× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: 595336ba532f7cfa7ae1dd2d10eb9f927ce05d41e20ffb59d99683a2f36a3194
Име на файла: rm303b.exe
Съотношение на разпознаване: 0 / 47
Дата на анализиране: 2013-11-05 14:06:25 UTC (преди 5 години, 3 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Yandex 20131105
AhnLab-V3 20131105
AntiVir 20131105
Antiy-AVL 20131101
Avast 20131105
AVG 20131105
Baidu-International 20131105
BitDefender 20131105
Bkav 20131105
ByteHero 20131105
CAT-QuickHeal 20131105
ClamAV 20131105
Commtouch 20131105
Comodo 20131105
DrWeb 20131105
Emsisoft 20131105
ESET-NOD32 20131105
F-Prot 20131105
F-Secure 20131105
Fortinet 20131105
GData 20131105
Ikarus 20131105
Jiangmin 20131105
K7AntiVirus 20131104
K7GW 20131104
Kaspersky 20131105
Kingsoft 20130829
Malwarebytes 20131105
McAfee 20131105
McAfee-GW-Edition 20131105
Microsoft 20131105
eScan 20131028
NANO-Antivirus 20131105
Norman 20131105
nProtect 20131105
Panda 20131105
Rising 20131105
Sophos AV 20131105
SUPERAntiSpyware 20131105
Symantec 20131105
TheHacker 20131105
TotalDefense 20131104
TrendMicro 20131105
TrendMicro-HouseCall 20131105
VBA32 20131105
VIPRE 20131105
ViRobot 20131105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-08 06:27:53
Entry Point 0x00004CE3
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegDeleteKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
GetStdHandle
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
LocalFree
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
SetHandleCount
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetEnvironmentVariableA
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
OpenProcess
GetOEMCP
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
Process32First
DeleteFileA
GetWindowsDirectoryA
GetUserDefaultLCID
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
CloseHandle
GetACP
GetVersion
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetModuleFileNameExA
EnumProcesses
SetupCopyOEMInfA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupDiRemoveDevice
SetupCommitFileQueueA
SetupCloseInfFile
SetupQueueDeleteSectionA
SetupOpenFileQueue
SetupInitDefaultQueueCallback
SetupOpenInfFileA
SetupDiSetClassInstallParamsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiChangeState
SHDeleteKeyA
SendMessageA
FindWindowA
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:11:07 22:27:53-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4ce3

InitializedDataSize
45056

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 c7a963ffc45d1764a8c025a0e638f614
SHA1 172321d17aa96e8e97a5f9a0c20c69d76a299341
SHA256 595336ba532f7cfa7ae1dd2d10eb9f927ce05d41e20ffb59d99683a2f36a3194
ssdeep
1536:1TYiRSMNe6/ASqPtTp34MJoblS0qcrjkyBkb2J/FtXd2:VYiRSMNe6ISqrJoJnko02J/FtXd2

authentihash a98f7a18e850aa70117366ccfeb7fb3de03528fb9506fe2975994cd82cc4612b
imphash ae83a80c4bcfc1e8b97f526edab9879b
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2010-03-23 20:04:28 UTC (преди 8 години, 11 месеци)
Last submission 2019-01-17 00:27:11 UTC (преди 1 месец)
Имена на файла rm303b.exe
rm303bx64.exe
rm302.exe
RM303B.EXE
rm303b.exe
rm303bx64.exe
rm303b.exej
rm303bx64.exe
file-2881384_exe
rm302x64.exe
rm303b.exe
rm303bx64.exe
rm303bx64.exe
rm302x64.exe
rm302x64.exe
rm303b.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!