× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: bb58953495d1e4c0791b73abd59930c6240036d152d93c1c5dab3ebce84e50d1
Име на файла: $_18_$_14_$_6_$_2_
Съотношение на разпознаване: 38 / 53
Дата на анализиране: 2015-12-20 22:42:47 UTC (преди 2 години, 5 месеци)
Антивирусен софтуер Резултат Версия на обновление
Ad-Aware Trojan.GenericKDZ.25969 20151220
Yandex Trojan.Injector!cOq3IFdL8XI 20151220
AhnLab-V3 Dropper/Win32.Necurs 20151220
Antiy-AVL Trojan[Ransom]/Win32.Gimemo 20151220
Avast Win32:GenMalicious-ACC [Trj] 20151220
AVG Inject2.AVEL 20151220
Avira (no cloud) TR/Spy.ZBot.ikaab 20151220
AVware Trojan.Win32.Generic!BT 20151220
Baidu-International Trojan.Win32.Injector.BLST 20151220
BitDefender Trojan.GenericKDZ.25969 20151220
ByteHero Trojan.Malware.Obscu.Gen.006 20151220
CAT-QuickHeal Trojan.Bunitu.017437 20151219
Comodo UnclassifiedMalware 20151219
DrWeb Trojan.Winlock.8004 20151220
ESET-NOD32 a variant of Win32/Injector.BLPH 20151220
F-Secure Trojan.GenericKDZ.25969 20151218
Fortinet W32/Dropper.CZR!tr 20151220
GData Trojan.GenericKDZ.25969 20151220
Ikarus Trojan-Downloader.Win32.Zurgop 20151220
K7AntiVirus Trojan ( 004a98e31 ) 20151220
K7GW Trojan ( 004a98e31 ) 20151220
Kaspersky HEUR:Trojan.Win32.Generic 20151220
Malwarebytes Trojan.Agent.ED 20151220
McAfee Zemot-FAJN!BC183D917BC4 20151220
McAfee-GW-Edition Zemot-FAJN!BC183D917BC4 20151220
Microsoft Trojan:Win32/Carberp.I 20151220
eScan Trojan.GenericKDZ.25969 20151220
NANO-Antivirus Trojan.Win32.Goo.dewbnv 20151220
nProtect Trojan-Downloader/W32.Goo.82432.C 20151218
Panda Trj/Chgt.F 20151220
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151220
Sophos AV Mal/Wonton-S 20151220
Symantec Downloader 20151220
Tencent Win32.Trojan-downloader.Goo.Pfjc 20151220
TrendMicro TROJ_DOFOIL.SM03 20151220
TrendMicro-HouseCall TROJ_DOFOIL.SM03 20151220
VBA32 BScope.P2P-Worm.Palevo 20151218
VIPRE Trojan.Win32.Generic!BT 20151219
AegisLab 20151220
Alibaba 20151208
Arcabit 20151220
Bkav 20151219
ClamAV 20151219
CMC 20151217
Cyren 20151220
F-Prot 20151220
Jiangmin 20151220
SUPERAntiSpyware 20151220
TheHacker 20151220
TotalDefense 20151220
ViRobot 20151220
Zillya 20151220
Zoner 20151220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-06 18:47:57
Entry Point 0x000045DD
Number of sections 4
PE sections
PE imports
GetUserNameA
GetUserNameW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
GetStringTypeA
GetStartupInfoW
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CreateMutexW
OpenMutexW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
GetCurrentThreadId
OutputDebugStringA
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
CommandLineToArgvW
GetDesktopWindow
GetWindowTextA
IsWindowUnicode
GetProcessDefaultLayout
GetForegroundWindow
Number of PE resources by type
RT_MESSAGETABLE 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:06 19:47:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38400

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
43008

SubsystemVersion
5.0

EntryPoint
0x45dd

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 bc183d917bc4dcffa954adb437bdcb96
SHA1 4bc2310470491cec8d589de21c5657f0bcc1b310
SHA256 bb58953495d1e4c0791b73abd59930c6240036d152d93c1c5dab3ebce84e50d1
ssdeep
1536:wBMbYhZGUC0ua1LDI9G4Gotz5UR6g+s3ppxGIlDS5Xi:zYhQ9DyLf4ltz5fg+QxYNi

authentihash e5cc0a77a3ac22283dc621f3c22ff72530d60fbe48539172eb23b8c6f05f2ccf
imphash 55e8c976d96ba79706da667c22a1eba3
File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-09 23:31:21 UTC (преди 3 години, 8 месеци)
Last submission 2015-12-20 22:42:47 UTC (преди 2 години, 5 месеци)
Имена на файла $_18_$_14_$_6_$_2_
nvid_upd.exe
bb58953495d1e4c0791b73abd59930c6240036d152d93c1c5dab3ebce84e50d1.vir
bb58953495d1e4c0791b73abd59930c6240036d152d93c1c5dab3ebce84e50d1.exe
4eea919e66a883afc1130b527d63da742df6b43565f1438c0923d1a3c0a18ab3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs