× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fbe4405900e9cdd05031f4a629d5e6af1369ba989d9db43c3a5fb0a26dcc570b
File name: fbe4405900e9cdd05031f4a629d5e6af1369ba989d9db43c3a5fb0a26dcc570b
Detection ratio: 40 / 57
Analysis date: 2015-09-25 15:25:53 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Zbot.IQU 20150925
Yandex Trojan.DR.Injector!veHquycjq/0 20150923
AhnLab-V3 Trojan/Win32.MDA 20150925
ALYac Trojan.Zbot.IQU 20150925
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150925
Arcabit Trojan.Zbot.IQU 20150925
Avast Win32:Boaxxe-BO [Cryp] 20150925
AVG Generic_r.FVJ 20150925
Avira (no cloud) TR/AD.Zbot.Y.413 20150925
AVware Trojan.Win32.Generic!BT 20150925
BitDefender Trojan.Zbot.IQU 20150925
Bkav HW32.Packed.EDF1 20150925
CAT-QuickHeal TrojanPWS.Zbot.A4 20150924
Cyren W32/Trojan.CQYG-8839 20150925
DrWeb Trojan.Siggen6.27340 20150925
Emsisoft Trojan.Zbot.IQU (B) 20150925
ESET-NOD32 Win32/Spy.Zbot.ACB 20150925
F-Secure Trojan.Zbot.IQU 20150925
Fortinet W32/Injector.CIRV!tr 20150925
GData Trojan.Zbot.IQU 20150925
Ikarus Trojan-Spy.Agent 20150925
K7AntiVirus Spyware ( 004b89a11 ) 20150925
K7GW Spyware ( 004b89a11 ) 20150925
Kaspersky Trojan-Dropper.Win32.Injector.njnj 20150925
McAfee GenericR-ENK!95BEA93FD61C 20150925
McAfee-GW-Edition GenericR-ENK!95BEA93FD61C 20150925
Microsoft PWS:Win32/Zbot!VM 20150925
eScan Trojan.Zbot.IQU 20150925
NANO-Antivirus Trojan.Win32.Injector.dwyuud 20150925
nProtect Trojan.Zbot.IQU 20150925
Panda Trj/Genetic.gen 20150925
Qihoo-360 Win32/Trojan.BO.0d1 20150925
Rising PE:Malware.Obscure/Heur!1.9E03[F1] 20150924
Sophos AV Mal/Zbot-UE 20150925
Symantec Suspicious.Cloud.9 20150924
Tencent Win32.Trojan.Zbot.Hupq 20150925
TrendMicro TROJ_GEN.R00XC0DIJ15 20150925
VIPRE Trojan.Win32.Generic!BT 20150925
ViRobot Trojan.Win32.Z.Zbot.258560.A[h] 20150925
Zillya Trojan.Zbot.Win32.187485 20150924
AegisLab 20150925
Alibaba 20150925
Baidu-International 20150925
ByteHero 20150925
ClamAV 20150924
CMC 20150925
Comodo 20150925
F-Prot 20150925
Jiangmin 20150924
Kingsoft 20150925
Malwarebytes 20150925
SUPERAntiSpyware 20150925
TheHacker 20150923
TotalDefense 20150925
TrendMicro-HouseCall 20150925
VBA32 20150924
Zoner 20150925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-09 14:39:47
Entry Point 0x00001C5E
Number of sections 4
PE sections
Overlays
MD5 44e0052987c0fd800fc76b76dad1782b
File type data
Offset 258048
Size 512
Entropy 7.64
PE imports
SetTextAlign
GetCharWidth32A
GetTextExtentExPointA
GetModuleHandleA
GlobalMemoryStatus
GetEnvironmentStrings
GetTimeZoneInformation
CreateThread
GetStartupInfoA
SetFilePointer
FindNextFileW
HeapDestroy
CompareStringA
CreateFileA
GetModuleFileNameA
GetStringTypeW
GetModuleHandleW
SetCommTimeouts
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(1199)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(523)
Ord(3147)
Ord(2124)
Ord(2370)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(791)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(1247)
Ord(6052)
Ord(5163)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5480)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_ftol
_exit
__p__commode
__setusermatherr
__dllonexit
_setmbcp
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_onexit
_adjust_fdiv
__set_app_type
DrawEdge
GetSystemMetrics
SetTimer
AppendMenuA
LoadIconA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
SystemParametersInfoW
SetForegroundWindow
MessageBoxIndirectW
IsIconic
OpenClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:09 15:39:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9441280

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1c5e

InitializedDataSize
249856

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 95bea93fd61cc1bfd1e35cae67da9cd3
SHA1 3dcda5825d0974ee3811ca55e41739f351af9a24
SHA256 fbe4405900e9cdd05031f4a629d5e6af1369ba989d9db43c3a5fb0a26dcc570b
ssdeep
6144:DsxEEjadyU4MAIMvqKHOSiCTFUol5dDXqN:DsmEjagxFIMyKHO1ODXqN

authentihash 6a42c6b693da4a7ceba5ebc7875ac30de6360e449a094c21302055556d99eaf3
imphash d3b81cefd47641985611ba5d9b1bcfc7
File size 252.5 KB ( 258560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-18 18:03:18 UTC ( 3 years, 6 months ago )
Last submission 2018-10-09 07:38:18 UTC ( 5 months, 2 weeks ago )
File names D20E.TMP
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs