× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 32f756811363ac3a035daa924154ebec69e85657e8373fe4b66c377c88296e24
Dateiname: my WAN-IP.exe
Erkennungsrate: 2 / 53
Analyse-Datum: 2016-01-21 15:58:15 UTC ( vor 2 Jahre, 6 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
McAfee-GW-Edition BehavesLike.Win32.Gupboot.jm 20160121
Qihoo-360 QVM11.1.Malware.Gen 20160121
Ad-Aware 20160121
AegisLab 20160121
Yandex 20160120
AhnLab-V3 20160121
Alibaba 20160121
ALYac 20160121
Antiy-AVL 20160121
Arcabit 20160121
Avast 20160121
AVG 20160121
Avira (no cloud) 20160121
Baidu-International 20160121
BitDefender 20160121
Bkav 20160121
ByteHero 20160121
CAT-QuickHeal 20160121
ClamAV 20160121
CMC 20160111
Comodo 20160121
Cyren 20160121
DrWeb 20160121
Emsisoft 20160121
ESET-NOD32 20160121
F-Prot 20160121
F-Secure 20160121
Fortinet 20160121
GData 20160121
Ikarus 20160121
Jiangmin 20160121
K7AntiVirus 20160121
K7GW 20160121
Kaspersky 20160121
Malwarebytes 20160121
McAfee 20160121
Microsoft 20160121
eScan 20160121
NANO-Antivirus 20160121
nProtect 20160121
Panda 20160120
Rising 20160121
Sophos AV 20160121
SUPERAntiSpyware 20160121
Symantec 20160120
TheHacker 20160119
TrendMicro 20160121
TrendMicro-HouseCall 20160121
VBA32 20160121
VIPRE 20160121
ViRobot 20160121
Zillya 20160121
Zoner 20160121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
-Top-PE.de-

File version 2.1.4.0
Description my WAN-IP
Comments my WAN-IP
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-21 15:36:18
Entry Point 0x00124A30
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 17
GERMAN 1
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
my WAN-IP

InitializedDataSize
315392

ImageVersion
0.0

FileVersionNumber
2.1.4.0

UninitializedDataSize
843776

LanguageCode
German

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.1.4.0

TimeStamp
2016:01:21 16:36:18+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.3.14.2

FileDescription
my WAN-IP

OSVersion
5.1

FileOS
Win32

LegalCopyright
-Top-PE.de-

MachineType
Intel 386 or later, and compatibles

CodeSize
352256

FileSubtype
0

ProductVersionNumber
3.3.14.2

EntryPoint
0x124a30

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 a63749fa70bfb5abf70e5d5273958ed1
SHA1 e58cfef960712a557072eb606a97808f16a5d32e
SHA256 32f756811363ac3a035daa924154ebec69e85657e8373fe4b66c377c88296e24
ssdeep
12288:RozGdX0M4ornOmZIzfMwHHQmRROXKOBZ4N:R4GHnhIzOakZe

authentihash 943eb8cec93974dcf43b603eae24f24f1a0f2d24aedc1654ce73821950d1b5d8
imphash fc6683d30d9f25244a50fd5357825e79
File size 652.0 KB ( 667648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-01-21 15:58:15 UTC ( vor 2 Jahre, 6 Monate )
Last submission 2016-01-21 15:58:15 UTC ( vor 2 Jahre, 6 Monate )
Dateinamen my WAN-IP.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections
UDP communications