× Les galetes no estan habilitades Aquest web requereix l'ús de galetes per funcionar correctament
SHA256: 08be7f7725a67408f82072ba2aa8bafae08fa7c6b500f6c27833f95b1c852104
Nom del fitxer: 0D4B59FF_pdf.exe
Relació de detecció: 27 / 66
Data de l'anàlisi: 2018-04-09 09:56:06 UTC ( fa 1 any, 1 mes ) Mostra el darrer
Antivirus Resultat Actualitzat el
Ad-Aware Gen:Variant.Razy.296597 20180409
AegisLab Ml.Attribute.Gen!c 20180409
AhnLab-V3 Trojan/Win32.Injector.R224595 20180409
Arcabit Trojan.Razy.D48695 20180409
Avira (no cloud) TR/Dropper.VB.udulj 20180409
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9525 20180409
BitDefender Gen:Variant.Razy.296597 20180409
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cylance Unsafe 20180409
eGambit Unsafe.AI_Score_70% 20180409
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.DXDQ 20180409
Fortinet Malicious_Behavior.SB 20180409
Ikarus Win32.Outbreak 20180408
Sophos ML heuristic 20180121
Kaspersky Trojan-PSW.Win32.Fareit.dwyh 20180409
Malwarebytes Trojan.PasswordStealer.VB 20180409
MAX malware (ai score=95) 20180409
McAfee Artemis!296F4D918F6E 20180409
McAfee-GW-Edition BehavesLike.Win32.Generic.jh 20180408
Microsoft Trojan:Win32/Vibem.C 20180409
eScan Gen:Variant.Razy.296597 20180409
Palo Alto Networks (Known Signatures) generic.ml 20180409
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180409
TrendMicro-HouseCall Suspicious_GEN.F47V0408 20180409
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.dwyh 20180409
Alibaba 20180408
ALYac 20180409
Antiy-AVL 20180409
Avast 20180409
Avast-Mobile 20180409
AVG 20180409
AVware 20180409
Bkav 20180407
CAT-QuickHeal 20180408
ClamAV 20180409
CMC 20180408
Comodo 20180409
Cybereason None
Cyren 20180409
DrWeb 20180409
Emsisoft 20180409
F-Prot 20180409
F-Secure 20180409
GData 20180409
Jiangmin 20180409
K7AntiVirus 20180404
K7GW 20180407
Kingsoft 20180409
NANO-Antivirus 20180409
nProtect 20180409
Panda 20180408
Qihoo-360 20180409
Rising 20180409
Sophos AV 20180409
SUPERAntiSpyware 20180409
Symantec Mobile Insight 20180406
Tencent 20180409
TheHacker 20180404
TrendMicro 20180409
Trustlook 20180409
VBA32 20180406
VIPRE 20180409
ViRobot 20180409
Webroot 20180409
WhiteArmor 20180408
Yandex 20180408
Zillya 20180409
Zoner 20180409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
VèNTis MèDIa cnE£

Product MAlWaRèbytès CORporation
Original name Nahuat6.exe
Internal name Nahuat6
File version 8.05
Comments cwE£ cnE£
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-08 16:07:50
Entry Point 0x000012D0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaCyI4
EVENT_SINK_QueryInterface
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
__vbaLenBstr
Ord(525)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
Ord(652)
__vbaInStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
_adj_fdiv_r
_adj_fdiv_m64
__vbaUI1I2
__vbaFreeVar
Ord(100)
Ord(694)
__vbaUI1I4
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaLenBstrB
Ord(524)
_allmul
_CIcos
__vbaVarTstEq
_adj_fptan
Ord(685)
Ord(537)
__vbaObjSet
__vbaVarMove
_CIatan
__vbaNew2
Ord(606)
_adj_fdivr_m32i
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
622592

SubsystemVersion
4.0

Comments
cwE cnE

InitializedDataSize
16384

ImageVersion
8.5

FileSubtype
0

FileVersionNumber
8.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x12d0

OriginalFileName
Nahuat6.exe

MIMEType
application/octet-stream

LegalCopyright
V NTis M DIa cnE

FileVersion
8.05

TimeStamp
2018:04:08 17:07:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nahuat6

ProductVersion
8.05

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ngINE

LegalTrademarks
P RBLock aLC

ProductName
MAlWaR byt s CORporation

ProductVersionNumber
8.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 296f4d918f6e434ac9c2e28924d3cc3f
SHA1 892354407954f34ec43a9a7377292ac659986fa4
SHA256 08be7f7725a67408f82072ba2aa8bafae08fa7c6b500f6c27833f95b1c852104
ssdeep
12288:oUE3KLG+bc1tXVb+i+/hYQQFGOuAtYYL17BOujaNYrKjtCJh:oUE3satX1EsFkcay

authentihash 423cf8e1d17b0b695a377cb16533bf883f65f686719a98102498686a63bc8f2a
imphash 29867e2ca66c70b32abc47f7581d8f29
Mida del fitxer 628.0 KB ( 643072 bytes )
Tipus de fitxer Win32 EXE
Informació avançada
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-08 22:10:27 UTC ( fa 1 any, 1 mes )
Last submission 2018-05-10 00:01:50 UTC ( fa 1 any )
Noms de fitxer 08be7f7725a67408f82072ba2aa8bafae08fa7c6b500f6c27833f95b1c852104
Nahuat6.exe
0D4B59FF_pdf.exe
Nahuat6
Advanced heuristic and reputation engines
Cap comentari. Cap membre ha fet un comentari, però podeu ser la primera persona en fer-ho!

Afegiu un comentari...

?
Publica el comentari

No heu iniciat una sessió. Només els usuaris registrats poden publicar comentaris. Inicieu la sessió i tindreu veu i vot!

Cap vot. Cap membre ha fet una votació, però podeu ser la primera persona en fer-ho!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.