× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: 0d0d9ba70ab502cd1a61d0913ae9e9853131079e22881a2f527bf699029824ad
Име на файла: SubSeven.exe
Съотношение на разпознаване: 33 / 57
Дата на анализиране: 2015-03-04 05:12:17 UTC (преди 3 години, 11 месеци)
Антивирусен софтуер Резултат Версия на обновление
Ad-Aware Application.Hacktool.AK 20150304
Yandex Trojan.MPass!hlb+5+XcTlo 20150228
AhnLab-V3 Win-Trojan/Securisk 20150303
Antiy-AVL RiskWare[RemoteAdmin:not-a-virus]/Win32.Svn 20150304
Avast Win32:PSWtool-N [PUP] 20150304
AVG HackTool.MQB 20150304
Avira (no cloud) SPR/MSNPass.T 20150304
Baidu-International Hacktool.Win32.Svn.a 20150303
BitDefender Application.Hacktool.AK 20150304
Comodo UnclassifiedMalware 20150304
Cyren W32/Trojan.SZDT-0467 20150304
DrWeb BackDoor.SubSeven.160 20150304
ESET-NOD32 a variant of Win32/MPass.B potentially unsafe 20150304
F-Prot W32/Trojan4.CAW 20150304
F-Secure Application.Hacktool.AK 20150304
Fortinet Riskware/PassView 20150304
GData Application.Hacktool.AK 20150304
Ikarus not-a-virus:PSWTool.Win32.PassView.b 20150304
Kaspersky not-a-virus:RemoteAdmin.Win32.Svn.a 20150304
Kingsoft Win32.Troj.Svn.a.(kcloud) 20150304
McAfee Artemis!7930280BC3E4 20150304
McAfee-GW-Edition BehavesLike.Win32.Ipamor.dc 20150304
Microsoft HackTool:Win32/Passview 20150304
eScan Application.Hacktool.AK 20150304
NANO-Antivirus Riskware.Win32.MailPassView.bjlnn 20150304
Norman Suspicious_Gen2.UBVLU 20150303
nProtect Trojan/W32.Agent.933376.G 20150303
Qihoo-360 Win32/Virus.RemoteAdmin.b58 20150304
Rising PE:HackTool.IEPassView!1.68FF 20150303
Sophos AV Messen 20150304
Symantec Backdoor.IRC.Bot 20150304
VBA32 Trojan-Spy.IEPV 20150303
VIPRE Nirsoft Password Recovery (not malicious) 20150304
AegisLab 20150304
Alibaba 20150304
ALYac 20150304
AVware 20150304
Bkav 20150303
ByteHero 20150304
CAT-QuickHeal 20150303
ClamAV 20150304
CMC 20150304
Emsisoft 20150304
Jiangmin 20150303
K7AntiVirus 20150303
K7GW 20150304
Malwarebytes 20150304
Panda 20150303
SUPERAntiSpyware 20150303
Tencent 20150304
TheHacker 20150303
TotalDefense 20150303
TrendMicro 20150304
TrendMicro-HouseCall 20150304
ViRobot 20150304
Zillya 20150303
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command Aspack
F-PROT Aspack, UPX
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00290001
Number of sections 10
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
@Borlndmm@SysGetMem$qqri
ImageList_SetIconSize
ChooseColorA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
acmStreamUnprepareHeader
CoTaskMemAlloc
SysFreeString
SafeArrayPtrOfIndex
Shell_NotifyIconA
CreateWindowExA
GetKeyboardType
VerQueryValueA
InternetReadFile
waveOutWrite
OpenPrinterA
WSACleanup
Number of PE resources by type
RT_RCDATA 31
RT_STRING 24
RT_BITMAP 21
RT_GROUP_CURSOR 9
RT_CURSOR 9
READ101 6
RT_DIALOG 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 101
ENGLISH AUS 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1028096

LinkerVersion
2.25

EntryPoint
0x290001

InitializedDataSize
1500672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7930280bc3e47fe2f2c00138e720c983
SHA1 738353879501f5ae283498589e73bebe5663e82e
SHA256 0d0d9ba70ab502cd1a61d0913ae9e9853131079e22881a2f527bf699029824ad
ssdeep
12288:fP8M9wmqJlkgGW7mYtuAvN3O/0bdK7PvQSJ4aROk5DiJSj5uoNeQ898Ashqder:tw7JlkumGxFPY7Afaskswu9Q8IqU

authentihash d933bb90394f1eaf032a3d76751ee75abbdd137715ed3156d2c40297e0534b79
imphash 179aa6d2d4a5b0ebe1a6e1c1a3732565
File size 911.5 KB ( 933376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID ASPack compressed Win32 Executable (generic) (92.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
Tags
peexe aspack upx

VirusTotal metadata
First submission 2010-03-09 22:38:58 UTC (преди 8 години, 11 месеци)
Last submission 2015-03-04 05:12:17 UTC (преди 3 години, 11 месеци)
Имена на файла SubSeven.exe
SubSeven.exe
file-1117254_exe
SubSeven.exe
cc45ab4f6fdfd878
SubSeven.exe
SubSeven.ex
Creativerse.exe
SubSeven.exe
738353879501f5ae283498589e73bebe5663e82e
smona132024291198394449519
file-4444090_txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!