× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: 892d30fff31844196a4639f820f5b89debfab05d5e848d5ddd0eb69be71a3e57
إسم الملف: clean.exe
نسبة الفحص: 25 / 61
تاريخ الفحص 2017-04-27 03:14:19 UTC ( 4 أشهر، 3 أسابيع مضت ) مشاهدة الأخير
مكافح الفيروسات النتيجة التحديث
Ad-Aware Trojan.GenericKD.4937789 20170427
AegisLab Uds.Dangerousobject.Multi!c 20170427
Arcabit Trojan.Generic.D4B583D 20170427
Avast Win32:Malware-gen 20170427
Avira (no cloud) TR/Swisyn.glbyu 20170426
Baidu Multi.Threats.InArchive 20170426
BitDefender Trojan.GenericKD.4937789 20170427
CAT-QuickHeal Trojan.Swisyn 20170426
CrowdStrike Falcon (ML) malicious_confidence_63% (D) 20170130
Emsisoft Trojan.GenericKD.4937789 (B) 20170427
F-Secure Trojan.GenericKD.4937789 20170427
GData Win32.Trojan.Agent.ZF1OS2 20170427
Sophos ML trojanclicker.win32.clikug.e 20170413
K7AntiVirus Riskware ( 0040eff71 ) 20170426
K7GW Riskware ( 0040eff71 ) 20170426
Kaspersky Trojan.Win32.Swisyn.fqfl 20170427
McAfee Artemis!A80E40D953E7 20170427
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.vc 20170427
eScan Trojan.GenericKD.4937789 20170426
Palo Alto Networks (Known Signatures) generic.ml 20170427
Rising Malware.Undefined!8.C (cloud:tZfS4VCPqeH) 20170426
Symantec Trojan.Gen.2 20170426
TrendMicro-HouseCall Suspicious_GEN.F47V0421 20170427
Webroot W32.Pdf.Exploit 20170427
ZoneAlarm by Check Point Trojan.Win32.Swisyn.fqfl 20170427
AhnLab-V3 20170426
Alibaba 20170427
ALYac 20170427
Antiy-AVL 20170427
AVG 20170427
AVware 20170427
Bkav 20170426
ClamAV 20170426
CMC 20170421
Comodo 20170427
Cyren 20170427
DrWeb 20170427
Endgame 20170419
ESET-NOD32 20170427
F-Prot 20170427
Fortinet 20170427
Ikarus 20170426
Jiangmin 20170425
Kingsoft 20170427
Malwarebytes 20170427
Microsoft 20170427
NANO-Antivirus 20170427
nProtect 20170427
Panda 20170426
Qihoo-360 20170427
SentinelOne (Static ML) 20170330
Sophos AV 20170427
SUPERAntiSpyware 20170427
Symantec Mobile Insight 20170427
Tencent 20170427
TheHacker 20170424
TrendMicro 20170427
Trustlook 20170427
VBA32 20170426
VIPRE 20170427
ViRobot 20170427
WhiteArmor 20170409
Yandex 20170426
Zillya 20170426
Zoner 20170427
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product ghazl2017 Chat
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:13
Entry Point 0x0000312A
Number of sections 5
PE sections
Overlays
MD5 83a95789a2c34a8ae4b9f9acc7c57f61
File type data
Offset 49664
Size 2124787
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.2.1.24

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
164864

EntryPoint
0x312a

MIMEType
application/octet-stream

TimeStamp
2016:04:02 04:20:13+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2.1.24

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
ghazl2017 Chat

ProductVersionNumber
3.2.1.24

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a80e40d953e7a7551a206f1084d50e4e
SHA1 57a285e4c8d5a65722921d94048e241668ecdc48
SHA256 892d30fff31844196a4639f820f5b89debfab05d5e848d5ddd0eb69be71a3e57
ssdeep
49152:yJ5bSjPL7Cz/sArLc4e+iGvG9E6lQESO1iG6IKI:iSjz7Cz/sUlHvG9xlQEJ1h

authentihash 259f306123bf14c35948e0a1a42aa74c0efb008e1428ae6db1bbbc0f913d32d0
imphash b76363e9cb88bf9390860da8e50999d2
File size 2.1 م.ب ( 2174451 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-04-21 02:51:48 UTC ( 5 أشهر مضت )
Last submission 2017-09-12 01:11:35 UTC ( 1 أسبوع، 2 يومان مضت )
أسماء الملفات clean.exe
clean.exe
clean.exe
clean_3.exe
Behaviour characterization
Zemana
dll-injection

لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Runtime DLLs
UDP communications