× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: 66252b80e1f62e284d60ddfc340fa7d6b651929d85360cee0f78cc04a8c5e343
Filnavn: QRes.exe
Opdagelses forhold: 0 / 58
Undersøgelses dato: 2017-02-24 16:43:01 UTC ( 2 måneder, 3 ugeriden ) Se seneste
Antivirus Resultat Opdatere
Ad-Aware 20170224
AegisLab 20170224
AhnLab-V3 20170224
Alibaba 20170224
ALYac 20170224
Antiy-AVL 20170224
Arcabit 20170224
Avast 20170224
AVG 20170224
Avira (no cloud) 20170224
AVware 20170224
Baidu 20170224
BitDefender 20170224
Bkav 20170224
CAT-QuickHeal 20170223
ClamAV 20170224
CMC 20170224
Comodo 20170224
CrowdStrike Falcon (ML) 20170130
Cyren 20170224
DrWeb 20170224
Emsisoft 20170224
Endgame 20170222
ESET-NOD32 20170224
F-Prot 20170224
F-Secure 20170224
Fortinet 20170224
GData 20170224
Ikarus 20170224
Invincea 20170203
Jiangmin 20170224
K7AntiVirus 20170224
K7GW 20170224
Kaspersky 20170224
Kingsoft 20170224
Malwarebytes 20170224
McAfee 20170224
McAfee-GW-Edition 20170224
Microsoft 20170224
eScan 20170224
NANO-Antivirus 20170224
nProtect 20170224
Panda 20170224
Qihoo-360 20170224
Rising None
Sophos 20170224
SUPERAntiSpyware 20170224
Symantec 20170224
Tencent 20170224
TheHacker 20170223
TrendMicro 20170224
TrendMicro-HouseCall 20170224
Trustlook 20170224
VBA32 20170224
VIPRE 20170224
ViRobot 20170224
Webroot 20170224
WhiteArmor 20170222
Yandex 20170222
Zillya 20170224
Zoner 20170224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-06-26 14:08:08
Entry Point 0x00001B48
Number of sections 1
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetDeviceCaps
GetCommandLineA
GetVersion
lstrcatA
lstrcpyA
_except_handler3
__p__fmode
_exit
_adjust_fdiv
memset
__p__commode
__p___initenv
__setusermatherr
exit
_XcptFilter
__getmainargs
printf
_initterm
_controlfp
__set_app_type
ReleaseDC
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetDC
wsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2003:06:26 15:08:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
4.0

EntryPoint
0x1b48

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 ca493006d55ebda9f97c7848cee144a7
SHA1 82671680c2fd7037e3982da62227bfa9611f91ee
SHA256 66252b80e1f62e284d60ddfc340fa7d6b651929d85360cee0f78cc04a8c5e343
ssdeep
96:XsK1jHA1J4NV/HMjiNOi7XV8jr1enQYzjaADfNP4oyn:dj/Hco8jrgQoja2fNP4oyn

authentihash 43ec9818fc270291fa921b1cc82a98bb41f096560b2bf74a3ebe7bfccc884f2b
imphash f3899020c1ea8bbf0c84a80689caa590
File size 4.5 KB ( 4608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2008-03-24 20:16:19 UTC ( 9 år, 2 månederiden )
Last submission 2017-05-16 02:47:16 UTC ( 1 ugeiden )
Filnavne 113d1ca.tmpscan
a01332.tmpscan
6754e4.tmpscan
bit5879.tmp
cc719f9f-332d-d7ba-facf-9552bc446a5a
qres.exe.4584_6.62198.partial
Res-chg.exe
bit16e9.tmp
bit3166.tmp
ee6081.tmpscan
RC.exe
vs060nuq.ev9
qres.exe.4816_9.360337.partial
cfd013.tmpscan
136082.tmpscan
bita888.tmp
9b37607f-7911-1622-bda9-c6ddd1d1947f_1d1c0e493396a16
fltadd.tmp
qres.exe.4676_2.30431.partial
6749da43-396c-08e9-d286-419c7cae5389
QRes.exe
ResC.exe
navd637.tmp
bitec8d.tmp
bitcba5.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!