× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9cb4a21a5998d902db952fd2bbdec2071c56a7d4f5db714b5452abbe5ef5294
File name: VirusShare_7b3d9e48deac8d0b33f6fc4235361cbd
Detection ratio: 44 / 56
Analysis date: 2015-10-26 23:40:44 UTC ( 11 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.62068 20151027
AVG BackDoor.Generic17.BGBA 20151026
AVware Trojan.Win32.Zbot.c (v) 20151026
Ad-Aware Gen:Variant.Zusy.62068 20151027
Yandex Backdoor.Androm!C6qc6r6zpTo 20151026
AhnLab-V3 Trojan/Win32.ZAccess 20151026
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151027
Arcabit Trojan.Zusy.DF274 20151027
Avast Win32:Fareit-IY [Trj] 20151027
Avira (no cloud) BDS/Androm.apac 20151027
Baidu-International Trojan.Win32.Delf.ONC 20151026
BitDefender Gen:Variant.Zusy.62068 20151027
CAT-QuickHeal Trojan.ZAgent.r5 20151027
ClamAV Win.Worm.Gamarue-14 20151027
Comodo TrojWare.Win32.Injector.AMDV 20151027
Cyren W32/Trojan.VSQY-7716 20151027
DrWeb Trojan.Spambot.12318 20151027
ESET-NOD32 Win32/Delf.ONC 20151027
Emsisoft Gen:Variant.Zusy.62068 (B) 20151027
F-Secure Gen:Variant.Zusy.62068 20151027
Fortinet W32/Zbot.PLZN!tr 20151026
GData Gen:Variant.Zusy.62068 20151027
Ikarus Trojan-PWS.Win32.Fareit 20151027
Jiangmin Backdoor/Androm.cdu 20151026
K7AntiVirus Trojan ( 004561211 ) 20151026
K7GW Trojan ( 004561211 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes Trojan.Agent.ED 20151026
McAfee Artemis!7B3D9E48DEAC 20151027
McAfee-GW-Edition Artemis!Virus 20151027
eScan Gen:Variant.Zusy.62068 20151027
Microsoft TrojanDownloader:Win32/Cutwail 20151027
NANO-Antivirus Trojan.Win32.Spambot.crvaat 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 HEUR/Malware.QVM01.Gen 20151027
Rising PE:Trojan.Win32.Generic.15D9999C!366582172 [F] 20151026
Sophos Troj/Inject-AKN 20151027
Symantec Trojan.Zbot 20151026
Tencent Win32.Backdoor.Androm.Ahyr 20151027
TrendMicro TROJ_SPNR.35JA13 20151027
TrendMicro-HouseCall TROJ_SPNR.35JA13 20151027
VBA32 TrojanSpy.Zbot 20151026
VIPRE Trojan.Win32.Zbot.c (v) 20151027
Zillya Dropper.Dorifel.Win32.11789 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151027
CMC 20151026
F-Prot 20151027
SUPERAntiSpyware 20151027
TheHacker 20151026
TotalDefense 20151026
ViRobot 20151026
Zoner 20151026
nProtect 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-31 10:40:43
Entry Point 0x00001240
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateToolbarEx
PropertySheetA
MenuHelp
DestroyPropertySheetPage
InitCommonControls
ImageList_Add
GetEffectiveClientRect
CreatePropertySheetPageA
CreateMappedBitmap
CloseFigure
CreateFontA
EndPath
CancelDC
CreateColorSpaceA
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
VirtualProtectEx
_cexit
__p__fmode
malloc
__p__environ
signal
_onexit
atexit
_setmode
__getmainargs
_iob
sin
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:31 11:40:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
2.56

FileTypeExtension
exe

InitializedDataSize
19968

SubsystemVersion
4.0

EntryPoint
0x1240

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
512

Compressed bundles
File identification
MD5 7b3d9e48deac8d0b33f6fc4235361cbd
SHA1 383b587b045eed8f61ebfff03562eee6694fe998
SHA256 f9cb4a21a5998d902db952fd2bbdec2071c56a7d4f5db714b5452abbe5ef5294
ssdeep
768:5F0DdiwNm8pBYKPkYBDt3x4LFCM950DDsXzbHzWX+:MddNlLkYBhwQEXX6

authentihash 444b9e4aee8c554fcf161b704104b5e1d89afa10d3dac171233699209b7382a6
imphash 2929e28e0559de058f3ef6618a29f02c
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-31 15:51:48 UTC ( 3 years ago )
Last submission 2014-01-01 20:16:17 UTC ( 2 years, 9 months ago )
File names VirusShare_7b3d9e48deac8d0b33f6fc4235361cbd
383b587b045eed8f61ebfff03562eee6694fe998-7b3d9e48deac8d0b33f6fc4235361cbd.01.exe.vir
b1c66eeeaebe8bc15499e9927a23bc1dab4c76f1
VirusShare_7b3d9e48deac8d0b33f6fc4235361cbd
VirusShare_7b3d9e48deac8d0b33f6fc4235361cbd
output.14639172.txt
14639172
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs