× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ef68be2b8dd21500c089afccfefc34e9080c5190c63e6c6b1abb76ef003b191d
File name: fisu.exe
Detection ratio: 22 / 43
Analysis date: 2012-10-02 06:52:58 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
Yandex TrojanSpy.Zbot!7KbsKwn0o9Q 20121001
AhnLab-V3 Trojan/Win32.Genome 20121001
Avast Win32:Zbot-PJZ [Trj] 20121001
AVG PSW.Generic10.NQC 20121001
BitDefender Trojan.Generic.KDV.719776 20121001
CAT-QuickHeal (Suspicious) - DNAScan 20121001
Comodo TrojWare.Win32.Injector.jm2 20121001
Emsisoft Trojan-PWS.Win32.Zbot!IK 20120919
ESET-NOD32 Win32/Spy.Zbot.AAO 20121001
F-Secure Trojan.Generic.KDV.719776 20121001
GData Trojan.Generic.KDV.719776 20121001
Ikarus Trojan-PWS.Win32.Zbot 20121001
Kaspersky Trojan.Win32.Genome.agaeu 20121001
Kingsoft Win32.Troj.Generic.(kcloud) 20120925
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20121001
Microsoft PWS:Win32/Zbot.gen!AJ 20121001
Norman Black.AG 20121001
nProtect Trojan.Generic.KDV.719776 20121001
Panda Trj/Genetic.gen 20121001
Sophos AV Mal/Zbot-IG 20121001
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20120911
TheHacker Trojan/Spy.Zbot.aao 20121001
AntiVir 20121001
Antiy-AVL 20121001
ByteHero 20120918
ClamAV 20121001
Commtouch 20121001
DrWeb 20121001
eSafe 20120927
F-Prot 20120926
Fortinet 20121001
Jiangmin 20121001
K7AntiVirus 20121001
McAfee 20121001
PCTools 20121001
Rising 20120928
Symantec 20121001
TotalDefense 20121001
TrendMicro 20121001
TrendMicro-HouseCall 20121001
VBA32 20121001
VIPRE 20121001
ViRobot 20121001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1998-2010 The Pidgin developer community (See the COPYRIGHT file in the source distribution).

Product Pidgin
Original name pidgin.exe
Internal name pidgin
File version 2.10.6
Description Pidgin
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1987-05-14 04:16:36
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
PSetupGetLocalDataField
VariantChangeTypeEx
GetForegroundWindow
VerQueryValueA
Number of PE resources by type
RT_VERSION 2
Struct(31) 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.16

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.10.6.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Pidgin

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x1000

OriginalFileName
pidgin.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1998-2010 The Pidgin developer community (See the COPYRIGHT file in the source distribution).

FileVersion
2.10.6

TimeStamp
1987:05:14 06:16:36+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
pidgin

ProductVersion
2.10.6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Pidgin developer community

CodeSize
1388544

ProductName
Pidgin

ProductVersionNumber
2.10.6.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 deef0332381eba407e044a61a7963e36
SHA1 ea1056903f8de8b13f74114fbfbe74b8e82ed122
SHA256 ef68be2b8dd21500c089afccfefc34e9080c5190c63e6c6b1abb76ef003b191d
ssdeep
6144:lEuLL7nVGEHg9F0odLYusWm6tbzashshhDjCH/w/Jgn+aCyIK3ccnMxjqznH0GhE:iupGEHIfm6lvsho+wW1K3DnsGxyj

authentihash ab8bc53af39c00669e0093be3a0486c6b1634ad4e124d77d5b05dd3488531a6a
imphash 286fce91ca34d7e668a8c0473aef4d74
File size 380.5 KB ( 389632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2012-10-02 06:52:58 UTC ( 6 years, 5 months ago )
Last submission 2019-02-07 11:10:42 UTC ( 1 month, 2 weeks ago )
File names ZOMGbAjLM.js
fisu.exe
DEEF0332381EBA407E044A61A7963E36.exe
ef68be2b8dd21500c089afccfefc34e9080c5190c63e6c6b1abb76ef003b191d.bin
pidgin.exe
DEEF0332381EBA407E044A61A7963E36.bin
pidgin
aa
ef68be2b8dd21500c089afccfefc34e9080c5190c63e6c6b1abb76ef003b191d.vir
cMDem1ncZZ.caj
1349380546.fisu.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Set keys
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.