× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a
إسم الملف: 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a.bin
نسبة الفحص: 22 / 56
تاريخ الفحص 2016-10-15 19:07:44 UTC ( 2 سنتان، 7 أشهر مضت ) مشاهدة الأخير
مكافح الفيروسات النتيجة التحديث
Ad-Aware Trojan.Generic.19304129 20161015
AegisLab Troj.Atraps.Gen!c 20161015
Avast Win32:Malware-gen 20161015
AVG Agent5.AUHV 20161015
Avira (no cloud) TR/ATRAPS.Gen 20161015
BitDefender Trojan.Generic.19304129 20161015
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
DrWeb Trojan.DownLoader22.63830 20161015
Emsisoft Trojan.Generic.19304129 (B) 20161015
ESET-NOD32 a variant of Win32/Agent.RYE 20161015
Fortinet W32/Agent.RYE!tr 20161015
Sophos ML generic.a 20160928
K7GW Trojan ( 001b27e51 ) 20161015
Malwarebytes Spyware.TrickBot 20161015
McAfee Artemis!F24384228FB4 20161015
McAfee-GW-Edition BehavesLike.Win32.BrowseFox.lh 20161015
eScan Trojan.Generic.19304129 20161015
NANO-Antivirus Trojan.Win32.DownLoader22.ehgkqr 20161015
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161015
SUPERAntiSpyware Trojan.Agent/Gen-TDSS[Pragma] 20161015
Symantec Trojan Horse 20161015
TrendMicro-HouseCall TROJ_GEN.R0C1H0AJE16 20161015
AhnLab-V3 20161015
Alibaba 20161014
ALYac 20161015
Antiy-AVL 20161015
Arcabit 20161015
AVware 20161015
Baidu 20161015
Bkav 20161015
CAT-QuickHeal 20161015
ClamAV 20161015
CMC 20161015
Comodo 20161015
Cyren 20161015
F-Prot 20161015
F-Secure 20161015
GData 20161015
Ikarus 20161015
Jiangmin 20161015
K7AntiVirus 20161015
Kaspersky 20161015
Kingsoft 20161015
Microsoft 20161015
nProtect 20161015
Panda 20161015
Rising 20161015
Sophos AV 20161015
Tencent 20161015
TheHacker 20161014
TrendMicro 20161015
VBA32 20161014
VIPRE 20161015
ViRobot 20161015
Yandex 20161015
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-11 19:04:44
Entry Point 0x0000DDF9
Number of sections 5
PE sections
Overlays
MD5 7012fe2d85da13995aa003bc04be7a26
File type data
Offset 76800
Size 4432
Entropy 0.09
PE imports
GetTokenInformation
CryptDestroyKey
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetUserNameW
CryptSetKeyParam
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
CryptAcquireContextW
EqualSid
CryptImportKey
LookupAccountNameW
CryptHashData
CryptDecrypt
CryptDestroyHash
CryptCreateHash
CryptStringToBinaryW
CryptBinaryToStringW
CreateToolhelp32Snapshot
GetLastError
HeapFree
CopyFileW
lstrcpynW
ReadFile
VirtualAllocEx
GetSystemInfo
lstrlenA
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
HeapAlloc
GetFileAttributesW
GetCommandLineW
DuplicateHandle
CreateRemoteThread
GetCurrentProcess
VirtualFreeEx
GetCurrentProcessId
WriteProcessMemory
OpenProcess
LockResource
SetFileTime
lstrlenW
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
GetTickCount
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
InterlockedCompareExchange
VirtualProtectEx
Process32FirstW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileTime
GetModuleHandleA
WriteFile
SetFileAttributesW
WideCharToMultiByte
LoadLibraryW
MoveFileExW
SetFilePointer
lstrcmpA
FindNextFileW
GetCurrentThreadId
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
Process32NextW
CreateMutexW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
HeapReAlloc
GetModuleHandleW
SetEvent
LocalFree
TerminateProcess
ResumeThread
CreateEventW
GetExitCodeThread
lstrcmpiW
SetCurrentDirectoryW
LoadResource
FindResourceW
CreateFileW
CreateProcessW
FindClose
InterlockedDecrement
Sleep
MoveFileW
GetFullPathNameW
SignalObjectAndWait
GetVersion
CloseHandle
SysAllocStringLen
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
CommandLineToArgvW
PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
StrStrIW
PathFindExtensionW
PathCombineW
PathRemoveBackslashW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WSAStartup
gethostbyname
WSACleanup
GetAdaptersInfo
__p__fmode
malloc
??0exception@@QAE@ABV0@@Z
rand
??1type_info@@UAE@XZ
srand
_time64
__dllonexit
_CxxThrowException
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
_lock
_onexit
exit
_XcptFilter
_itow
__setusermatherr
_wcmdln
_cexit
memset
_unlock
??1exception@@UAE@XZ
__p__commode
?what@exception@@UBEPBDXZ
memcpy
__wgetmainargs
free
_callnewh
_controlfp
_vsnprintf
??0exception@@QAE@XZ
_initterm
_exit
__set_app_type
_wtoi
RtlUnwind
NtQueryInformationProcess
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:11 12:04:44-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54784

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
20992

SubsystemVersion
5.1

EntryPoint
0xddf9

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f24384228fb49f9271762253b0733123
SHA1 8a5ee36f1d0fe4925c261a4e667312dff38b6d3b
SHA256 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a
ssdeep
1536:D6xjJ1ft7DEFogMjXHdp9Bi4SKLsKDO0yF5NnlGGQXAT:exjfxD0ogMjXHdp9Bi4SbKDOlNn/2AT

authentihash 60e828899ed211cd9233c36eb2b0b47bdc58ff84fe5e57a3486b4f2873349996
imphash 1eb4077b51d8f882d3b8aa39408d55c6
File size 79.3 ك.ب ( 81232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-14 15:19:51 UTC ( 2 سنتان، 7 أشهر مضت )
Last submission 2018-10-22 03:15:08 UTC ( 7 أشهر مضت )
أسماء الملفات 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a.bin
Vir _ (10).exe
payload_3.exe
f24384228fb49f9271762253b0733123.vir
f24384228fb49f9271762253b0733123.exe
لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications