× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: a5b954c8115e784d0262d6cc3e87470598f2ad00fe64ffac5f7cc46f889fe89b
Nome del file: prog1g.exe.ViR
Rapporto rilevamento: 54 / 57
Data analisi: 2016-04-14 11:11:01 UTC ( 3 anni, 1 mese fa ) Leggli gli ultimi
Antivirus Risultato Aggiornamento
Ad-Aware Trojan.Spy.Zbot.FNO 20160414
AegisLab Troj.Spy.W32.Zbot!c 20160414
AhnLab-V3 Spyware/Win32.Zbot 20160414
ALYac Trojan.Spy.Zbot.FNO 20160414
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20160414
Arcabit Trojan.Spy.Zbot.FNO 20160414
Avast Sf:Crypt-BR [Trj] 20160414
AVG Agent5.AMDS 20160414
Avira (no cloud) TR/Spy.A.6512 20160414
AVware Win32.Malware!Drop 20160414
Baidu Win32.Trojan.Zbot.a 20160414
BitDefender Trojan.Spy.Zbot.FNO 20160414
Bkav W32.WinatoO.Trojan 20160413
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160413
ClamAV Win.Spyware.Zbot-1275 20160414
CMC Trojan-Spy.Win32.Zbot!O 20160412
Comodo TrojWare.Win32.Zbot.NEWA 20160414
Cyren W32/Zbot.BR.gen!Eldorado 20160414
DrWeb Trojan.PWS.Panda.2401 20160414
Emsisoft Trojan.Spy.Zbot.FNO (B) 20160414
ESET-NOD32 Win32/Spy.Zbot.AAO 20160414
F-Prot W32/Zbot.BR.gen!Eldorado 20160414
F-Secure Trojan.Spy.Zbot.FNO 20160414
Fortinet W32/Zbot.AAO!tr 20160413
GData Trojan.Spy.Zbot.FNO 20160414
Ikarus Trojan-Spy.Win32.Zbot 20160414
Jiangmin KVBASE 20160414
K7AntiVirus Backdoor ( 04c4ee7b1 ) 20160414
K7GW Backdoor ( 04c4ee7b1 ) 20160414
Kaspersky Trojan-Spy.Win32.Zbot.ntpf 20160414
Kingsoft Win32.Troj.Undef.(kcloud) 20160414
Malwarebytes Spyware.Citadel 20160414
McAfee PWS-Zbot.gen.vo 20160414
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160414
Microsoft PWS:Win32/Zbot!CI 20160414
eScan Trojan.Spy.Zbot.FNO 20160414
NANO-Antivirus Trojan.Win32.Panda.bqoxse 20160414
nProtect Trojan/W32.Agent.226304.II 20160414
Panda Generic Malware 20160413
Qihoo-360 Malware.Radar01.Gen 20160414
Rising PE:Stealer.Zbot!1.648A [F] 20160414
Sophos AV Mal/Zbot-HX 20160414
SUPERAntiSpyware Trojan.Agent/Gen-MalPE 20160414
Symantec Trojan.Zbot 20160414
Tencent Win32.Backdoor.Zbot.Auto 20160414
TotalDefense Win32/Zbot.BdERMZC 20160414
TrendMicro TSPY_ZBOT.SMQF 20160414
TrendMicro-HouseCall TSPY_ZBOT.SMQF 20160414
VBA32 SScope.Trojan.FakeAV.01110 20160413
VIPRE Win32.Malware!Drop 20160414
ViRobot Trojan.Win32.Agent.226304.P[h] 20160414
Yandex TrojanSpy.Zbot!m2BM16sQScQ 20160412
Zillya Trojan.ZbotGen.Win32.5 20160414
Zoner Trojan.Zbot 20160414
Alibaba 20160414
Baidu-International 20160414
TheHacker 20160412
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-08 19:14:23
Entry Point 0x0002B055
Number of sections 3
PE sections
Overlays
MD5 28c4663bc3da80696e2c716f530a5cc0
File type data
Offset 225280
Size 1024
Entropy 7.83
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
CryptHashData
CheckTokenMembership
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityInfo
InitiateSystemShutdownExW
SetSecurityDescriptorSacl
GetTokenInformation
CryptReleaseContext
RegQueryInfoKeyW
CreateProcessAsUserA
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
GetSecurityDescriptorSacl
GetLengthSid
CreateProcessAsUserW
CryptDestroyHash
CryptAcquireContextW
RegDeleteValueW
RegSetValueExW
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
SetNamedSecurityInfoW
CryptUnprotectData
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
PFXExportCertStoreEx
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
SetViewportOrgEx
GetDIBits
CreateCompatibleBitmap
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetRectRgn
FileTimeToDosDateTime
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
GetProcessId
CreatePipe
GetCurrentProcess
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
WriteFile
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
InitializeCriticalSection
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
lstrcmpiW
SetThreadPriority
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateEventW
CreateThread
MoveFileExW
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
SetHandleInformation
SetThreadContext
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
UnmapViewOfFile
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
Thread32Next
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
GetTimeZoneInformation
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
CreateFileMappingW
VirtualAllocEx
OpenEventW
GlobalUnlock
lstrlenW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
GetCurrentThread
lstrcpynW
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
OpenMutexW
GetModuleHandleW
GetFileAttributesExW
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetUserEnum
NetUserGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
StrCmpNIW
wvnsprintfA
StrCmpNIA
wvnsprintfW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddBackslashW
UrlUnescapeA
SHDeleteValueW
PathCombineW
PathRenameExtensionW
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathIsURLW
PathAddExtensionW
PathSkipRootW
GetUserNameExW
GetMessagePos
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
CreateDesktopW
DispatchMessageW
GetCursorPos
ReleaseDC
SendMessageW
EndMenu
DefFrameProcA
DefWindowProcW
CharLowerBuffA
GetThreadDesktop
LoadImageW
GetTopWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemCount
GetMessageA
GetUserObjectInformationW
GetParent
EqualRect
DefMDIChildProcA
GetMessageW
PeekMessageW
CharUpperW
PeekMessageA
TranslateMessage
SetThreadDesktop
GetWindow
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
GetSystemMetrics
GetKeyboardLayoutList
RegisterClassA
TrackPopupMenuEx
GetSubMenu
GetDCEx
FillRect
ToUnicode
GetWindowLongW
GetUpdateRect
GetWindowInfo
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
DrawEdge
SwitchDesktop
BeginPaint
DefMDIChildProcW
ReleaseCapture
MapVirtualKeyW
DefWindowProcA
GetClipboardData
CharLowerA
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
CharLowerW
SetProcessWindowStation
GetProcessWindowStation
GetClassLongW
CreateWindowStationW
SetKeyboardState
CloseWindowStation
PostMessageW
GetKeyboardState
PostThreadMessageW
CharToOemW
GetMenuState
GetMenuItemID
ExitWindowsEx
IntersectRect
GetCapture
GetShellWindow
GetWindowThreadProcessId
HiliteMenuItem
GetMenu
RegisterClassExW
CallWindowProcA
MessageBoxA
GetWindowDC
RegisterClassExA
MenuItemFromPoint
PrintWindow
DefFrameProcW
SetCursorPos
SystemParametersInfoW
GetDC
CallWindowProcW
GetClassNameW
GetAncestor
DefDlgProcA
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
DefDlgProcW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetSetStatusCallbackW
HttpOpenRequestA
HttpEndRequestW
HttpSendRequestExW
InternetSetStatusCallbackA
HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestW
InternetReadFileExA
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetConnectA
InternetGetCookieA
InternetQueryOptionA
GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoA
InternetSetFilePointer
HttpSendRequestA
InternetSetOptionA
InternetOpenA
HttpSendRequestW
InternetCrackUrlA
waveOutSetVolume
PlaySoundA
PlaySoundW
waveOutGetVolume
getaddrinfo
shutdown
accept
WSAAddressToStringW
WSAStartup
freeaddrinfo
connect
getsockname
getpeername
WSAGetLastError
closesocket
send
inet_addr
WSASend
select
listen
WSAEventSelect
gethostbyname
WSASetLastError
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromString
StringFromGUID2
CoSetProxyBlanket
Compressed bundles
File identification
MD5 23919b611ecbade656887587ba400900
SHA1 1645618ebd38915ee37a617011c27df2760db964
SHA256 a5b954c8115e784d0262d6cc3e87470598f2ad00fe64ffac5f7cc46f889fe89b
ssdeep
6144:w0i0DgmSlqqDLPyO/m4yODvcDjoG1oPKajg3GqVmnO76kZ:w0i0DgmBqnJcDjoGyPKaE3Dd7XZ

authentihash fc7ae9615588fc4a5394864bb9c80e36d2e39982f6d02b3d6bf22304f4573fb3
imphash cbd5f9d3d5116a19f639b439cc5737cd
File size 221.0 KB ( 226304 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (38.8%)
DOS Executable Borland Pascal 7.0x (17.5%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Music Craft Score (8.6%)
Tags
mz overlay

VirusTotal metadata
First submission 2016-03-30 12:48:01 UTC ( 3 anni, 1 mese fa )
Last submission 2018-10-09 16:34:12 UTC ( 7 mesi, 2 settimane fa )
Nomi dei files 23919b611ecbade656887587ba400900.exe
1645618ebd38915ee37a617011c27df2760db964.exe
prog1g.exe
m4kfGFr.tmp
prog1g.exe
prog1g.exe.ViR
prog1g.exe.ViR
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!