Bkav W32.AppdataSoutLnr.Trojan 20140606
CAT-QuickHeal TrojanPWS.Zbot.Y3 20140607
ClamAV Trojan.Spy.Zbot-142 20140608
CMC Trojan-Spy.Win32.Zbot!O 20140607
Commtouch W32/Zbot.BR.gen!Eldorado 20140608
Comodo TrojWare.Win32.Kazy.MKE 20140608
DrWeb Trojan.PWS.Panda.368 20140608
Emsisoft Backdoor.Zbot.D (B) 20140608
ESET-NOD32 Win32/Spy.Zbot.YW 20140607
F-Prot W32/Zbot.BR.gen!Eldorado 20140608
F-Secure Backdoor.Zbot.D 20140608
Fortinet W32/ZBot.DS!tr 20140608
GData Backdoor.Zbot.D 20140608
Ikarus Trojan-Spy.Win32.Zbot 20140607
K7AntiVirus Spyware ( 00222ac61 ) 20140606
K7GW Spyware ( 00222ac61 ) 20140606
Kaspersky Trojan-Spy.Win32.Zbot.jadh 20140608
Kingsoft Win32.Troj.Generic.c.(kcloud) 20140608
Malwarebytes Trojan.Zbot 20140608
McAfee PWS-Zbot.gen.ds 20140608
McAfee-GW-Edition PWS-Zbot.gen.ds 20140607
Microsoft PWS:Win32/Zbot.gen!Y 20140608
eScan Backdoor.Zbot.D 20140608
NANO-Antivirus Trojan.Win32.Zbot.iljpy 20140608
Norman Crypt.BAJJ 20140607
nProtect Trojan/W32.Agent.95744.JT 20140605
Panda Trj/Sinowal.WXO 20140607
Qihoo-360 Malware.QVM20.Gen 20140608
Rising PE:Stealer.Zbot!1.648A 20140607
Sophos AV Mal/Zbot-HX 20140608
SUPERAntiSpyware Trojan.Agent/Gen-Frauder 20140607
Symantec Trojan.Zbot 20140608
TheHacker Trojan/Spy.Zbot.bfgu 20140606
TotalDefense Win32/Zbot.ECQ 20140607
TrendMicro TSPY_ZBOT.SMIG 20140608
TrendMicro-HouseCall TSPY_ZBOT.SMIG 20140608
VBA32 SScope.Trojan.FakeAV.01110 20140607
VIPRE Trojan-PWS.Win32.Zbot.aac (v) 20140608
ViRobot Trojan.Win32.Zbot.95744.M 20140607
AegisLab 20140608
Yandex 20140607
Antiy-AVL 20140608
Baidu-International 20140607
ByteHero 20140608
Tencent 20140608
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-11 22:39:06
Entry Point 0x0000574D
Number of sections 3
PE sections
Overlays
MD5 fa529b7fe127cdfc5a3477da4e0d1337
File type data
Offset 95232
Size 512
Entropy 7.57
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
OpenThreadToken
RegSetValueExW
CryptGetHashParam
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
Thread32Next
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
GetTempPathW
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
InitializeCriticalSection
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateEventW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
SetThreadContext
VirtualQueryEx
SetEndOfFile
GetProcAddress
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
WriteFile
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
VirtualAllocEx
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
PathRenameExtensionW
StrCmpNIW
wvnsprintfA
SHDeleteKeyW
PathUnquoteSpacesW
PathFindFileNameW
PathRemoveFileSpecW
PathMatchSpecW
PathIsURLW
PathAddBackslashW
PathQuoteSpacesW
UrlUnescapeA
wvnsprintfW
PathSkipRootW
SHDeleteValueW
StrCmpNIA
PathCombineW
PathIsDirectoryW
PathRemoveBackslashW
PathAddExtensionW
GetUserNameExW
GetCursorPos
CharLowerA
LoadImageW
PeekMessageW
GetKeyboardState
CharToOemW
TranslateMessage
DrawIcon
CharUpperW
CharLowerW
ToUnicode
MsgWaitForMultipleObjects
CharLowerBuffA
GetIconInfo
DispatchMessageW
ExitWindowsEx
GetClipboardData
HttpSendRequestA
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpQueryInfoA
InternetReadFile
InternetReadFileExA
InternetCrackUrlA
HttpSendRequestExA
HttpAddRequestHeadersW
getaddrinfo
shutdown
accept
WSAStartup
freeaddrinfo
connect
getsockname
WSASetLastError
WSAGetLastError
recv
send
select
listen
WSAEventSelect
getpeername
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CLSIDFromString
StringFromGUID2
ExifTool file metadata
FileAccessDate
2014:12:17 18:37:30+01:00

FileCreateDate
2014:12:17 18:37:30+01:00

Compressed bundles
File identification
MD5 d2d969b5db07a1dcffab0831907d31b5
SHA1 586ed7cac65bd44bfa53f69eed260341641d0492
SHA256 edf431f299749a3fdd679070a3d839d7124f8279b4f1dfaf51cb11e3b87370a9
ssdeep
1536:TwH8olr3QF/GTqg8HLhobQLAfm5b8HLljs2mwEhstzWrYQ:+zlr39Og8HlKQLAfMmLljJmwEixWrz

authentihash 86fd067008b6301426ae0dca3ef09ce7279c2d493000a90d5fff7dd08b37113b
imphash 608b524939a4ae825f572a36fd684373
File size 93.5 KB ( 95744 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.6%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Sybase iAnywhere database files (0.1%)
Tags
mz overlay

VirusTotal metadata
First submission 2014-06-08 03:34:27 UTC ( 3 years, 1 month ago )
Last submission 2015-06-12 12:33:27 UTC ( 2 years, 1 month ago )
File names file-7100069_
5fa99771fc5fc7a708184dd801c03739195883d8
008283851
d2d969b5db07a1dcffab0831907d31b5.exe
test.exe
586ed7cac65bd44bfa53f69eed260341641d0492
test.ex_
damou.pps
d2d969b5db07a1dcffab0831907d31b5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!