× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 0dd2c369816a22c313067349a91f96770702abb0324b57445ee1e2dc535b3765
Dateiname: 1_1_kundencenter_mobilfunk_2014_11_de_0209_0000328362_2761287_12_...
Erkennungsrate: 24 / 53
Analyse-Datum: 2014-11-23 17:50:29 UTC ( vor 4 Jahre, 2 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Trojan.GenericKD.1989114 20141123
AhnLab-V3 Trojan/Win32.ZBot 20141123
Avast Win32:Malware-gen 20141123
Avira (no cloud) TR/Crypt.Xpack.105524 20141123
Baidu-International Trojan.Win32.Injector.bBPXI 20141123
BitDefender Trojan.GenericKD.1989114 20141123
Bkav HW32.Packed.F74F 20141120
DrWeb Trojan.Emotet.50 20141123
Emsisoft Trojan.GenericKD.1989114 (B) 20141123
ESET-NOD32 a variant of Win32/Injector.BPXI 20141123
F-Secure Trojan.GenericKD.1989114 20141123
Fortinet W32/BPXI!tr 20141123
GData Trojan.GenericKD.1989114 20141123
Ikarus Trojan.Win32.Injector 20141123
Kaspersky Backdoor.Win32.Androm.flzr 20141123
Malwarebytes Trojan.Agent.ED 20141123
McAfee Artemis!86A0F3A5A1B6 20141123
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20141122
Panda Trj/CI.A 20141123
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20141123
Sophos AV Troj/Inject-BGY 20141123
Tencent Win32.Trojan.Bp-generic.Ixrn 20141123
TrendMicro-HouseCall Suspicious_GEN.F47V1122 20141123
VIPRE Trojan.Win32.Generic!BT 20141123
AegisLab 20141123
Yandex 20141122
Antiy-AVL 20141123
AVG 20141123
AVware 20141121
ByteHero 20141123
CAT-QuickHeal 20141122
ClamAV 20141123
Comodo 20141123
Cyren 20141123
F-Prot 20141123
Jiangmin 20141122
K7AntiVirus 20141121
K7GW 20141121
Kingsoft 20141123
Microsoft 20141123
eScan 20141123
NANO-Antivirus 20141123
Norman 20141123
nProtect 20141121
Rising 20141123
SUPERAntiSpyware 20141123
Symantec 20141123
TheHacker 20141121
TotalDefense 20141123
VBA32 20141121
ViRobot 20141123
Zillya 20141122
Zoner 20141120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-21 18:12:29
Entry Point 0x0000289A
Number of sections 6
PE sections
PE imports
CreatePalette
BitBlt
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
CreateFileA
GlobalUnlock
GlobalLock
GetModuleFileNameA
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(2635)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(4273)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4303)
Ord(5214)
Ord(5442)
Ord(5301)
Ord(807)
Ord(4163)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(3127)
Ord(3597)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(796)
Ord(4823)
Ord(1746)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(3616)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(5186)
Ord(5503)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(350)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(1726)
Ord(4242)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(813)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(2446)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(5773)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6052)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(5265)
Ord(4238)
Ord(2510)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(5651)
Ord(4349)
Ord(2878)
Ord(3692)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(520)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(2390)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(560)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(860)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
memset
_adjust_fdiv
__CxxFrameHandler
_acmdln
_exit
__p__commode
memmove
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
EnableWindow
UpdateWindow
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
SyS 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:21 10:12:29-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
155648

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x289a

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 86a0f3a5a1b658da0b5a20350194be50
SHA1 7cfc8ca77840edde4dec7044a1d3a95e052065a8
SHA256 0dd2c369816a22c313067349a91f96770702abb0324b57445ee1e2dc535b3765
ssdeep
3072:z4X1iceabPJuZjbvpX2LLmZyT7HMoVe76qrbwuG:0FitjTpX2LaLos75H

authentihash 37dbeadd338e5aa6de175404c10e4bf1131af75db39a29af329ce78911add82a
imphash d41e2a0b5946f066b2fbc3f6f2ce1a29
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-22 18:37:02 UTC ( vor 4 Jahre, 3 Monate )
Last submission 2019-01-17 13:08:12 UTC ( vor 1 Monat )
Dateinamen 0dd2c369816a22c313067349a91f96770702abb0324b57445ee1e2dc535b3765.exe
rechnung_vodafone_de_2014_11_930370025_023870007_11_de_0000003837_888830.exe
1_1_kundencenter_mobilfunk_2014_11_de_0209_0000328362_2761287_12_78_009_2876237820002.exe
file-7727453_exe
rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe
ZXB0K.chm
virussign.com_86a0f3a5a1b658da0b5a20350194be50.vir
2014_11_transaktions_id_000000039190_de_398000283221_0033565020_029389227_92_200001.exe
2014_11_transaktions_id_000000039190_de_398000283221_0033565020_029389227_92_200001.exe
7cfc8ca77840edde4dec7044a1d3a95e052065a8.exe.vir
86a0f3a5a1b658da0b5a20350194be50.virobj
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests