× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1c46213f9ba6eb73b33d0438768a8a94aa6e21e0a8a5a17f6e4eabfd399c7e0
File name: 0af694b05cce4dd2009b060ff74f952158927453
Detection ratio: 7 / 51
Analysis date: 2014-04-26 18:45:49 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Avast Win32:Dropper-gen [Drp] 20140426
DrWeb Trojan.PWS.Panda.6267 20140426
ESET-NOD32 Win32/Spy.Zbot.YW 20140426
K7GW Unwanted-File ( 6b49d2001 ) 20140426
Kaspersky Trojan-Spy.Win32.Zbot.sfmz 20140426
Malwarebytes Spyware.Zbot.ED 20140426
Qihoo-360 Malware.QVM20.Gen 20140426
Ad-Aware 20140426
AegisLab 20140426
Yandex 20140425
AhnLab-V3 20140426
AntiVir 20140426
Antiy-AVL 20140426
AVG 20140426
Baidu-International 20140426
BitDefender 20140426
Bkav 20140426
ByteHero 20140426
CAT-QuickHeal 20140426
ClamAV 20140426
CMC 20140424
Commtouch 20140426
Comodo 20140426
Emsisoft 20140426
F-Prot 20140426
F-Secure 20140426
Fortinet 20140426
GData 20140426
Ikarus 20140426
Jiangmin 20140426
K7AntiVirus 20140426
Kingsoft 20140426
McAfee 20140426
McAfee-GW-Edition 20140425
Microsoft 20140426
eScan 20140426
NANO-Antivirus 20140426
Norman 20140426
nProtect 20140425
Panda 20140426
Rising 20140426
Sophos AV 20140426
SUPERAntiSpyware 20140426
Symantec 20140426
TheHacker 20140425
TotalDefense 20140426
TrendMicro 20140426
TrendMicro-HouseCall 20140426
VBA32 20140425
VIPRE 20140425
ViRobot 20140426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-31 20:37:20
Entry Point 0x000055C6
Number of sections 4
PE sections
PE imports
GetModuleFileNameA
GetStartupInfoA
VirtualAlloc
GetModuleHandleA
Ord(2023)
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(616)
Ord(5677)
Ord(3597)
Ord(354)
Ord(755)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(3317)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4152)
Ord(5214)
Ord(5105)
Ord(5442)
Ord(5301)
Ord(4297)
Ord(2446)
Ord(1979)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(1725)
Ord(517)
Ord(283)
Ord(3869)
Ord(2383)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(922)
Ord(641)
Ord(2494)
Ord(4428)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(1200)
Ord(4398)
Ord(6175)
Ord(6216)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(3172)
Ord(2859)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1859)
Ord(6376)
Ord(4246)
Ord(4468)
Ord(2117)
Ord(401)
Ord(1727)
Ord(5102)
Ord(3402)
Ord(5186)
Ord(2725)
Ord(4133)
Ord(4998)
Ord(5472)
Ord(823)
Ord(4436)
Ord(4457)
Ord(800)
Ord(4262)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4427)
Ord(2578)
Ord(4274)
Ord(5284)
Ord(5261)
Ord(4696)
Ord(6131)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(6052)
Ord(4892)
Ord(924)
Ord(4077)
Ord(2086)
Ord(5101)
Ord(6336)
Ord(2391)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(5773)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(4370)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3663)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(4163)
Ord(976)
Ord(2818)
Ord(3499)
Ord(4376)
Ord(2626)
Ord(1776)
Ord(1920)
Ord(3582)
Ord(6000)
Ord(4623)
Ord(324)
Ord(5265)
Ord(4238)
Ord(2411)
Ord(3830)
Ord(2385)
Ord(2884)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(289)
Ord(2399)
Ord(4153)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(807)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(4960)
Ord(355)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(2879)
Ord(6385)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(613)
Ord(4588)
Ord(926)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(402)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_setmbcp
_ftol
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
fopen
rand
__p__commode
__set_app_type
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:31 21:37:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
2.0

EntryPoint
0x55c6

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5d3c0e09d8cab61e5e42ee410a971e43
SHA1 0af694b05cce4dd2009b060ff74f952158927453
SHA256 f1c46213f9ba6eb73b33d0438768a8a94aa6e21e0a8a5a17f6e4eabfd399c7e0
ssdeep
6144:d3FanS+BHZ3DBhVIQiwreKM/ijVwysm8qJs:L2b3dIQ3Ccf6

authentihash 8125d6c38954c86d8d135e5de115a17a90ac704224f8eba315bdc66bb649eabd
imphash 88e898e0ba6052abb53a61945f52f147
File size 228.9 KB ( 234344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
corrupt peexe

VirusTotal metadata
First submission 2014-04-26 18:45:49 UTC ( 4 years, 10 months ago )
Last submission 2015-03-24 11:40:20 UTC ( 3 years, 12 months ago )
File names tmpaf5e406b.exe
0af694b05cce4dd2009b060ff74f952158927453
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!