× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 0b577f76b08c5267eb5f2f8596127a28a6eaf5ff2089cff6be0b689f31850124
Dateiname: 2014_11rechnung_pdf_telekom_0000283882_november_00288273_11_00000...
Erkennungsrate: 40 / 53
Analyse-Datum: 2014-11-19 20:59:02 UTC ( vor 4 Jahre, 6 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Trojan.GenericKD.1974635 20141119
Yandex Backdoor.Androm!H44AyImiQXw 20141119
AhnLab-V3 Trojan/Win32.Agent 20141119
Antiy-AVL Trojan[Dropper]/Win32.Necurs 20141119
Avast Win32:Dropper-gen [Drp] 20141119
AVG Generic_r.EGZ 20141119
Avira (no cloud) TR/Emotet.A.39 20141119
AVware Trojan.Win32.Generic!BT 20141119
Baidu-International Backdoor.Win32.Androm.AlmS 20141119
BitDefender Trojan.GenericKD.1974635 20141119
ClamAV Win.Trojan.Generickd-1386 20141119
Cyren W32/Trojan.WESG-1963 20141119
DrWeb Trojan.Encoder.514 20141119
Emsisoft Trojan.GenericKD.1974635 (B) 20141119
ESET-NOD32 Win32/Emotet.AB 20141119
F-Prot W32/Trojan3.MDJ 20141119
F-Secure Trojan.GenericKD.1974635 20141119
Fortinet W32/Kryptik.MFCK!tr 20141119
GData Trojan.GenericKD.1974635 20141119
Ikarus Trojan-Ransom.CryptoWall 20141119
K7AntiVirus Trojan ( 004afe501 ) 20141119
K7GW Trojan ( 004afe501 ) 20141119
Kaspersky Backdoor.Win32.Androm.fjkc 20141119
Malwarebytes Trojan.Agent.ED 20141119
McAfee RDN/Generic.bfg!c 20141119
McAfee-GW-Edition RDN/Generic.bfg!c 20141119
Microsoft VirTool:Win32/CeeInject.gen!KK 20141119
eScan Trojan.GenericKD.1974635 20141119
NANO-Antivirus Trojan.Win32.Necurs.diulka 20141119
Norman Injector.HLIL 20141119
nProtect Trojan-Dropper/W32.Necurs.151552.D 20141119
Panda Trj/Zbot.AC 20141119
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20141119
Rising PE:Trojan.Win32.Generic.17A216BA!396498618 20141119
Sophos AV Troj/Fondu-CF 20141119
Symantec Downloader.Ponik 20141119
Tencent Win32.Trojan.Inject.Auto 20141119
TotalDefense Win32/Tnega.JLCOcJB 20141119
TrendMicro-HouseCall TSPY_ZBOT.TPB 20141119
ViRobot Backdoor.Win32.U.Agent.151552 20141119
AegisLab 20141119
Bkav 20141119
ByteHero 20141119
CAT-QuickHeal 20141119
CMC 20141118
Comodo 20141119
Jiangmin 20141119
Kingsoft 20141119
SUPERAntiSpyware 20141119
TheHacker 20141117
VBA32 20141119
Zillya 20141119
Zoner 20141118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-28 16:24:34
Entry Point 0x0000204F
Number of sections 6
PE sections
PE imports
GetStartupInfoA
CreateThread
GetCurrentProcessId
GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
LoadLibraryA
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(939)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5953)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3097)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(1247)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
__CxxFrameHandler
__getmainargs
fclose
__dllonexit
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
sprintf
_acmdln
fread
_adjust_fdiv
_wfopen
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
GetModuleFileNameExW
GetSystemMetrics
LoadIconA
EnableWindow
PostMessageA
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
AppendMenuA
htonl
socket
bind
inet_addr
recvfrom
htons
closesocket
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:28 17:24:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
8.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, No debug

EntryPoint
0x204f

InitializedDataSize
139264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 6d114c7a21aab94456d8e8d4aef88362
SHA1 1229f292c46ffa1bde2db69227c4e98c2e46ae3a
SHA256 0b577f76b08c5267eb5f2f8596127a28a6eaf5ff2089cff6be0b689f31850124
ssdeep
3072:5fSj3q4+o/mYSpVygq2xW+rQDuZz4AYOr8Hkv:xSusZSXRY+rBF4AYOr8

authentihash 85f9d00b0120182ccc9cc5c22e5964c612a860a34e5bddda6dc1f90d12bfd5ab
imphash ee33aa2c30b8b2f66b18329f6ef938ed
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-13 21:04:14 UTC ( vor 4 Jahre, 6 Monate )
Last submission 2019-01-20 01:58:14 UTC ( vor 4 Monate )
Dateinamen WL-1f67cd457de800f1252f004d6b01d8a9-0
file
1229f292c46ffa1bde2db69227c4e98c2e46ae3a.exe.vir
2014_11details_transaktion_37900000929_november_30908300059_11_0000000039.exe
2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
1904.tmp
vhpdkgck.exe
6d114c7a21aab94456d8e8d4aef88362.exe
dcf2.tmp
2014_11rechnung_pdf_telekom_0000283882_november_00288273_11_0000000392_000005.exe
jvwfqlaa.ex
file-7686399_exe
wpsxnyoi.exe
2014_11rechnung_pdf_telekom.exe
6D114C7A21AAB94456D8E8D4AEF88362
0b577f76b08c5267eb5f2f8596127a28a6eaf5ff2089cff6be0b689f31850124.bin
6603af41b454333e.vir
cjkjlskf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.