× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: bd9a3d09c31a034a9434a5f182624b70e418ed4421ee991069d3b47a156bd6ba
Име на файла: output.106982438.txt
Съотношение на разпознаване: 7 / 56
Дата на анализиране: 2017-02-03 03:10:13 UTC (преди 2 години, 3 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
AegisLab Uds.Dangerousobject.Multi!c 20170203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20170125
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20170130
Sophos ML virtool.win32.injector.ge 20170111
Kaspersky UDS:DangerousObject.Multi.Generic 20170203
Qihoo-360 HEUR/QVM10.1.ED81.Malware.Gen 20170203
Symantec ML.Attribute.HighConfidence 20170202
Ad-Aware 20170203
AhnLab-V3 20170202
Alibaba 20170122
ALYac 20170203
Antiy-AVL 20170203
Arcabit 20170203
Avast 20170203
AVG 20170202
Avira (no cloud) 20170202
AVware 20170203
BitDefender 20170203
CAT-QuickHeal 20170202
ClamAV 20170203
CMC 20170202
Comodo 20170203
Cyren 20170202
DrWeb 20170203
Emsisoft 20170203
ESET-NOD32 20170203
F-Prot 20170203
F-Secure 20170203
Fortinet 20170203
GData 20170203
Ikarus 20170202
Jiangmin 20170203
K7AntiVirus 20170203
K7GW 20170203
Kingsoft 20170203
Malwarebytes 20170203
McAfee 20170203
McAfee-GW-Edition 20170203
Microsoft 20170203
eScan 20170203
NANO-Antivirus 20170202
nProtect 20170202
Panda 20170202
Rising 20170203
Sophos AV 20170202
SUPERAntiSpyware 20170203
Tencent 20170203
TheHacker 20170202
TotalDefense 20170202
TrendMicro 20170203
TrendMicro-HouseCall 20170203
Trustlook 20170203
VBA32 20170202
VIPRE 20170203
ViRobot 20170202
WhiteArmor 20170202
Yandex 20170203
Zillya 20170201
Zoner 20170203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Horizon DataSys Inc All rights reserved.

Product RollBack Rx Professional
Original name ShdCfg.exe
Internal name ShdCfg
File version 1.2.0.3
Description INI Wizard
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-02 07:57:15
Entry Point 0x000075C7
Number of sections 6
PE sections
PE imports
GetTokenInformation
LookupAccountNameA
LookupPrivilegeValueA
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken
CryptGetUserKey
FreeSid
CopySid
GetNamedSecurityInfoA
CryptGetDefaultProviderA
AllocateAndInitializeSid
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetFileSecurityA
LookupAccountNameW
GetLengthSid
SetSecurityDescriptorSacl
AVIStreamGetFrameClose
AVIStreamOpenFromFileA
AVIFileInit
AVIStreamGetFrame
AVIFileExit
AVIStreamRelease
AVIStreamInfoA
ImageList_Create
Ord(17)
CryptHashPublicKeyInfo
CreateFontIndirectW
PatBlt
CreateFontIndirectA
GetPaletteEntries
CreateRectRgnIndirect
CombineRgn
EnumFontsA
GetObjectA
ExcludeClipRect
DeleteDC
SetBkMode
BitBlt
CreateDIBSection
GetCurrentObject
SelectClipPath
GetStockObject
ScaleWindowExtEx
CreateCompatibleDC
ScaleViewportExtEx
CreateRectRgn
SelectObject
SetDIBColorTable
GetFontData
DeleteObject
GetTcpTable
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
lstrcatA
CreateDirectoryA
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
FormatMessageA
GetStartupInfoA
SetStdHandle
CompareStringW
RaiseException
CloseHandle
WideCharToMultiByte
GetFileAttributesA
GetStringTypeA
SetFilePointer
ReadFile
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
SetConsoleTitleA
CompareStringA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
LocalFree
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
LocalAlloc
WriteConsoleW
LeaveCriticalSection
DrawDibClose
DrawDibOpen
DrawDibDraw
glShadeModel
glEnable
glClearColor
glDepthFunc
glHint
glClearDepth
SetupDiGetSelectedDriverA
SetupDiGetDriverInfoDetailA
SetupDiGetClassDevsA
PathCompactPathA
MapWindowPoints
GetCursorPos
GetScrollInfo
BeginPaint
OffsetRect
SetCaretPos
KillTimer
GetIconInfo
ShowWindow
LoadBitmapA
GetSystemMetrics
AppendMenuA
GetWindowRect
EnableWindow
SetMenu
PostMessageA
SetMenuItemInfoA
GetDlgItemTextA
WindowFromPoint
MessageBoxA
GetWindowDC
IsWindowEnabled
EndDialog
SetScrollInfo
InsertMenuItemA
EndDeferWindowPos
ReleaseDC
CreatePopupMenu
GetMenu
SendMessageA
GetClientRect
CreateMenu
GetDlgItem
DrawMenuBar
ClientToScreen
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowTextA
GetMenuItemInfoA
IsDlgButtonChecked
DeferWindowPos
GetDC
EndPaint
GetWindowTextA
RegisterClassExA
PtInRect
CreateEnvironmentBlock
GetAppliedGPOListA
GetGPOListA
ConnectToPrinterDlg
WTHelperProvDataFromStateData
WinVerifyTrust
WTSEnumerateSessionsA
WTSFreeMemory
Number of PE resources by type
RT_GROUP_CURSOR 8
RT_ICON 7
RT_CURSOR 7
UNICODEDATA 6
BIN 3
Struct(240) 3
Struct(241) 3
IMG 2
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 43
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
INI Wizard

ImageFileCharacteristics
Executable, No symbols, Large address aware, [6], No debug, Removable run from swap, System file

CharacterSet
Unicode

InitializedDataSize
275968

EntryPoint
0x75c7

OriginalFileName
ShdCfg.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Horizon DataSys Inc All rights reserved.

FileVersion
1.2.0.3

TimeStamp
2017:02:02 08:57:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ShdCfg

ProductVersion
1.2.0.3

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Horizon DataSys Inc

CodeSize
102912

ProductName
RollBack Rx Professional

ProductVersionNumber
1.2.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fbe08cc20207d5c4f61757484568b9b0
SHA1 6d8e0490a7cb768fa0895c5a907b0e0b722e1eb9
SHA256 bd9a3d09c31a034a9434a5f182624b70e418ed4421ee991069d3b47a156bd6ba
ssdeep
6144:axXJ/Kda/zF8OgQaXhbD2ZuV6L3hXmUBpbrdmc/klwQBG1LznBHDTBrEpt4IQXZo:axXJ/6GFTlaXZ6L3IqJJmc/SwQg1LznU

authentihash 6eae457a7609c9e749ed31bba6390fe88f8285362cc9c73cd05ab4377ba9864e
imphash 5a626d52ad593b2dba68a913102b994e
File size 371.0 KB ( 379904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-03 00:46:14 UTC (преди 2 години, 3 месеци)
Last submission 2018-08-09 17:55:39 UTC (преди 9 месеци, 2 седмици)
Имена на файла 980.png
2017.2.3-05.Ransom.Actualclinic.exe1
8f1f27be7315.png
89bf68d1a0590.png
3[1].png.2116887346.DROPPED
a1.exe
45d8c4cfd3d167.png
87e818ed609d809.png
ShdCfg.exe
Actualclinic.exe
66f11177cf33.png
e9fe1626.png
2a052c28a1.png
eb273.png
output.106982438.txt
09.png
9.png
fbe08cc20207d5c4f61757484568b9b0.virobj
A1.EXE
a513812.png
9c061c8aa1.png
f94.png
992ae897302.png
9521b742759378.png
ShdCfg
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications