× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f973ce530f332e04cfe681b5335978d77bd079d4d981d635c2a6eb9a6201358e
File name: vt-upload-5YJYg
Detection ratio: 29 / 54
Analysis date: 2014-08-11 10:16:25 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.429302 20140811
Yandex TrojanSpy.Zbot!1N+AejwrjAs 20140810
AntiVir TR/ZbotCitadel.A.913 20140811
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140811
Avast Win32:Malware-gen 20140811
AVG Crypt3.AIWZ 20140811
AVware Trojan.Win32.Generic!BT 20140811
BitDefender Gen:Variant.Kazy.429302 20140811
Bkav HW32.Laneul.necg 20140808
Commtouch W32/PWS.WZAF-1822 20140811
DrWeb Trojan.PWS.Panda.2977 20140811
Emsisoft Gen:Variant.Kazy.429302 (B) 20140811
ESET-NOD32 Win32/Spy.Zbot.AAO 20140811
F-Secure Gen:Variant.Kazy.429302 20140810
Fortinet W32/Zbot.AAO!tr.spy 20140811
GData Gen:Variant.Kazy.429302 20140811
Kaspersky Trojan-Spy.Win32.Zbot.tsrz 20140811
Kingsoft Win32.Troj.Zbot.ts.(kcloud) 20140811
McAfee RDN/Generic PWS.y!b2q 20140811
Microsoft PWS:Win32/Zbot 20140811
eScan Gen:Variant.Kazy.429302 20140811
Rising PE:Trojan.Win32.Generic.171BEA45!387705413 20140810
Sophos AV Mal/Generic-S 20140811
Symantec WS.Reputation.1 20140811
Tencent Win32.Trojan.Bp-generic.Ixrn 20140811
TotalDefense Win32/Zbot.DFRZKY 20140811
TrendMicro TROJ_FORUCON.BMC 20140811
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140811
VIPRE Trojan.Win32.Generic!BT 20140811
AegisLab 20140811
AhnLab-V3 20140811
Baidu-International 20140811
ByteHero 20140811
CAT-QuickHeal 20140811
ClamAV 20140811
CMC 20140809
Comodo 20140811
F-Prot 20140811
Ikarus 20140811
Jiangmin 20140811
K7AntiVirus 20140808
K7GW 20140808
Malwarebytes 20140811
McAfee-GW-Edition 20140810
NANO-Antivirus 20140811
Norman 20140811
nProtect 20140811
Panda 20140810
Qihoo-360 20140811
SUPERAntiSpyware 20140804
TheHacker 20140808
VBA32 20140811
ViRobot 20140811
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft Data Access Components
Original name MSADOMD.DLL
Internal name ADOMD
File version 2.81.1132.0 (xpsp.080413-0852)
Description Microsoft Data Access - ActiveX Data Objects (Multi-Dimensional)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-05 13:40:16
Entry Point 0x00001073
Number of sections 5
PE sections
Number of PE resources by type
REGISTRY 11
RT_STRING 2
TYPELIB 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 15
PE resources
File identification
MD5 66c71d562a9b1d1af3ba9f12facc5224
SHA1 f5b23b451786b2e9b15823b4c1e54138b7fe9268
SHA256 f973ce530f332e04cfe681b5335978d77bd079d4d981d635c2a6eb9a6201358e
ssdeep
3072:miQlOHjlK+43M/jZLFQWHQdlStXsbIF3ZcB+84SQOzrmqATHe9fsIyWz4ReJ2:ePB8/jZh/ilStXseZccYmqJfsI2eY

imphash e8af64f5dc8de33d29f4814140fd17a5
File size 297.0 KB ( 304128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-11 10:16:25 UTC ( 4 years, 4 months ago )
Last submission 2014-08-11 10:16:25 UTC ( 4 years, 4 months ago )
File names vt-upload-5YJYg
ADOMD
MSADOMD.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests