× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: ee5ad109eea8c3a3bee7e569debe46c6fe3efc50a83a777f99e6f0b2e4009feb
Име на файла: 861232.exe
Съотношение на разпознаване: 9 / 64
Дата на анализиране: 2017-10-13 05:10:33 UTC (преди 1 година, 7 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Avast FileRepMalware 20171013
AVG FileRepMalware 20171013
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9877 20171013
Cylance Unsafe 20171013
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FXQW 20171013
Fortinet W32/Locky.AZKQ!tr.ransom 20171013
Sophos ML heuristic 20170914
Symantec ML.Attribute.HighConfidence 20171013
Ad-Aware 20171013
AegisLab 20171013
AhnLab-V3 20171013
Alibaba 20170911
ALYac 20171013
Antiy-AVL 20171012
Arcabit 20171013
Avast-Mobile 20171012
Avira (no cloud) 20171012
AVware 20171013
BitDefender 20171013
Bkav 20171013
CAT-QuickHeal 20171012
ClamAV 20171013
CMC 20171012
Comodo 20171013
CrowdStrike Falcon (ML) 20170804
Cyren 20171013
DrWeb 20171013
Emsisoft 20171013
F-Prot 20171013
F-Secure 20171013
GData 20171013
Ikarus 20171012
Jiangmin 20171013
K7AntiVirus 20171013
K7GW 20171013
Kaspersky 20171013
Kingsoft 20171013
MAX 20171013
McAfee 20171013
McAfee-GW-Edition 20171013
Microsoft 20171013
eScan 20171013
NANO-Antivirus 20171013
nProtect 20171013
Palo Alto Networks (Known Signatures) 20171013
Panda 20171012
Qihoo-360 20171013
Rising 20171013
SentinelOne (Static ML) 20171001
Sophos AV 20171013
SUPERAntiSpyware 20171013
Symantec Mobile Insight 20171011
Tencent 20171013
TheHacker 20171013
TrendMicro 20171013
TrendMicro-HouseCall 20171013
Trustlook 20171013
VBA32 20171012
VIPRE 20171013
ViRobot 20171013
Webroot 20171013
WhiteArmor 20170927
Yandex 20171012
Zillya 20171012
ZoneAlarm by Check Point 20171013
Zoner 20171013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
kazuhisa0723 Copyright © 2012

Product AdbDriverMaker
Original name AdbDriver.exe
Internal name AdbDriver.exe
File version 1.0.0.1
Description AdbDriverMaker
Comments make inf file for Android
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 5:27 AM 10/13/2017
Signers
[+] INFORM VT, OOO
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 12/7/2016
Valid to 12:59 AM 12/8/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 49B0C2688D4C84681E71538AD5E6E55B707BC6A4
Serial number 00 BB C2 ED 37 E1 1D F5 3B 33 79 36 3C B4 D1 02 11
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-256 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
Serial number 4E B0 87 8F CC 24 35 36 B2 D8 C9 F7 BF 39 55 77
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-03 17:43:49
Entry Point 0x00003A36
Number of sections 6
PE sections
Overlays
MD5 1ca01b9c612196bbe74c2e67f36c0e55
File type data
Offset 614912
Size 5984
Entropy 7.40
PE imports
RegDeleteKeyA
CloseServiceHandle
RegOpenKeyA
RegCloseKey
OpenServiceA
RegQueryValueExA
RegSetValueExA
ControlService
EqualSid
DeleteService
RegOpenKeyExA
RegDeleteValueA
OpenSCManagerA
RegEnumKeyExA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GlobalFree
GetEnvironmentStringsA
GetOEMCP
FindNextFileA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
RemoveDirectoryA
GetShortPathNameA
FreeEnvironmentStringsA
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetStringTypeW
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetFileAttributesA
SetFilePointer
lstrcpynA
GetCPInfo
MapViewOfFile
GetStringTypeA
GetModuleHandleA
lstrcmpA
UnmapViewOfFile
FindFirstFileA
WriteFile
GetStartupInfoA
CloseHandle
CreateFileMappingA
GetSystemDirectoryA
GetACP
MoveFileExA
GetFullPathNameA
GetDriveTypeA
GetModuleFileNameA
HeapCreate
lstrcpyA
GlobalAlloc
VirtualFree
FindClose
Sleep
GetFileType
SetEndOfFile
CreateFileA
ExitProcess
GetVersion
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameA
SetupDiDeleteDeviceInfo
SetupDiCallClassInstaller
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
make inf file for Android

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AdbDriverMaker

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
560128

EntryPoint
0x3a36

OriginalFileName
AdbDriver.exe

MIMEType
application/octet-stream

LegalCopyright
kazuhisa0723 Copyright 2012

FileVersion
1.0.0.1

TimeStamp
2012:11:03 18:43:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AdbDriver.exe

ProductVersion
1.0.0.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
73728

ProductName
AdbDriverMaker

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.1

Compressed bundles
PCAP parents
File identification
MD5 9d64a8949203751b396384865e6bb6dd
SHA1 5ed74ed87d981279a82116de1c201bb856d60330
SHA256 ee5ad109eea8c3a3bee7e569debe46c6fe3efc50a83a777f99e6f0b2e4009feb
ssdeep
6144:30EejGECJr6UDGWmqFShxyAZb8tSAUOQmqvKrMBFFdXuCUz5tqoqeochvcQYcQ7+:30haC3TgSTH+BXRyKrMBFINXBoHc1

authentihash e82ac80b32c3852c58b7aacf03e771b2bb40b3d1154b9d680cd53a59b4f3b8d2
imphash eef18d84ae48c5a56a570fe1464904ce
File size 606.3 KB ( 620896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.8%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
Win16/32 Executable Delphi generic (4.1%)
OS/2 Executable (generic) (4.0%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2017-10-13 04:56:12 UTC (преди 1 година, 7 месеци)
Last submission 2018-07-23 09:16:13 UTC (преди 10 месеци)
Имена на файла ee5ad109eea8c3a3bee7e569debe46c6fe3efc50a83a777f99e6f0b2e4009feb
861232.vxe
AdbDriver.exe
861232.exe
861232.exe
9d64a8949203751b396384865e6bb6dd.vir
9d64a8949203751b396384865e6bb6dd.vir
9d64a8949203751b396384865e6bb6dd.vir
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications