× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: df37d9669c6cc9683b1769b811bf418cc889aeea8283ddcf8b874994771121cd
Име на файла: 8.exe
Съотношение на разпознаване: 26 / 56
Дата на анализиране: 2016-09-02 16:30:57 UTC (преди 2 години, 7 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
AegisLab Troj.Downloader.W32.Agent!c 20160902
Antiy-AVL RiskWare[Downloader:not-a-virus]/Win32.AdLoad 20160902
AVG Agent 20160902
Avira (no cloud) ADWARE/ELEX.Gen7 20160902
AVware Trojan.Win32.Generic!BT 20160902
CAT-QuickHeal Adware.SupTab 20160902
Comodo ApplicUnwnt.Win32.Gen.a 20160902
DrWeb Adware.Mutabaha.1792 20160902
Fortinet PossibleThreat 20160902
GData Win32.Trojan.Agent.GCVMT0 20160902
Sophos ML virus.win32.sality.at 20160830
K7AntiVirus Riskware ( 0040eff71 ) 20160902
K7GW Riskware ( 0040eff71 ) 20160902
Kaspersky Trojan-Downloader.Win32.Agent.wupeg 20160902
McAfee RDN/Generic.grp 20160902
McAfee-GW-Edition RDN/Generic.grp 20160902
Panda PUP/SupTab 20160902
Sophos AV Mal/Generic-S 20160902
Symantec Trojan.Gen.2 20160902
Tencent Win32.Trojan-downloader.Agent.Wnlq 20160902
TrendMicro TROJ_GEN.R00JC0EHQ16 20160902
TrendMicro-HouseCall TROJ_GEN.R00JC0EHQ16 20160902
VBA32 suspected of Trojan.Downloader.gen.h 20160902
VIPRE Trojan.Win32.Generic!BT 20160831
ViRobot Trojan.Win32.Z.Agent.355608[h] 20160902
Zillya Downloader.Agent.Win32.313371 20160902
Ad-Aware 20160902
AhnLab-V3 20160902
Alibaba 20160901
ALYac 20160902
Arcabit 20160902
Avast 20160902
Baidu 20160902
BitDefender 20160902
Bkav 20160901
ClamAV 20160902
CMC 20160901
Cyren 20160902
Emsisoft 20160902
ESET-NOD32 20160902
F-Prot 20160902
F-Secure 20160902
Ikarus 20160902
Jiangmin 20160902
Kingsoft 20160902
Malwarebytes 20160902
Microsoft 20160902
eScan 20160902
NANO-Antivirus 20160902
nProtect 20160902
Qihoo-360 20160902
Rising 20160902
SUPERAntiSpyware 20160901
TheHacker 20160902
Yandex 20160901
Zoner 20160902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 10:18 PM 8/21/2016
Signers
[+] Dening Hu
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer thawte SHA256 Code Signing CA
Valid from 11:00 PM 08/15/2016
Valid to 10:59 PM 06/08/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 61DEFF39CA47A7D5DCE7CAF6E2538C3057D9C14C
Serial number 6D C8 6E BF 58 63 56 8E 22 37 B2 D8 95 82 D7 05
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 11/17/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-22 06:10:31
Entry Point 0x00021064
Number of sections 4
PE sections
Overlays
MD5 0399477d94cd7be3d57fd748bb6eac24
File type data
Offset 349696
Size 5912
Entropy 7.40
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
ControlService
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
CloseServiceHandle
ChangeServiceConfig2W
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
StartServiceW
RegSetValueExW
OpenSCManagerW
StartServiceCtrlDispatcherW
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetVolumeInformationW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
OutputDebugStringW
FindClose
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
DeviceIoControl
TlsGetValue
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
GetTimeFormatW
ExpandEnvironmentStringsW
FindFirstFileW
IsValidLocale
GetProcAddress
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
WinExec
Process32NextW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetSystemDefaultLangID
RaiseException
UnhandledExceptionFilter
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
CreateProcessW
Sleep
PathAppendW
SHDeleteKeyW
wsprintfW
CreateEnvironmentBlock
DestroyEnvironmentBlock
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCrackUrlW
HttpSendRequestW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
HttpOpenRequestW
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 10
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:21 23:10:31-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
267776

LinkerVersion
11.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
98816

SubsystemVersion
5.1

EntryPoint
0x21064

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 d1222e6307d372bad165724e3a1d7368
SHA1 3da12ec810c5e4fdf7c0f4b93fed3b25fde535e0
SHA256 df37d9669c6cc9683b1769b811bf418cc889aeea8283ddcf8b874994771121cd
ssdeep
6144:DI6GvvRmuYncudVeMn1ZnK7V7UNexgBniwK2JwphgMC:5uYncudX1ftcwKkwvC

authentihash a2686ef6aad6a5fa2ca6c223d76534210032032c5366a77af2628e7489f2b66b
imphash c9f927b845c56a6e2ef48413d1d9656b
File size 347.3 KB ( 355608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-08-22 08:36:16 UTC (преди 2 години, 8 месеци)
Last submission 2018-05-06 17:49:24 UTC (преди 11 месеци, 3 седмици)
Имена на файла df37d9669c6cc9683b1769b811bf418cc889aeea8283ddcf8b874994771121cd.exe
1 WinSaber.exe
saber.exe
WinSaber.exe
winsaber.exe
winsaber.exe
8.exe
WinSaber.exe
saber.exe
df37d9669c6cc9683b1769b811bf418cc889aeea8283ddcf8b874994771121cd.exe
8.exe
d1222e6307d372bad165724e3a1d7368
8.exe
saber.exe
WinSaber.exe
1 WinSaber.exe
WinSaber.exe
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications