× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: e8402125aa97637d0c7b030bd86a51c042ada8d8bc4e18b2da4f36c579f34659
Име на файла: KMSpico_Activator_For_Windows_10_and_Office_16_LATEST.exe
Съотношение на разпознаване: 6 / 56
Дата на анализиране: 2016-10-09 15:16:26 UTC (преди 2 години, 7 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Antiy-AVL GrayWare[Dropper]/Win32.Kryptik.x 20161009
DrWeb Trojan.InstallCube.2046 20161009
Sophos ML generic.a 20160928
Panda Trj/Genetic.gen 20161009
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161009
Symantec Heur.AdvML.B 20161009
Ad-Aware 20161009
AegisLab 20161009
AhnLab-V3 20161009
Alibaba 20161009
ALYac 20161009
Arcabit 20161009
Avast 20161009
AVG 20161009
Avira (no cloud) 20161009
AVware 20161009
Baidu 20161001
BitDefender 20161009
Bkav 20161008
CAT-QuickHeal 20161008
ClamAV 20161009
CMC 20161003
Comodo 20161007
CrowdStrike Falcon (ML) 20160725
Cyren 20161009
Emsisoft 20161009
ESET-NOD32 20161009
F-Prot 20161009
F-Secure 20161009
Fortinet 20161009
GData 20161009
Ikarus 20161009
Jiangmin 20161009
K7AntiVirus 20161009
K7GW 20161009
Kaspersky 20161009
Kingsoft 20161009
Malwarebytes 20161009
McAfee 20161009
McAfee-GW-Edition 20161009
Microsoft 20161009
eScan 20161009
NANO-Antivirus 20161009
nProtect 20161009
Rising 20161009
Sophos AV 20161009
SUPERAntiSpyware 20161009
Tencent 20161009
TheHacker 20161008
TrendMicro 20161009
TrendMicro-HouseCall 20161009
VBA32 20161007
VIPRE 20161009
ViRobot 20161009
Yandex 20161008
Zillya 20161007
Zoner 20161009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signers
[+] HELPER
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/25/2016
Valid to 12:59 AM 9/26/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C78CECA49A40AC36CE13450AB499E0F7B8B8EF97
Serial number 4E D1 85 EE 58 05 C2 8B 10 20 3A B4 DB 81 9C B9
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-09 15:08:15
Entry Point 0x00400146
Number of sections 4
PE sections
Overlays
MD5 9a88f5656a80ee9636f39107712f106b
File type data
Offset 4923392
Size 5192
Entropy 7.53
PE imports
AllocateLocallyUniqueId
ImageList_Read
ExcludeClipRect
UnrealizeObject
Rectangle
SetDIBColorTable
GetLastError
HeapFree
GetStdHandle
CreateFileMappingW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
lstrlenW
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetCurrentProcessId
LCMapStringW
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetCPInfo
GetStringTypeA
SetFilePointer
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
SizeofResource
GetModuleFileNameA
GetEnvironmentVariableA
HeapCreate
FindResourceW
VirtualFree
FindClose
GetFileType
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetSystemMetrics
GetClientRect
SendMessageW
GetWindowRect
GetActiveWindow
LoadStringA
MoveWindow
MessageBoxA
CreateWindowExW
CreateDialogParamA
ShowWindow
SetRect
CoUninitialize
Number of PE resources by type
RT_STRING 65
RT_GROUP_CURSOR 43
RT_CURSOR 43
RT_RCDATA 15
RT_ICON 3
JPEG 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 108
ENGLISH US 65
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:09 16:08:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4214784

LinkerVersion
7.5

FileTypeExtension
exe

InitializedDataSize
704512

SubsystemVersion
4.0

EntryPoint
0x400146

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 470c62e7b5b639eaba7f398059e6d664
SHA1 63e65e365e46eddf8272f4275fc6104383fd4200
SHA256 e8402125aa97637d0c7b030bd86a51c042ada8d8bc4e18b2da4f36c579f34659
ssdeep
49152:BYKLq5ZYN7PhAO4OsjLeMZsNBIEafEpi0kV1y2zxpYLwnZS7QVG1tdKlIMTt4ipz:BXwEasZzpu

authentihash 9232a61d3a98acd901600c90f6b3c0830c86493cc483b75c433f71d98a70e760
imphash f370c213b39c674a06c63725f8bd3bd2
File size 4.7 MB ( 4928584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-10-09 15:16:26 UTC (преди 2 години, 7 месеци)
Last submission 2016-10-09 15:16:26 UTC (преди 2 години, 7 месеци)
Имена на файла KMSpico_Activator_For_Windows_10_and_Office_16_LATEST.exe
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications