× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 41748db90eacfa59b92c74f41f9408322c022dcb6e560f2fafcc3bf96e27ea7a
Dateiname: Computer Werkzeugkiste.exe
Erkennungsrate: 5 / 67
Analyse-Datum: 2018-11-30 21:10:45 UTC ( vor 4 Monate, 3 Wochen ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181130
McAfee-GW-Edition BehavesLike.Win32.DLSponsor.cm 20181130
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine malicious.moderate.ml.score 20181128
Ad-Aware 20181130
AegisLab 20181130
AhnLab-V3 20181130
Alibaba 20180921
ALYac 20181130
Antiy-AVL 20181130
Arcabit 20181130
Avast 20181130
Avast-Mobile 20181130
AVG 20181130
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
BitDefender 20181130
Bkav 20181129
CAT-QuickHeal 20181130
ClamAV 20181130
CMC 20181130
Comodo 20181130
Cyren 20181130
DrWeb 20181130
eGambit 20181130
Emsisoft 20181130
Endgame 20181108
ESET-NOD32 20181130
F-Prot 20181130
F-Secure 20181130
Fortinet 20181130
GData 20181130
Ikarus 20181130
Sophos ML 20181128
Jiangmin 20181130
K7AntiVirus 20181130
K7GW 20181130
Kaspersky 20181130
Kingsoft 20181130
Malwarebytes 20181130
MAX 20181130
McAfee 20181130
Microsoft 20181130
eScan 20181130
NANO-Antivirus 20181130
Palo Alto Networks (Known Signatures) 20181130
Panda 20181130
Qihoo-360 20181130
Rising 20181130
Sophos AV 20181130
SUPERAntiSpyware 20181128
Symantec 20181130
Symantec Mobile Insight 20181121
TACHYON 20181130
Tencent 20181130
TheHacker 20181129
TrendMicro 20181130
TrendMicro-HouseCall 20181130
Trustlook 20181130
VBA32 20181130
ViRobot 20181130
Webroot 20181130
Yandex 20181129
Zillya 20181130
ZoneAlarm by Check Point 20181130
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Top-PE.de

File version 1.0.9.0
Description Computer Werkzeugkiste
Comments Computer Werkzeugkiste
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-30 20:16:52
Entry Point 0x00150A60
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_ICON 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 11
GERMAN 2
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024000

Comments
Computer Werkzeugkiste

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.9.0

LanguageCode
German

FileFlagsMask
0x0000

FileDescription
Computer Werkzeugkiste

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
495616

EntryPoint
0x150a60

MIMEType
application/octet-stream

LegalCopyright
Top-PE.de

FileVersion
1.0.9.0

TimeStamp
2018:11:30 21:16:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.3.14.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
352256

FileSubtype
0

ProductVersionNumber
3.3.14.2

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 ef25a1956234f6ca0eb2b453f9735de7
SHA1 838acc965a3a886bc028dfc8f06c5cb22ef1e131
SHA256 41748db90eacfa59b92c74f41f9408322c022dcb6e560f2fafcc3bf96e27ea7a
ssdeep
24576:94GHnhIzOaBInNNNN6Ny1zNNNyNNNjmFHVdrNTNZN8NCeP4e:ashdaBUNNNN6NyNNNNyNNNSFHLrNTNZN

authentihash 131423d66f559966a49728195d1083dd547b95b888233d31f9be0c0602522f78
imphash fc6683d30d9f25244a50fd5357825e79
File size 826.0 KB ( 845824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-11-30 21:10:45 UTC ( vor 4 Monate, 3 Wochen )
Last submission 2018-11-30 21:10:45 UTC ( vor 4 Monate, 3 Wochen )
Dateinamen Computer Werkzeugkiste.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.