× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb2fbff21a18f7ffd77b4367c74c1c3190e5ec269a9866d8cffa9e16a902319e
File name: frs rebsooftw
Detection ratio: 50 / 56
Analysis date: 2015-07-27 19:56:27 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1772114 20150727
Yandex TrojanSpy.Zbot!gJ5T2HMqD8Y 20150727
AhnLab-V3 Trojan/Win32.ZBot 20150727
ALYac Trojan.GenericKD.1772114 20150727
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150727
Arcabit Trojan.Generic.D1B0A52 20150727
Avast Win32:Trojan-gen 20150727
AVG Zbot.LUQ 20150727
Avira (no cloud) TR/Spy.ZBot.sifgdiq 20150727
AVware Trojan.Win32.Generic!SB.0 20150727
Baidu-International Trojan.Win32.Zbot.AAO 20150727
BitDefender Trojan.GenericKD.1772114 20150727
CAT-QuickHeal TrojanPWS.Zbot.A5 20150727
ClamAV Win.Trojan.Zbot-35794 20150727
Comodo TrojWare.Win32.Spy.Zbot.TPCC 20150727
Cyren W32/Trojan.VFXY-0996 20150727
DrWeb Trojan.PWS.Panda.2401 20150727
Emsisoft Trojan.GenericKD.1772114 (B) 20150727
ESET-NOD32 Win32/Spy.Zbot.AAO 20150727
F-Prot W32/Trojan2.ONBD 20150727
F-Secure Trojan:W32/Zbot.BBMA 20150727
Fortinet W32/Zbot.TPCC!tr 20150727
GData Trojan.GenericKD.1772114 20150727
Ikarus Trojan-Spy.Agent 20150727
Jiangmin TrojanSpy.Zbot.hgoa 20150726
K7AntiVirus Riskware ( 0040eff71 ) 20150727
K7GW Riskware ( 0040eff71 ) 20150727
Kaspersky Trojan.Win32.Agent.idqk 20150727
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150727
Malwarebytes Spyware.Zbot.VXGen 20150727
McAfee Generic.tb 20150727
McAfee-GW-Edition BehavesLike.Win32.Spyware.dc 20150727
Microsoft PWS:Win32/Zbot.CIA 20150727
eScan Trojan.GenericKD.1772114 20150727
NANO-Antivirus Trojan.Win32.Zbot.dcqpap 20150727
nProtect Trojan-Spy/W32.ZBot.267264.AH 20150727
Panda Trj/WLT.A 20150727
Qihoo-360 HEUR/Malware.QVM10.Gen 20150727
Rising PE:Trojan.Win32.Generic.170D6D9E!386755998 20150722
Sophos Troj/Zbot-IRF 20150727
SUPERAntiSpyware Trojan.Agent/Gen-Sisron 20150727
Symantec Trojan.Zbot 20150727
Tencent Win32.Trojan.Bp-qqthief.Ixrn 20150727
TotalDefense Win32/Zbot.JDDOWcD 20150727
TrendMicro TROJ_FORUCON.BME 20150727
TrendMicro-HouseCall TROJ_FORUCON.BME 20150727
VBA32 TrojanSpy.Zbot 20150727
VIPRE Trojan.Win32.Generic!SB.0 20150727
Zillya Trojan.Zbot.Win32.162811 20150727
Zoner Trojan.Zbot.AAO 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
TheHacker 20150727
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 AlmicoSoftware

Publisher AlmicoSoftware
Product KRS Forming Rebuilding Sooftware
Original name krskerebso
Internal name frs rebsooftw
File version 1.0.4.0
Description KRS Keeper Rebuilding Sooftware
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-05 16:51:20
Entry Point 0x00006C9D
Number of sections 5
PE sections
PE imports
GetSecurityInfo
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TextOutW
CreatePen
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
SetStretchBltMode
EnumFontsA
Rectangle
GetDeviceCaps
LineTo
DeleteDC
DeleteObject
BitBlt
RealizePalette
SetTextColor
GetTextExtentPointW
CreatePatternBrush
GetObjectA
FillRgn
CreateBitmap
MoveToEx
CreatePalette
CreateBrushIndirect
GetStockObject
SelectPalette
GetDIBits
CreateCompatibleDC
StretchBlt
SelectObject
CreateSolidBrush
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
CreateIoCompletionPort
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetLogicalDriveStringsA
CreateEventW
LoadResource
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetConsoleOutputCP
HeapSetInformation
EnumSystemLocalesA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetVersion
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
WaitForMultipleObjects
lstrcpyW
lstrcpyA
IsValidLocale
GetProcAddress
LocalSize
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCPInfo
GetCPInfoExA
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
SetConsoleTitleA
CloseHandle
EnumSystemCodePagesA
GetACP
GlobalLock
CreateConsoleScreenBuffer
GetModuleHandleW
FreeResource
FindResourceA
IsValidCodePage
HeapCreate
PostQueuedCompletionStatus
Sleep
GetDefaultCommConfigA
OleLoadPicture
GetMappedFileNameA
SHGetFolderPathW
SHBrowseForFolderA
SHCreateDirectoryExW
Shell_NotifyIconW
StrChrW
StrCpyNW
SHCreateStreamOnFileW
EmptyClipboard
TranslateAcceleratorA
GetForegroundWindow
GetParent
UpdateWindow
SetLayeredWindowAttributes
EndDialog
BeginPaint
DefWindowProcW
ReleaseCapture
GetClassInfoExA
PostQuitMessage
ShowWindow
GetPropA
GetClipboardData
GetWindowThreadProcessId
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
SendDlgItemMessageW
wsprintfW
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
GetSysColor
SetDlgItemTextW
GetDC
RegisterClassExA
ReleaseDC
SendMessageW
SetClipboardData
PtInRect
IsWindowVisible
SendMessageA
GetUpdateRect
GetClientRect
GetDlgItem
IsWindow
SetScrollPos
ClientToScreen
SetRect
InvalidateRect
IsClipboardFormatAvailable
OpenClipboard
LoadCursorA
LoadIconA
FillRect
TranslateMDISysAccel
GetSysColorBrush
DestroyAcceleratorTable
GetDesktopWindow
GetClassNameA
GetTopWindow
CloseClipboard
CharNextW
CharToOemA
WSASocketA
bind
WSACleanup
WSAStartup
shutdown
htons
closesocket
listen
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CreateBindCtx
CreateURLMoniker
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.4.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
187904

EntryPoint
0x6c9d

OriginalFileName
krskerebso

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 AlmicoSoftware

FileVersion
1.0.4.0

TimeStamp
2013:12:05 17:51:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
frs rebsooftw

ProductVersion
1.0.4.0

FileDescription
KRS Keeper Rebuilding Sooftware

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AlmicoSoftware

CodeSize
78336

ProductName
KRS Forming Rebuilding Sooftware

ProductVersionNumber
1.0.4.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f696f475c2a38fd0b4e90b044b3a29cc
SHA1 bd60afc09329532ba7003c384f254be3ae3533a4
SHA256 fb2fbff21a18f7ffd77b4367c74c1c3190e5ec269a9866d8cffa9e16a902319e
ssdeep
6144:Wf2RyOoub65dgPUeG2NBLvmYoE9BekFgePNLDnq2z+:WuLoub65dgP1zDLusZge1nqY+

authentihash a9b7d8dcac2e009f13495f52f545aefeac62cd167f16a1b18478ad803d6572b7
imphash ba20c2c19569c2a3137b1f8681e7d613
File size 261.0 KB ( 267264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-22 12:03:14 UTC ( 2 years, 9 months ago )
Last submission 2014-11-27 08:40:50 UTC ( 2 years, 4 months ago )
File names krskerebso
WL-7e3549348c0920db01351b9d06267d92-0
42.exe
f696f475c2a38fd0b4e90b044b3a29cc
fattura 25621585301.pdfz
fattura 25621585301.pdf.pif
69.exe
f696f475c2a38fd0b4e90b044b3a29cc.malware
19.exe
frs rebsooftw
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.