× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: e5a12b8b9abd1c2fcde9efe383c930ef68affc5c9050f5d11b05f960508a8f02
Име на файла: Word.exe
Съотношение на разпознаване: 14 / 56
Дата на анализиране: 2015-09-18 22:21:36 UTC (преди 3 години, 7 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Ad-Aware Gen:Variant.Kazy.730591 20150918
ALYac Gen:Variant.Kazy.730591 20150918
Arcabit Trojan.Kazy.DB25DF 20150918
Avast Win32:Malware-gen 20150918
AVG Atros2.URE 20150918
BitDefender Gen:Variant.Kazy.730591 20150918
DrWeb Trojan.Fsysna.3434 20150918
Emsisoft Gen:Variant.Kazy.730591 (B) 20150918
ESET-NOD32 a variant of MSIL/Kryptik.CNH 20150918
F-Secure Gen:Variant.Kazy.730591 20150918
GData Gen:Variant.Kazy.730591 20150918
Malwarebytes Backdoor.Agent.ASMGen 20150918
eScan Gen:Variant.Kazy.730591 20150918
Rising PE:Malware.RDM.12!5.12[F1] 20150918
AegisLab 20150918
Yandex 20150917
AhnLab-V3 20150918
Alibaba 20150918
Antiy-AVL 20150918
Avira (no cloud) 20150918
AVware 20150918
Baidu-International 20150918
Bkav 20150918
ByteHero 20150918
CAT-QuickHeal 20150918
ClamAV 20150918
CMC 20150916
Comodo 20150918
Cyren 20150918
F-Prot 20150918
Fortinet 20150918
Ikarus 20150918
Jiangmin 20150916
K7AntiVirus 20150918
K7GW 20150918
Kaspersky 20150918
Kingsoft 20150918
McAfee 20150918
McAfee-GW-Edition 20150918
Microsoft 20150918
NANO-Antivirus 20150918
nProtect 20150918
Panda 20150918
Qihoo-360 20150918
Sophos AV 20150918
SUPERAntiSpyware 20150918
Symantec 20150918
Tencent 20150918
TheHacker 20150916
TrendMicro 20150918
TrendMicro-HouseCall 20150918
VBA32 20150918
VIPRE 20150918
ViRobot 20150918
Zillya 20150918
Zoner 20150918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
????????????????????

Publisher ????????????????????
Product ???????????????????
Original name Assembly Changer.exe
Internal name Assembly Changer.exe
File version 35.37.88.62
Description ????????????????????
Comments ????????????????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-18 21:15:41
Entry Point 0x0000956E
Number of sections 4
.NET details
Module Version ID b65efd3b-f7c8-4829-8a45-7e919fe6efd8
TypeLib ID 21d3b916-8e1b-4338-aeeb-212ae985545a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
407552

ImageVersion
0.0

FileVersionNumber
35.37.88.62

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
Assembly Changer.exe

MIMEType
application/octet-stream

FileVersion
35.37.88.62

TimeStamp
2015:09:18 22:15:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Assembly Changer.exe

ProductVersion
35.37.88.62

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
30208

FileSubtype
0

ProductVersionNumber
35.37.88.62

EntryPoint
0x956e

ObjectFileType
Executable application

AssemblyVersion
66.47.92.34

Compressed bundles
File identification
MD5 8bab508a7f797c281ab0d81923f6eaf6
SHA1 83c67f7a93178e3a46f2fc158dd926ee1a8f85cc
SHA256 e5a12b8b9abd1c2fcde9efe383c930ef68affc5c9050f5d11b05f960508a8f02
ssdeep
3072:3AcxPzmSfBtOQCRRrPIxoMpH5zCixcMBb:wY9f6Q8exoMPCwcM

authentihash 91354dd6bbf405dd4984db8feab84ad61be7465b34c3a6af6c25b65c956ddc53
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 428.5 KB ( 438784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Win16/32 Executable Delphi generic (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-09-18 22:21:36 UTC (преди 3 години, 7 месеци)
Last submission 2015-09-19 13:04:02 UTC (преди 3 години, 7 месеци)
Имена на файла Assembly Changer.exe
Word.exe
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests