× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: 1031604df27f1f1d0be26477ed57bc629fce92c9a460f0495baef1344e14e6ff
Име на файла: citadel.exe
Съотношение на разпознаване: 10 / 47
Дата на анализиране: 2013-07-10 11:55:54 UTC (преди 5 години, 10 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Yandex TrojanSpy.Zbot!iRs0WDQYZpo 20130710
AntiVir TR/Crypt.XPACK.Gen2 20130710
Avast Win32:Malware-gen 20130710
AVG Zbot.ALO 20130710
ESET-NOD32 a variant of Win32/Spy.Zbot 20130710
Ikarus Trojan.Win32.Lebag 20130710
Malwarebytes Hacktool.Citadel.Builder 20130710
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.F 20130710
TrendMicro Cryp_Xin1 20130710
TrendMicro-HouseCall Cryp_Xin1 20130710
AhnLab-V3 20130710
Antiy-AVL 20130710
BitDefender 20130710
ByteHero 20130613
CAT-QuickHeal 20130708
ClamAV 20130710
Commtouch 20130710
Comodo 20130709
DrWeb 20130710
Emsisoft 20130710
eSafe 20130709
F-Prot 20130710
F-Secure 20130710
Fortinet 20130710
GData 20130710
Jiangmin 20130710
K7AntiVirus 20130709
K7GW 20130709
Kaspersky 20130710
Kingsoft 20130708
McAfee 20130710
Microsoft 20130710
eScan 20130710
NANO-Antivirus 20130710
Norman 20130708
nProtect 20130710
Panda 20130710
PCTools 20130710
Rising 20130709
Sophos AV 20130710
SUPERAntiSpyware 20130710
Symantec 20130710
TheHacker 20130710
TotalDefense 20130710
VBA32 20130710
VIPRE 20130710
ViRobot 20130710
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-08 19:14:27
Entry Point 0x000B6540
Number of sections 3
PE sections
PE imports
GetLengthSid
InitCommonControlsEx
GetOpenFileNameW
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VariantClear
ShellExecuteW
StrCmpNIA
EndPaint
GdipFree
CoInitialize
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_GROUP_ICON 1
JPG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
FileAccessDate
2014:12:20 15:25:40+01:00

FileCreateDate
2014:12:20 15:25:40+01:00

File identification
MD5 a33fb3c7884050642202e39cd7f177e0
SHA1 5e0198defc7524929e53808bd737977bde3b93f8
SHA256 1031604df27f1f1d0be26477ed57bc629fce92c9a460f0495baef1344e14e6ff
ssdeep
12288:V2syq0zYpoi9xihtKUCDvXqVaeEpac45vTTjIFGGnubwHYUMyBkNBo7s/m0hoS:VRcYpR9UO1DqIifjIFGg/HYNy+g7se0

authentihash 1a091769a2c4073175f4640d2f9bba8e219c3641fcdbb2c1ccb350ab8ed271a1
imphash 6171636b0c7bc1a9a8263eb76e0e3d19
File size 669.0 KB ( 685056 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (38.8%)
DOS Executable Borland Pascal 7.0x (17.5%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Music Craft Score (8.6%)
Tags
upx mz

VirusTotal metadata
First submission 2013-07-10 11:55:54 UTC (преди 5 години, 10 месеци)
Last submission 2018-08-10 22:44:18 UTC (преди 9 месеци, 1 седмица)
Имена на файла 1.3.5.1 - boom.exe.ubqu
1031604df27f1f1d_citadel.exe
citadel.exe
1.3.5.1 - boom.exe
citadel.exe
a33fb3c7884050642202e39cd7f177e0.virobj
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!