× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa71a7c7b408f6fd05c6b77c131c65bf1ecd4f4c1ac93a1292797e496bab4649
File name: zbetcheckin_tracker_WinNc.exe
Detection ratio: 12 / 69
Analysis date: 2018-11-30 22:38:35 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181130
Bkav W32.HamlaE.Trojan 20181129
ESET-NOD32 Win32/TrojanDownloader.AutoHK.JF 20181130
Jiangmin Trojan.Deshacop.iv 20181130
Kaspersky HEUR:Trojan.Win32.Generic 20181130
Microsoft Program:Win32/Unwaders.C!ml 20181130
Qihoo-360 HEUR/QVM10.1.8FA2.Malware.Gen 20181130
TACHYON Trojan-Spy/W32.InfoStealer.822272 20181130
Trapmine malicious.moderate.ml.score 20181128
VBA32 Backdoor.Androm 20181130
ViRobot Trojan.Win32.Agent.812032.I 20181130
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181130
Ad-Aware 20181130
AegisLab 20181130
AhnLab-V3 20181130
Alibaba 20180921
ALYac 20181130
Antiy-AVL 20181130
Arcabit 20181130
Avast 20181130
Avast-Mobile 20181130
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
BitDefender 20181130
CAT-QuickHeal 20181130
ClamAV 20181130
CMC 20181130
Comodo 20181130
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181130
Cyren 20181130
DrWeb 20181130
eGambit 20181130
Emsisoft 20181130
Endgame 20181108
F-Prot 20181130
F-Secure 20181130
Fortinet 20181130
GData 20181130
Ikarus 20181130
Sophos ML 20181128
K7AntiVirus 20181130
K7GW 20181130
Kingsoft 20181130
Malwarebytes 20181130
MAX 20181130
McAfee 20181130
McAfee-GW-Edition 20181130
eScan 20181130
NANO-Antivirus 20181130
Palo Alto Networks (Known Signatures) 20181130
Panda 20181130
Rising 20181130
SentinelOne (Static ML) 20181011
Sophos AV 20181130
SUPERAntiSpyware 20181128
Symantec 20181130
Symantec Mobile Insight 20181121
Tencent 20181130
TheHacker 20181129
TotalDefense 20181130
TrendMicro 20181130
TrendMicro-HouseCall 20181130
Trustlook 20181130
Webroot 20181130
Yandex 20181130
Zillya 20181130
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.1.23.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-16 06:27:22
Entry Point 0x0008FD13
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegEnumValueW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
GetUserNameW
OpenSCManagerW
RegEnumKeyExW
LockServiceDatabase
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
UnlockServiceDatabase
RegQueryValueExW
InitCommonControlsEx
ImageList_Destroy
CreateStatusWindowW
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
ImageList_ReplaceIcon
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetCharABCWidthsW
GetTextMetricsW
GetSystemPaletteEntries
CreatePolygonRgn
GetClipBox
GetPixel
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
FillRgn
CreateEllipticRgn
GetTextFaceW
CreateDCW
EnumFontFamiliesExW
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
LoadResource
RemoveDirectoryW
Beep
IsDebuggerPresent
HeapAlloc
HeapSetInformation
SetThreadPriority
WritePrivateProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetPriorityClass
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GlobalSize
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
FindNextFileW
FindFirstFileW
GlobalLock
SetVolumeLabelW
GetPrivateProfileSectionW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GlobalFree
GetConsoleCP
FindResourceW
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
Sleep
SafeArrayDestroy
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SysFreeString
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayLock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
OleLoadPicture
SysStringLen
GetModuleFileNameExW
GetModuleBaseNameW
SHGetFolderPathW
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
ExtractIconW
SHGetPathFromIDListW
DragQueryPoint
ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetMalloc
DragFinish
RedrawWindow
GetMessagePos
SetWindowRgn
RegisterWindowMessageW
UnregisterHotKey
DrawTextW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
ScreenToClient
WindowFromPoint
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
SendMessageW
GetClientRect
SetMenuDefaultItem
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
GetTopWindow
RegisterHotKey
OpenClipboard
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
LoadAcceleratorsW
GetKeyState
DestroyWindow
GetClassInfoExW
UpdateWindow
EnumWindows
CheckRadioButton
MapVirtualKeyExW
GetMessageW
ShowWindow
SetMenuInfo
GetDesktopWindow
IsCharAlphaW
PeekMessageW
InsertMenuItemW
CharUpperW
GetClipboardFormatNameW
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
SetParent
SetClipboardData
IsZoomed
IsCharLowerW
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FlashWindow
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetGUIThreadInfo
GetMenuStringW
MapWindowPoints
VkKeyScanExW
IsIconic
EmptyClipboard
SystemParametersInfoW
DefWindowProcW
keybd_event
KillTimer
MapVirtualKeyW
SetClipboardViewer
GetParent
ToUnicodeEx
GetSystemMetrics
SetWindowLongW
GetWindowRect
IsDialogMessageW
EnumChildWindows
IsMenu
CharLowerW
SendDlgItemMessageW
SetKeyboardState
GetCursor
CreatePopupMenu
CheckMenuItem
GetClassLongW
PtInRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
BringWindowToTop
SendInput
ClientToScreen
PostMessageW
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
CreateIconFromResourceEx
SetWindowsHookExW
LoadCursorW
FindWindowW
GetDC
FillRect
SetForegroundWindow
ExitWindowsEx
SetFocus
GetMenuItemInfoW
GetCursorPos
IntersectRect
SetLayeredWindowAttributes
EndDialog
CreateIconIndirect
MessageBeep
RemoveMenu
GetWindowThreadProcessId
GetQueueStatus
MessageBoxW
GetMenu
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
ChangeClipboardChain
AdjustWindowRectEx
mouse_event
GetFocus
GetSysColor
SetDlgItemTextW
CopyImage
DestroyIcon
IsWindowVisible
IsCharAlphaNumericW
GetLastInputInfo
DispatchMessageW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
GetAncestor
IsCharUpperW
SendMessageTimeoutW
EnableWindow
CloseClipboard
DefDlgProcW
SetMenu
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerOpen
waveOutSetVolume
mixerSetControlDetails
mciSendStringW
mixerClose
mixerGetDevCapsW
waveOutGetVolume
mixerGetLineInfoW
joyGetPosEx
joyGetDevCapsW
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
179712

ImageVersion
0.0

FileVersionNumber
1.1.23.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.1.23.00

TimeStamp
2016:01:16 07:27:22+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.23.00

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
641536

FileSubtype
0

ProductVersionNumber
1.1.23.0

EntryPoint
0x8fd13

ObjectFileType
Executable application

File identification
MD5 13488b3a68991922a4986edea446bfcb
SHA1 9a9d2100a6541087f764a2b4ca3d9de8015bb5ca
SHA256 fa71a7c7b408f6fd05c6b77c131c65bf1ecd4f4c1ac93a1292797e496bab4649
ssdeep
24576:rNR2zaQBt37/CZ0w1PeWnzqhqCC6+PE3U:aUsrC6aEE

authentihash 9c52da6d7ef9dc8ca47fa5804260e5d05e0fd698b0720e26e3e3ef76067c3a3c
imphash 46978de0f8944a65af1673d613222a98
File size 803.0 KB ( 822272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-30 22:38:35 UTC ( 5 months, 3 weeks ago )
Last submission 2018-11-30 22:38:35 UTC ( 5 months, 3 weeks ago )
File names zbetcheckin_tracker_WinNc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs