× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: 1b41c32c55de43ddb3871260fd0ea30d067dc27840b7f63d857afa7f9267c73a
Filnavn: forsendelse.exe
Opdagelses forhold: 2 / 56
Undersøgelses dato: 2015-09-17 11:11:13 UTC ( 2 åriden ) Se seneste
Antivirus Resultat Opdatere
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150917
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20150916
Ad-Aware 20150917
AegisLab 20150917
Yandex 20150916
AhnLab-V3 20150916
Alibaba 20150917
ALYac 20150917
Antiy-AVL 20150917
Arcabit 20150917
Avast 20150917
AVG 20150917
Avira (no cloud) 20150917
AVware 20150917
Baidu-International 20150917
BitDefender 20150917
Bkav 20150917
ByteHero 20150917
CAT-QuickHeal 20150916
ClamAV 20150917
CMC 20150916
Comodo 20150917
Cyren 20150917
DrWeb 20150917
Emsisoft 20150917
ESET-NOD32 20150917
F-Prot 20150917
F-Secure 20150917
Fortinet 20150917
GData 20150917
Ikarus 20150917
Jiangmin 20150916
K7AntiVirus 20150917
K7GW 20150917
Kaspersky 20150917
Kingsoft 20150917
Malwarebytes 20150917
McAfee 20150917
McAfee-GW-Edition 20150916
Microsoft 20150917
eScan 20150917
NANO-Antivirus 20150917
nProtect 20150917
Panda 20150916
Sophos AV 20150917
SUPERAntiSpyware 20150917
Symantec 20150916
Tencent 20150917
TheHacker 20150916
TrendMicro 20150917
TrendMicro-HouseCall 20150917
VBA32 20150916
VIPRE 20150917
ViRobot 20150917
Zillya 20150916
Zoner 20150917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-22 06:08:47
Entry Point 0x00015366
Number of sections 4
PE sections
Overlays
MD5 482ba54f99cc6ad63d95224b98c2f870
File type data
Offset 524288
Size 171674
Entropy 7.96
PE imports
RegSaveKeyA
OpenBackupEventLogW
ReportEventW
StartServiceA
LsaLookupNames
LsaEnumerateAccountRights
RegQueryMultipleValuesA
LsaOpenPolicy
SetDIBits
SetMetaRgn
GetWindowOrgEx
CreateMetaFileA
PolyPolyline
ResizePalette
GetPaletteEntries
PathToRegion
SetICMProfileW
GetViewportOrgEx
GetMetaFileW
GdiGetBatchLimit
GetBoundsRect
SetPixel
GetMetaFileA
GetFontLanguageInfo
GetTextExtentPointW
GetMiterLimit
CreateEllipticRgn
GetTextFaceW
ChoosePixelFormat
SetPixelFormat
GetEnhMetaFileBits
GetTextFaceA
SwapBuffers
GetTextMetricsA
CloseMetaFile
GetSystemPaletteUse
GetKerningPairsA
ExtCreatePen
ResetDCW
GetBkColor
SetRectRgn
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
GetCurrentPositionEx
Pie
CreateFontIndirectA
GetBitmapBits
PolyDraw
SetWindowExtEx
EnumFontFamiliesW
PtInRegion
OffsetClipRgn
BitBlt
GetICMProfileW
GetDeviceCaps
FillRgn
GetArcDirection
SelectPalette
PtVisible
CreateEnhMetaFileA
SetWinMetaFileBits
SetROP2
ExtEscape
GetNearestPaletteIndex
AbortPath
SetDIBColorTable
CreateScalableFontResourceA
StrokePath
BeginPath
SetViewportExtEx
GetWindowExtEx
SetBitmapBits
PatBlt
GetCharWidthFloatA
Rectangle
GetObjectA
PaintRgn
GetCharWidthW
StartPage
GetObjectW
CreateDCW
GetEnhMetaFileDescriptionW
CreateHatchBrush
CreateBitmap
RectVisible
DeleteColorSpace
GetPath
UnrealizeObject
SelectClipRgn
EndPage
GetTextExtentPoint32A
RealizePalette
CreateColorSpaceW
SetWindowOrgEx
GetClipRgn
GetTextExtentPoint32W
CreateICW
SetDeviceGammaRamp
GetTextCharset
GetGlyphOutlineA
GetDeviceGammaRamp
EnumEnhMetaFile
GetTextExtentExPointA
GetPixel
SetMapperFlags
CreateDIBPatternBrush
CreateSolidBrush
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetICMMode
GetGraphicsMode
CreateCompatibleDC
StrokeAndFillPath
CreateFontW
FlattenPath
PolyTextOutW
StartDocA
CopyMetaFileW
GetStretchBltMode
Polyline
DPtoLP
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
ImageRvaToVa
SymGetSymPrev
SymUnloadModule
ImageDirectoryEntryToData
UpdateDebugInfoFile
StackWalk
ImageGetCertificateHeader
SymGetLineFromName
FindExecutableImage
ImageUnload
SymGetSymNext
ImageNtHeader
ImageRvaToSection
SymGetLinePrev
CheckSumMappedFile
SymGetLineNext
EnumerateLoadedModules
SymGetSearchPath
SymInitialize
SymGetOptions
ImageGetDigestStream
ImageAddCertificate
SymGetModuleBase
SymEnumerateModules
SymGetSymFromAddr
SymGetSymFromName
SymEnumerateSymbols
MapAndLoad
MapFileAndCheckSumA
ImageEnumerateCertificates
MakeSureDirectoryPathExists
MapFileAndCheckSumW
SymFunctionTableAccess
ReBaseImage
SymGetLineFromAddr
ImagehlpApiVersion
GetTimestampForLoadedLibrary
SymRegisterCallback
GetImageUnusedHeaderBytes
MapDebugInformation
FindDebugInfoFile
SymMatchFileName
BindImageEx
SymLoadModule
SymUnDName
ImageGetCertificateData
GetStartupInfoA
BuildCommDCBAndTimeoutsA
GetModuleHandleA
LoadLibraryW
ContinueDebugEvent
CreateProcessW
LZInit
Ord(1775)
Ord(2648)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(324)
Ord(3830)
Ord(4627)
Ord(2385)
Ord(3597)
Ord(4673)
Ord(3738)
Ord(4853)
Ord(6375)
Ord(6376)
Ord(3136)
Ord(2982)
Ord(641)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(4353)
Ord(3346)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(5714)
Ord(5289)
Ord(4407)
Ord(4078)
Ord(2985)
Ord(2554)
Ord(2446)
Ord(2396)
Ord(4622)
Ord(561)
Ord(5065)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(5731)
Ord(1576)
Ord(1727)
Ord(3825)
Ord(4425)
Ord(2976)
Ord(4486)
Ord(2514)
Ord(815)
Ord(1089)
Ord(1168)
Ord(5277)
Ord(2725)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(5163)
Ord(2055)
Ord(5265)
Ord(3749)
Ord(5300)
Ord(2512)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5302)
Ord(4465)
Ord(5261)
Ord(4079)
WNetCancelConnectionA
WNetEnumResourceA
WNetOpenEnumW
WNetGetLastErrorW
WNetAddConnection3W
WNetGetUniversalNameW
WNetDisconnectDialog
WNetAddConnection2W
WNetOpenEnumA
MultinetGetConnectionPerformanceA
WNetEnumResourceW
WNetCancelConnectionW
WNetGetUserW
WNetAddConnection2A
WNetGetUniversalNameA
WNetAddConnection3A
WNetCloseEnum
WNetGetProviderNameA
_except_handler3
_setmbcp
_acmdln
_adjust_fdiv
__CxxFrameHandler
__p__fmode
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
VarDecFromUI4
VarDecFromUI1
VarDecFromUI2
SysStringByteLen
VarNumFromParseNum
VarCyNeg
VarCyCmp
SysAllocString
SafeArrayCreate
VarCyFromI4
BSTR_UserFree
VarCyFromI2
SafeArrayGetElemsize
GetActiveObject
SafeArrayAccessData
VarDecMul
VarXor
LPSAFEARRAY_UserMarshal
VarUI2FromDate
VarI4FromCy
VarBoolFromR4
VarI1FromUI4
LoadTypeLibEx
VarAnd
SafeArrayLock
VARIANT_UserFree
VarUI2FromBool
VarI1FromI2
VarI1FromI4
VarCySub
SafeArraySetRecordInfo
VarDecAdd
VarBstrFromBool
OleLoadPictureEx
VarUI4FromDec
SafeArrayGetRecordInfo
VarDateFromCy
VarI2FromDisp
VarDateFromUdate
VarUI1FromI2
VarBstrFromDisp
VarI2FromDec
VarDecFromR4
SysReAllocString
VarDateFromStr
VarCat
VarDecFromI2
VarDecFromI1
VarDecFromR8
VarI4FromR4
VarI2FromR4
VarCyFix
VarI4FromR8
VarI2FromR8
VarUI2FromUI4
VarFormat
VarBoolFromDisp
VarUI2FromUI1
SafeArraySetIID
VarDateFromBool
VarCyMul
VariantInit
BSTR_UserMarshal
SafeArrayGetIID
VarDateFromR4
VarCyCmpR8
VarDateFromR8
VarI2FromUI2
VarCyMulI4
VarDecSub
SafeArrayAllocDescriptorEx
VarCyFromDec
GetRecordInfoFromTypeInfo
SysFreeString
DosDateTimeToVariantTime
VarFormatFromTokens
VarInt
VarBoolFromDate
CreateDispTypeInfo
SysAllocStringByteLen
VarR4FromBool
SafeArrayGetVartype
VarI4FromBool
SysAllocStringLen
VarR4FromR8
VarDecAbs
VarCyFromDisp
VarUI2FromDisp
RegisterActiveObject
VarR4FromUI1
VarCyFromBool
LPSAFEARRAY_UserSize
VARIANT_UserSize
VarCyFromR4
SafeArrayCreateVectorEx
VarI2FromDate
VarR4FromI2
VarI2FromStr
CreateTypeLib
VarBoolFromI4
VarI2FromBool
VarCyRound
VarI1FromBool
VarBstrFromI1
UnRegisterTypeLib
VarR4FromDec
SafeArrayDestroy
OaBuildVersion
LoadTypeLib
VarDecFromBool
VarSub
LoadRegTypeLib
VarAbs
VarWeekdayName
VarNeg
VarR8FromI1
VarCyFromStr
VarI4FromDate
VarFormatNumber
SafeArrayCopyData
VarI2FromCy
VarDecCmp
DispInvoke
VarUI1FromDec
VarR4FromUI4
LHashValOfNameSys
VarUI1FromCy
OleLoadPictureFile
GetRecordInfoFromGuids
SysReAllocStringLen
VarBstrFromR4
VarI2FromUI4
VarI4FromDec
VarCyInt
VarBstrFromR8
VarBstrFromDec
VarI4FromI1
VarOr
VarDateFromDisp
SafeArrayAllocDescriptor
VarDecNeg
VarR8FromR4
VARIANT_UserUnmarshal
VarUI4FromUI1
QueryPathOfRegTypeLib
VarCyFromUI2
VarCyFromUI1
RevokeActiveObject
VarCyFromUI4
VarUI4FromI4
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
LHashValOfNameSysA
VarI1FromCy
VarDateFromI1
VarDecCmpR8
VarDateFromI2
SafeArrayCreateVector
VarUI4FromDate
SafeArrayCreateEx
VarR4FromStr
VarR8FromUI2
VarI1FromDate
VarR8FromUI4
SafeArrayGetElement
VarCyFromDate
VarBoolFromUI1
VarBstrFromCy
VarBoolFromCy
VarBoolFromUI2
VarBoolFromUI4
VarUI2FromI4
VarI1FromR4
CreateStdDispatch
DispCallFunc
VarI2FromI1
VarI1FromDisp
VarDateFromDec
VarI4FromUI2
BSTR_UserSize
DispGetParam
VarI1FromR8
VarRound
VarI4FromUI4
VarUI1FromR8
VarFormatPercent
VariantClear
VarDiv
GetAltMonthNames
VarR8FromBool
VarI1FromStr
VarFormatDateTime
VarDateFromUI4
VarParseNumFromStr
VarDateFromUI2
ExtractIconA
SHBrowseForFolderW
DragQueryFileW
SHChangeNotify
SHGetDiskFreeSpaceA
SHBrowseForFolderA
DragQueryFileA
SHFileOperationA
SHGetFileInfoA
Ord(180)
ShellExecuteExA
DuplicateIcon
SHGetPathFromIDListW
SHInvokePrinterCommandA
SHEmptyRecycleBinA
SHGetFileInfoW
SHGetDesktopFolder
ShellExecuteExW
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
Ord(179)
SHGetSpecialFolderPathA
SHFreeNameMappings
ExtractAssociatedIconA
SHGetSpecialFolderPathW
FindExecutableA
ExtractAssociatedIconW
SHGetDataFromIDListW
SHAddToRecentDocs
DragFinish
ExtractIconExA
DoEnvironmentSubstA
DragQueryPoint
CommandLineToArgvW
SHGetInstanceExplorer
SHGetSpecialFolderLocation
SHAppBarMessage
ShellExecuteA
DoEnvironmentSubstW
PathRemoveArgsA
PathIsContentTypeW
StrPBrkA
StrSpnW
PathRenameExtensionW
StrFormatByteSizeA
PathStripPathA
PathIsRelativeA
PathCommonPrefixW
PathCanonicalizeA
StrSpnA
PathFindOnPathW
PathRemoveArgsW
PathCanonicalizeW
PathBuildRootW
PathIsUNCW
SHRegGetUSValueA
StrNCatA
PathRemoveBackslashW
PathCompactPathExW
StrCSpnIW
SHRegDeleteUSValueA
StrTrimW
PathFileExistsW
StrCSpnA
PathRelativePathToA
PathCombineA
PathIsSystemFolderW
PathStripToRootA
PathAddBackslashW
SHGetValueW
PathCompactPathA
PathFindOnPathA
SHRegOpenUSKeyA
PathMakeSystemFolderW
PathCombineW
PathRelativePathToW
StrTrimA
SHRegGetBoolUSValueA
SHRegCreateUSKeyW
PathCompactPathW
PathIsDirectoryA
SHDeleteKeyW
PathAppendA
PathIsFileSpecW
StrCmpW
SHQueryInfoKeyW
PathRemoveFileSpecW
ChrCmpIW
PathIsRootA
PathStripPathW
StrCpyW
SHDeleteValueW
PathSetDlgItemPathW
PathIsUNCServerShareW
SHRegGetBoolUSValueW
SHEnumKeyExW
PathRenameExtensionA
SHRegDeleteEmptyUSKeyW
SHEnumValueW
PathRemoveFileSpecA
ChrCmpIA
SHRegCloseUSKey
PathSkipRootA
PathFindNextComponentW
PathMatchSpecW
PathAddExtensionA
StrDupW
SHQueryValueExA
PathIsURLA
SHRegWriteUSValueA
PathQuoteSpacesA
SHRegGetUSValueW
PathGetArgsA
PathFindFileNameA
PathMatchSpecA
PathAddExtensionW
PathSkipRootW
PathFindNextComponentA
SHDeleteKeyA
PathRemoveBlanksW
PathFileExistsA
SHRegWriteUSValueW
EnableWindow
DdeCreateStringHandleA
GetFileVersionInfoSizeW
PrintDlgA
GetFileTitleW
GetOpenFileNameW
ChooseColorW
ChooseFontW
PageSetupDlgA
GetOpenFileNameA
ChooseColorA
FindTextW
PrintDlgW
PageSetupDlgW
Number of PE resources by type
RT_ICON 17
RT_ACCELERATOR 17
RT_DIALOG 7
RT_MENU 7
RT_GROUP_ICON 7
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GREEK DEFAULT 21
GAELIC SCOTTISH 19
SERBIAN ARABIC ALGERIA 17
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.155.177.253

UninitializedDataSize
0

LanguageCode
Unknown (REBO)

FileFlagsMask
0x003f

CharacterSet
Unknown (UNDING)

InitializedDataSize
434176

EntryPoint
0x15366

MIMEType
application/octet-stream

LegalCopyright
2019 (C) 2018

FileVersion
Regenerations 0,235,114,52

TimeStamp
2004:12:22 07:08:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Remixed

ProductVersion
0,93,215,62

FileDescription
Robots Signet Punctate

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Zenturi, Inc

CodeSize
86016

ProductName
Ravish Penances

ProductVersionNumber
0.7.128.252

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a0a3f2654d27d1b8357e11b79a6a050b
SHA1 1b69a491a7dcaba09432118749d073f4d32fb29b
SHA256 1b41c32c55de43ddb3871260fd0ea30d067dc27840b7f63d857afa7f9267c73a
ssdeep
12288:Ft0S9/HH18snKdsMLta2s5CH5yHoJNsKXGjkYdiWoULh24uA+VN:FCS9vV9nKdsMLta2s5CH5yIJLGjddVhu

authentihash ae0c445d57cac0669a41510f9e614fa154a07907cbf7fc2a98c2b0954122a2dc
imphash 7b831057fcad6ec9e08a50a0d8a6470e
File size 679.7 KB ( 695962 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-17 11:00:37 UTC ( 2 åriden )
Last submission 2015-10-01 15:16:20 UTC ( 1 år, 11 månederiden )
Filnavne info_617394.exe
forsendelse.exe
1b41c32c55de43ddb3871260fd0ea30d067dc27840b7f63d857afa7f9267c73a.bin
angreb1.bin
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs