× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 16e9e5990b986ae64eb9aee6380a0f0a72c843abdee36e86b3d71b892020d605
Dateiname: ExBox.exe
Erkennungsrate: 0 / 56
Analyse-Datum: 2017-01-10 06:39:53 UTC ( vor 6 Monate, 1 Woche )
Antivirus Ergebnis Aktualisierung
Ad-Aware 20170110
AegisLab 20170110
AhnLab-V3 20170109
Alibaba 20170110
ALYac 20170110
Antiy-AVL 20170110
Arcabit 20170110
Avast 20170110
AVG 20170109
Avira (no cloud) 20170109
AVware 20170110
Baidu 20170110
BitDefender 20170110
Bkav 20170110
CAT-QuickHeal 20170110
ClamAV 20170110
CMC 20170109
Comodo 20170110
CrowdStrike Falcon (ML) 20161024
Cyren 20170110
DrWeb 20170110
Emsisoft 20170110
ESET-NOD32 20170110
F-Prot 20170110
F-Secure 20170110
Fortinet 20170110
GData 20170110
Ikarus 20170109
Sophos ML 20161216
Jiangmin 20170110
K7AntiVirus 20170110
K7GW 20170110
Kaspersky 20170110
Kingsoft 20170110
Malwarebytes 20170110
McAfee 20170108
McAfee-GW-Edition 20170110
Microsoft 20170110
eScan 20170110
NANO-Antivirus 20170110
nProtect 20170110
Panda 20170109
Qihoo-360 20170110
Rising 20170110
Sophos AV 20170110
SUPERAntiSpyware 20170110
Tencent 20170110
TheHacker 20170108
TrendMicro 20170110
TrendMicro-HouseCall 20170110
Trustlook 20170110
VBA32 20170109
VIPRE 20170110
ViRobot 20170110
WhiteArmor 20170109
Yandex 20170109
Zillya 20170109
Zoner 20170110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
M. Hoffmann

Product ExBox!
Internal name ExBox!
File version 2.2.5.8137
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-10 06:14:16
Entry Point 0x00D49610
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawDibOpen
AVIFileExit
ImageList_Add
PrintDlgW
ImmGetContext
AlphaBlend
OleDraw
VariantCopy
OleCreatePropertyFrame
DragFinish
VerQueryValueA
InternetOpenW
timeGetTime
OpenPrinterW
Number of PE resources by type
RT_STRING 71
RT_RCDATA 65
RT_CURSOR 57
RT_BITMAP 49
RT_GROUP_CURSOR 44
UNICODEDATA 6
RT_ICON 5
RT_DIALOG 4
MAD 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 136
ITALIAN 68
ENGLISH US 56
GERMAN 20
NEUTRAL SYS DEFAULT 16
GERMAN ARABIC JORDAN 7
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
7475200

InitializedDataSize
311296

ImageVersion
0.0

ProductName
ExBox!

FileVersionNumber
2.2.5.8137

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2.5.8137

TimeStamp
2017:01:10 07:14:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ExBox!

ProductVersion
2.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
M. Hoffmann

MachineType
Intel 386 or later, and compatibles

CompanyName
MonkeyBits

CodeSize
6455296

LastCompiledTime
2017.01.10 07:12:42

FileSubtype
0

ProductVersionNumber
2.2.5.8137

EntryPoint
0xd49610

ObjectFileType
Executable application

File identification
MD5 ed61bc340174422c73552eb15f72d3af
SHA1 6d990f0b43abd6d721f52a5eeff20213db18cc3c
SHA256 16e9e5990b986ae64eb9aee6380a0f0a72c843abdee36e86b3d71b892020d605
ssdeep
196608:/UkfqXBFUU4lJtB8A5KmOqefCNS6rWjvs4b21K:74aBMdqex6A21K

authentihash cd7f86c9e31207e641c06cab59e978cc611560b28787f0459c4a5f3787bda02a
imphash a2e210a8ab33cd395f034101975835a6
File size 6.5 MB ( 6764544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.3%)
Win32 Executable (generic) (7.0%)
Win16/32 Executable Delphi generic (3.2%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-01-10 06:39:53 UTC ( vor 6 Monate, 1 Woche )
Last submission 2017-01-10 06:39:53 UTC ( vor 6 Monate, 1 Woche )
Dateinamen ExBox.exe
ExBox!
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications