× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: 9f55faf0ab23d6de6c200fd9ee78810799f0abbd43d1ff5cb6987066ddda7754
Име на файла: FWDN_V7.exe
Съотношение на разпознаване: 0 / 62
Дата на анализиране: 2017-04-21 06:37:47 UTC (преди 3 месеци, 4 седмици)
Антивирусен софтуер Резултат Версия на обновление
Ad-Aware 20170421
AegisLab 20170421
AhnLab-V3 20170421
Alibaba 20170421
ALYac 20170421
Antiy-AVL 20170421
Arcabit 20170421
Avast 20170421
AVG 20170421
Avira (no cloud) 20170421
AVware 20170421
Baidu 20170421
BitDefender 20170421
Bkav 20170420
CAT-QuickHeal 20170421
ClamAV 20170421
CMC 20170421
Comodo 20170421
CrowdStrike Falcon (ML) 20170130
Cyren 20170421
DrWeb 20170421
Emsisoft 20170421
Endgame 20170419
ESET-NOD32 20170421
F-Prot 20170421
F-Secure 20170421
Fortinet 20170421
GData 20170421
Ikarus 20170420
Sophos ML 20170413
Jiangmin 20170421
K7AntiVirus 20170421
K7GW 20170421
Kaspersky 20170421
Kingsoft 20170421
Malwarebytes 20170421
McAfee 20170421
McAfee-GW-Edition 20170420
Microsoft 20170421
eScan 20170421
NANO-Antivirus 20170421
nProtect 20170421
Palo Alto Networks (Known Signatures) 20170421
Panda 20170420
Qihoo-360 20170421
Rising 20170421
SentinelOne (Static ML) 20170330
Sophos AV 20170421
SUPERAntiSpyware 20170421
Symantec 20170420
Symantec Mobile Insight 20170420
Tencent 20170421
TheHacker 20170420
TotalDefense 20170421
TrendMicro 20170421
TrendMicro-HouseCall 20170421
Trustlook 20170421
VBA32 20170420
VIPRE 20170421
ViRobot 20170421
Webroot 20170421
WhiteArmor 20170409
Yandex 20170420
Zillya 20170418
ZoneAlarm by Check Point 20170421
Zoner 20170421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) Telechips Inc,. All rights reserved.

Product FWDN V7
Original name FWDN_V7.exe
Internal name FWDN_V7.exe
File version 0.1.0.0
Description FWDN V7
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-27 09:15:24
Entry Point 0x0004F6B5
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
Ord(17)
InitCommonControlsEx
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
EnumFontFamiliesExA
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
Escape
SetBkColor
GetBkColor
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
FindResourceExA
GetCPInfo
GetOverlappedResult
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateThread
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
UnlockFile
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetLastError
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
DeleteFileA
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetTimeFormatA
FindNextFileA
DuplicateHandle
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetSystemWindowsDirectoryA
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
CancelIo
GetCurrentThread
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
SysAllocStringByteLen
VariantInit
UuidCreateSequential
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
DragFinish
ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
CommandLineToArgvW
PathGetDriveNumberA
PathFindExtensionA
PathIsPrefixA
PathIsUNCA
PathAddBackslashA
PathRemoveBackslashA
PathIsDirectoryA
PathCombineA
PathCanonicalizeA
PathFindFileNameA
PathIsRelativeA
PathStripToRootA
PathRemoveFileSpecA
RedrawWindow
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
ClientToScreen
GetActiveWindow
GetTopWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetSystemMetrics
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
IsDialogMessageA
MapWindowPoints
BeginPaint
SetFocus
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
RegisterDeviceNotificationA
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
PostThreadMessageA
GetAsyncKeyState
ReleaseDC
EndDialog
LoadMenuA
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnregisterDeviceNotification
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
InvalidateRect
DrawTextA
TranslateAcceleratorA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
CoInitializeEx
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoDisconnectObject
OleIsCurrentClipboard
Number of PE resources by type
RT_DIALOG 17
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
Struct(240) 5
RT_ICON 3
RT_ACCELERATOR 3
RT_MENU 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 50
KOREAN 30
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
217088

EntryPoint
0x4f6b5

OriginalFileName
FWDN_V7.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Telechips Inc,. All rights reserved.

FileVersion
0.1.0.0

TimeStamp
2012:02:27 10:15:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FWDN_V7.exe

ProductVersion
0.1.0.0

FileDescription
FWDN V7

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Telechips

CodeSize
421888

ProductName
FWDN V7

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7d4b8747c4201dcbf658f36f37c421fc
SHA1 c1bfdb6ce2e2275312bfa85afa41d2b7dedf318d
SHA256 9f55faf0ab23d6de6c200fd9ee78810799f0abbd43d1ff5cb6987066ddda7754
ssdeep
12288:RQp7sRkFiyS3vreVBiEhjWcqyr8Sq6suxGbu2pP8OCo:TkFiPvreVBiEhicqyr1q6suxGbu2pEi

authentihash 48c8c9dcf97099c25d78a4ae1da30f77025d9ef623184a2991b5b8b997090a3d
imphash 58dbeb3385fdb043a902bfbc8ab1b4eb
File size 628.0 KB ( 643072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-21 13:45:24 UTC (преди 4 години, 5 месеци)
Last submission 2013-02-21 13:45:24 UTC (преди 4 години, 5 месеци)
Имена на файла FWDN_V7.exe
FWDN_V7_v2.23.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.