× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6b51bbc077dcbf74f494626e6191ef0d9aea02f7e26b5b7523571d014b54691
File name: 0fda10bf370403b6408ea338c50e021c
Detection ratio: 30 / 54
Analysis date: 2014-08-17 05:36:28 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware AIT:Trojan.Autoit.BXU 20140817
AhnLab-V3 Spyware/Win32.Zbot 20140816
AntiVir TR/Spy.Banker.1477 20140816
Avast Win32:Trojan-gen 20140817
AVG Generic11_c.SOA 20140817
AVware Trojan.Win32.Generic!BT 20140817
BitDefender AIT:Trojan.Autoit.BXU 20140817
CAT-QuickHeal TrojanPWS.AutoIt.Zbot.S 20140816
CMC Trojan.Win32.Generic!O 20140814
Commtouch W32/Vobfus.DPJC-7418 20140817
Emsisoft AIT:Trojan.Autoit.BXU (B) 20140817
ESET-NOD32 Win32/Spy.Zbot.AAO 20140816
F-Prot W32/Vobfus.AA 20140817
F-Secure AIT:Trojan.Autoit.BXU 20140817
GData AIT:Trojan.Autoit.BXU 20140817
Ikarus Trojan-Spy.Agent 20140817
Kaspersky Trojan-Spy.Win32.Zbot.tuaw 20140817
McAfee Artemis!0FDA10BF3704 20140817
Microsoft PWS:Win32/Zbot 20140817
eScan AIT:Trojan.Autoit.BXU 20140817
nProtect AIT:Trojan.Autoit.BXU 20140817
Panda Trj/CI.A 20140816
Qihoo-360 Win32/Trojan.Spy.3f2 20140817
Sophos AV Troj/AutoIt-ANO 20140817
Symantec Trojan.Zbot 20140817
Tencent Win32.Trojan-spy.Zbot.Kqc 20140817
TheHacker Trojan/Jorik.Agent.brb 20140817
TrendMicro TROJ_GEN.R0CBC0DHG14 20140817
TrendMicro-HouseCall TROJ_GEN.R0CBC0DHG14 20140817
VIPRE Trojan.Win32.Generic!BT 20140817
AegisLab 20140817
Yandex 20140816
Antiy-AVL 20140817
Baidu-International 20140816
Bkav 20140816
ByteHero 20140817
ClamAV 20140816
Comodo 20140817
DrWeb 20140817
Fortinet 20140817
Jiangmin 20140815
K7AntiVirus 20140814
K7GW 20140814
Kingsoft 20140817
Malwarebytes 20140817
McAfee-GW-Edition 20140816
NANO-Antivirus 20140817
Norman 20140816
Rising 20140816
SUPERAntiSpyware 20140816
TotalDefense 20140816
VBA32 20140816
ViRobot 20140816
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
File version 3, 3, 8, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000B7E70
Number of sections 3
PE sections
Number of PE resources by type
RT_ICON 11
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 24
ENGLISH US 2
PE resources
File identification
MD5 0fda10bf370403b6408ea338c50e021c
SHA1 150210464a70883d05598e6496d502a8e2c759af
SHA256 f6b51bbc077dcbf74f494626e6191ef0d9aea02f7e26b5b7523571d014b54691
ssdeep
12288:Q6Wq4aaE6KwyF5L0Y2D1PqL1dWDA2h2DXpHvnmDoL8FRfzrnGx77VrhSBf6Vo:mthEVaPqL1dWDA22rpHfas8nj49hS0Vo

imphash 890e522b31701e079a367b89393329e6
File size 803.7 KB ( 823034 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.6%)
UPX compressed Win32 Executable (5.2%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-17 05:36:28 UTC ( 4 years, 3 months ago )
Last submission 2014-08-17 05:36:28 UTC ( 4 years, 3 months ago )
File names 0fda10bf370403b6408ea338c50e021c
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications