Forensic Timestamps Question

[bcg at struxural.com (Ben Greenfield)]

I'm doing a forensic analysis of a Zeus/Zbot infection for a client.
I came across something kind of interesting that I didn't initially
notice, and I'm hoping that someone can confirm or blow away a thought
I just had.

Here is some backup information:
~/mountpoint/WINDOWS/system32$ ls -lt --full-time sdra64.exe
-rwxrwxrwx 1 root root 161280 2009-02-09 07:10:48.000000000 -0500 sdra64.exe

~/mountpoint/WINDOWS/system32$ ls -ltu --full-time sdra64.exe
-rwxrwxrwx 1 root root 161280 2009-09-02 07:26:08.000000000 -0400 sdra64.exe

For arguments sake lets assume that the timestamps are accurate and
that the malware isn't modifying its creation timestamp (which I
wonder about because of 2009-02-09 and 2009-09-02 having numbers
swapped).  If I'm not mistake the -0400 and -0500 refer to offset from
Greenwich Mean Time.  If that's the case, is it fair for me to assume
that -0500 indicates that the computer which created the malware was
configured with a different timezone than the one which was infected?

Thanks, I look forward to people with more experience than saying
smart stuff now :)