× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: 05ed142b50033e6b3b129433f6a7b98fa24ecf6e834e070db8567c5e881cc533
Filnavn: r_and_d_marine_ltd223.scr
Opdagelses forhold: 5 / 54
Undersøgelses dato: 2015-02-03 17:28:59 UTC ( 4 år, 3 månederiden ) Se seneste
Antivirus Resultat Opdatere
ByteHero Trojan.Malware.Obscu.Gen.002 20150203
CMC Packed.Win32.Katusha.1!O 20150202
Cyren W32/Trojan.YJMY-9321 20150203
Emsisoft Trojan.CTBLocker.Gen.1 (B) 20150203
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150203
Ad-Aware 20150203
AegisLab 20150203
Yandex 20150202
AhnLab-V3 20150203
Alibaba 20150202
ALYac 20150203
Antiy-AVL 20150203
Avast 20150203
AVG 20150203
Avira (no cloud) 20150203
AVware 20150203
Baidu-International 20150203
BitDefender 20150203
Bkav 20150203
CAT-QuickHeal 20150203
ClamAV 20150203
Comodo 20150203
DrWeb 20150203
ESET-NOD32 20150203
F-Prot 20150203
F-Secure 20150203
Fortinet 20150203
GData 20150203
Ikarus 20150203
K7AntiVirus 20150203
K7GW 20150203
Kaspersky 20150203
Kingsoft 20150203
Malwarebytes 20150203
McAfee 20150203
McAfee-GW-Edition 20150203
Microsoft 20150203
NANO-Antivirus 20150203
Norman 20150203
nProtect 20150203
Panda 20150203
Qihoo-360 20150203
SUPERAntiSpyware 20150203
Symantec 20150203
Tencent 20150203
TheHacker 20150203
TotalDefense 20150203
TrendMicro 20150203
TrendMicro-HouseCall 20150203
VBA32 20150203
VIPRE 20150203
ViRobot 20150203
Zillya 20150202
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-19 09:52:30
Entry Point 0x00003144
Number of sections 5
PE sections
PE imports
GetProcessId
GetComputerNameA
GetCurrentProcess
GetDateFormatA
CreateNamedPipeA
GetGeoInfoA
WaitForSingleObject
GetConsoleAliasW
FormatMessageA
GetSystemTimeAsFileTime
SetCurrentDirectoryW
CloseHandle
SetFilePointer
LoadLibraryA
VirtualAlloc
GetTimeFormatA
GetPrivateProfileStructW
GetProcessHeap
UrlCanonicalizeA
UrlCombineA
UrlIsA
PathCombineA
UrlHashA
PathCommonPrefixA
UrlUnescapeA
PathCompactPathA
UrlEscapeA
UrlGetLocationA
UrlIsOpaqueA
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSQuerySessionInformationA
WTSLogoffSession
WTSVirtualChannelRead
WTSFreeMemory
WTSSendMessageA
WTSEnumerateProcessesA
WTSVirtualChannelQuery
WTSEnumerateServersA
CAEnumFirstCA
CADeleteCA
CAEnumNextCA
CACloseCA
CACloseCertType
drvGetDefaultCommConfigA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
GradientFill
DllInitialize
TransparentBlt
vSetDdrawflag
NDdeShareEnumA
NDdeShareAddA
GetWindowLongA
CreateWindowExA
LoadCursorA
wsprintfA
DrawIcon
IsZoomed
DialogBoxParamA
LoadImageA
PeekMessageA
GetWindowTextA
GetCaretPos
GetMessageA
GetPropA
IsCharLowerW
IsDialogMessageA
CharToOemA
Number of PE resources by type
TOR 2
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:05:19 10:52:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13824

LinkerVersion
10.0

FileAccessDate
2015:02:09 21:11:26+01:00

EntryPoint
0x3144

InitializedDataSize
35840

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2015:02:09 21:11:26+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 51e83ff1957442ff37be72f3472a4bb6
SHA1 64d336cb4b0dc15adddafb98808f1da920e0f64f
SHA256 05ed142b50033e6b3b129433f6a7b98fa24ecf6e834e070db8567c5e881cc533
ssdeep
768:QsCu4BAeirX2dXKGEIBcls+Hw+K0p5jo2De9wSb8zQmWbhi/SGTx25e:Qju2WrmRzBcl1Hwj0ppDe9NmWbaSGT4

authentihash e56dcb14e5afd17372ad2d2030ee6fb819dde8d606d7d8909694de2a0fd4b598
imphash 4e1f0d6271c0664d26f20cc27b095bc9
File size 49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-03 17:28:59 UTC ( 4 år, 3 månederiden )
Last submission 2015-02-09 20:11:19 UTC ( 4 år, 3 månederiden )
Filnavne r_and_d_marine_ltd223.scr
vti-rescan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections