| SHA256: | e5a12b8b9abd1c2fcde9efe383c930ef68affc5c9050f5d11b05f960508a8f02 |
| Име на файла: | Word.exe |
| Съотношение на разпознаване: | 14 / 56 |
| Дата на анализиране: | 2015-09-18 22:21:36 UTC (преди 3 години, 5 месеци) Преглед на последния |
| Антивирусен софтуер | Резултат | Версия на обновление |
|---|---|---|
| Ad-Aware | Gen:Variant.Kazy.730591 | 20150918 |
| ALYac | Gen:Variant.Kazy.730591 | 20150918 |
| Arcabit | Trojan.Kazy.DB25DF | 20150918 |
| Avast | Win32:Malware-gen | 20150918 |
| AVG | Atros2.URE | 20150918 |
| BitDefender | Gen:Variant.Kazy.730591 | 20150918 |
| DrWeb | Trojan.Fsysna.3434 | 20150918 |
| Emsisoft | Gen:Variant.Kazy.730591 (B) | 20150918 |
| ESET-NOD32 | a variant of MSIL/Kryptik.CNH | 20150918 |
| F-Secure | Gen:Variant.Kazy.730591 | 20150918 |
| GData | Gen:Variant.Kazy.730591 | 20150918 |
| Malwarebytes | Backdoor.Agent.ASMGen | 20150918 |
| eScan | Gen:Variant.Kazy.730591 | 20150918 |
| Rising | PE:Malware.RDM.12!5.12[F1] | 20150918 |
| AegisLab | 20150918 | |
| Yandex | 20150917 | |
| AhnLab-V3 | 20150918 | |
| Alibaba | 20150918 | |
| Antiy-AVL | 20150918 | |
| Avira (no cloud) | 20150918 | |
| AVware | 20150918 | |
| Baidu-International | 20150918 | |
| Bkav | 20150918 | |
| ByteHero | 20150918 | |
| CAT-QuickHeal | 20150918 | |
| ClamAV | 20150918 | |
| CMC | 20150916 | |
| Comodo | 20150918 | |
| Cyren | 20150918 | |
| F-Prot | 20150918 | |
| Fortinet | 20150918 | |
| Ikarus | 20150918 | |
| Jiangmin | 20150916 | |
| K7AntiVirus | 20150918 | |
| K7GW | 20150918 | |
| Kaspersky | 20150918 | |
| Kingsoft | 20150918 | |
| McAfee | 20150918 | |
| McAfee-GW-Edition | 20150918 | |
| Microsoft | 20150918 | |
| NANO-Antivirus | 20150918 | |
| nProtect | 20150918 | |
| Panda | 20150918 | |
| Qihoo-360 | 20150918 | |
| Sophos AV | 20150918 | |
| SUPERAntiSpyware | 20150918 | |
| Symantec | 20150918 | |
| Tencent | 20150918 | |
| TheHacker | 20150916 | |
| TrendMicro | 20150918 | |
| TrendMicro-HouseCall | 20150918 | |
| VBA32 | 20150918 | |
| VIPRE | 20150918 | |
| ViRobot | 20150918 | |
| Zillya | 20150918 | |
| Zoner | 20150918 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
????????????????????
Publisher ????????????????????
Product ???????????????????
Original name Assembly Changer.exe
Internal name Assembly Changer.exe
File version 35.37.88.62
Description ????????????????????
Comments ????????????????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-18 21:15:41
Entry Point 0x0000956E
Number of sections 4
.NET details
Module Version ID
b65efd3b-f7c8-4829-8a45-7e919fe6efd8
TypeLib ID
21d3b916-8e1b-4338-aeeb-212ae985545a
PE sections
PE imports
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0
InitializedDataSize
407552
ImageVersion
0.0
FileVersionNumber
35.37.88.62
LanguageCode
Neutral
FileFlagsMask
0x003f
CharacterSet
Unicode
LinkerVersion
11.0
FileTypeExtension
exe
OriginalFileName
Assembly Changer.exe
MIMEType
application/octet-stream
FileVersion
35.37.88.62
TimeStamp
2015:09:18 22:15:41+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
Assembly Changer.exe
ProductVersion
35.37.88.62
SubsystemVersion
4.0
OSVersion
4.0
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CodeSize
30208
FileSubtype
0
ProductVersionNumber
35.37.88.62
EntryPoint
0x956e
ObjectFileType
Executable application
AssemblyVersion
66.47.92.34
Compressed bundles
File identification
MD5 8bab508a7f797c281ab0d81923f6eaf6
SHA1 83c67f7a93178e3a46f2fc158dd926ee1a8f85cc
SHA256 e5a12b8b9abd1c2fcde9efe383c930ef68affc5c9050f5d11b05f960508a8f02
ssdeep
3072:3AcxPzmSfBtOQCRRrPIxoMpH5zCixcMBb:wY9f6Q8exoMPCwcM
File size
428.5 KB ( 438784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
| TrID |
Generic CIL Executable (.NET, Mono, etc.) (62.0%) Win64 Executable (generic) (23.4%) Win32 Dynamic Link Library (generic) (5.5%) Win32 Executable (generic) (3.8%) Win16/32 Executable Delphi generic (1.7%) |
Tags
peexe
assembly
VirusTotal metadata
First submission
2015-09-18 22:21:36 UTC (преди 3 години, 5 месеци)
Last submission
2015-09-19 13:04:02 UTC (преди 3 години, 5 месеци)
| Имена на файла |
Assembly Changer.exe Word.exe |
Няма коментари.
Никой не е коментирал това, бъдете първи!
Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!
Няма гласове.
Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.