× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: 2dd562d8724b6e109c4bf466ab95ca532461b6f4a579cc1c3971545dd884ff03
إسم الملف: 777d05f22066665522b944e2bdc6226aa4c67c84
نسبة الفحص: 30 / 57
تاريخ الفحص 2016-12-16 14:23:15 UTC ( 2 سنتان، 5 أشهر مضت ) مشاهدة الأخير
مكافح الفيروسات النتيجة التحديث
Ad-Aware Trojan.Generic.20017819 20161216
AhnLab-V3 Trojan/Win32.Locky.R191957 20161216
Arcabit Trojan.Generic.D131729B 20161216
AVG Atros4.BJUR 20161216
Avira (no cloud) TR/Crypt.ZPACK.kqpze 20161216
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Trojan.Generic.20017819 20161216
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Emsisoft Trojan.Generic.20017819 (B) 20161216
ESET-NOD32 a variant of Win32/Kryptik.FLOO 20161216
F-Secure Trojan.Generic.20017819 20161216
GData Trojan.Generic.20017819 20161216
Ikarus Trojan.Win32.Krypt 20161216
Sophos ML generic.a 20161202
K7GW Hacktool ( 655367771 ) 20161216
Kaspersky Trojan-Banker.Win32.Tuhkit.uh 20161216
Malwarebytes Trojan.Ursnif 20161216
McAfee RDN/Generic Downloader.x 20161216
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20161216
Microsoft TrojanDownloader:Win32/Talalpek.A 20161216
eScan Trojan.Generic.20017819 20161216
Panda Trj/GdSda.A 20161216
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161216
Rising Malware.Generic!EqGB73J1BPG@2 (thunder) 20161216
Sophos AV Mal/Elenoocka-E 20161216
Symantec Trojan Horse 20161216
Tencent Win32.Trojan-banker.Tuhkit.Amvv 20161216
TrendMicro TROJ_GEN.R072C0DLF16 20161216
TrendMicro-HouseCall TROJ_GEN.R072C0DLF16 20161216
Yandex Trojan.PWS.Tuhkit! 20161216
AegisLab 20161216
Alibaba 20161216
ALYac 20161216
Antiy-AVL 20161216
Avast 20161216
AVware 20161216
Bkav 20161216
CAT-QuickHeal 20161216
ClamAV 20161215
CMC 20161216
Comodo 20161216
Cyren 20161216
DrWeb 20161216
F-Prot 20161216
Fortinet 20161216
Jiangmin 20161216
K7AntiVirus 20161216
Kingsoft 20161216
NANO-Antivirus 20161216
nProtect 20161216
SUPERAntiSpyware 20161216
TheHacker 20161214
TotalDefense 20161216
Trustlook 20161216
VBA32 20161216
VIPRE 20161216
ViRobot 20161216
WhiteArmor 20161212
Zillya 20161216
Zoner 20161216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-07 20:30:05
Entry Point 0x00001B45
Number of sections 3
PE sections
PE imports
AzGroupDelete
AzGetProperty
AzFreeMemory
AzGroupCreate
ConnectionRead
ConnectionClose
ConnectionError
ConnectionWrite
SetCurrentDirectoryW
GetModuleFileNameW
CreateMutexA
WaitForSingleObject
TlsAlloc
GetAtomNameA
LoadLibraryExA
CreateSemaphoreA
CreateDirectoryA
GetWindowsDirectoryA
GetConsoleTitleA
DeleteFileW
GetProcAddress
AddAtomW
GetFileTime
GetTempPathA
ReleaseSemaphore
GetStringTypeA
GetModuleHandleA
FindFirstFileA
FindResourceExW
GetProfileStringA
lstrcpynA
FindAtomW
GetGeoInfoW
SetSystemTime
GetProfileIntW
lstrcmpi
GetLogicalDriveStringsA
FindFirstVolumeA
GetCurrencyFormatA
GetFullPathNameW
GetThemeFont
IsAppThemed
EnableTheming
GetThemeSysColor
GetThemeAppProperties
DrawThemeEdge
GetCurrentThemeName
DrawThemeText
GetThemeSysInt
GetThemePartSize
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_FONT 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:07 21:30:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
158720

LinkerVersion
7.0

Warning
Possibly corrupt Version resource

EntryPoint
0x1b45

InitializedDataSize
6144

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e9b70e11de915ad92aa90361145d7b5e
SHA1 777d05f22066665522b944e2bdc6226aa4c67c84
SHA256 2dd562d8724b6e109c4bf466ab95ca532461b6f4a579cc1c3971545dd884ff03
ssdeep
3072:+Xk8VKR60Fa+j+bWhrGnFECBlexF40Ajdl4LAOd3Vcg39o4tTR:aajEpnhexudl5O/caC

authentihash 4fd453d9c99fd888a4fd473d66f60cd9f45583bb12bbbcfbc96bd086c88d8ea4
imphash c340a90388ec7aadbdbd348054fce3fa
File size 162.0 ك.ب ( 165888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-16 14:23:15 UTC ( 2 سنتان، 5 أشهر مضت )
Last submission 2016-12-16 14:23:15 UTC ( 2 سنتان، 5 أشهر مضت )
لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications