× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 454d6d2bc3603106bbdb151cf61ab50bfbe5cc63dc4d9a1da7c899b7c7e6e32a
Dateiname: stub.exe
Erkennungsrate: 21 / 63
Analyse-Datum: 2017-07-14 07:09:58 UTC ( vor 1 Jahr, 7 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Gen:Variant.Mikey.66848 20170714
AegisLab Gen.Variant.Mikey!c 20170714
AhnLab-V3 Trojan/Win32.Agent.C2017432 20170714
ALYac Gen:Variant.Mikey.66848 20170714
Arcabit Trojan.Mikey.D10520 20170714
BitDefender Gen:Variant.Mikey.66848 20170714
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20170710
Cyren W32/Trojan.LNAY-0502 20170714
Emsisoft Gen:Variant.Mikey.66848 (B) 20170714
ESET-NOD32 a variant of Win32/GenKryptik.AMIN 20170714
F-Secure Gen:Variant.Mikey.66848 20170714
GData Gen:Variant.Mikey.66848 20170714
Kaspersky UDS:DangerousObject.Multi.Generic 20170714
MAX malware (ai score=88) 20170714
McAfee Artemis!2113A5C8E3AA 20170714
McAfee-GW-Edition Artemis!Trojan 20170714
eScan Gen:Variant.Mikey.66848 20170714
Palo Alto Networks (Known Signatures) generic.ml 20170714
Qihoo-360 Win32/Trojan.688 20170714
Rising Trojan.GenKryptik!8.AA55 (cloud:kLWSRrbrRDJ) 20170714
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170714
Alibaba 20170714
Antiy-AVL 20170714
Avast 20170714
AVG 20170714
Avira (no cloud) 20170713
AVware 20170714
Baidu 20170714
Bkav 20170713
CAT-QuickHeal 20170714
ClamAV 20170714
CMC 20170713
Comodo 20170714
Cylance 20170714
DrWeb 20170714
Endgame 20170713
F-Prot 20170714
Fortinet 20170629
Ikarus 20170713
Sophos ML 20170607
Jiangmin 20170714
K7AntiVirus 20170714
K7GW 20170714
Kingsoft 20170714
Malwarebytes 20170714
Microsoft 20170714
NANO-Antivirus 20170714
nProtect 20170714
Panda 20170713
SentinelOne (Static ML) 20170516
Sophos AV 20170714
SUPERAntiSpyware 20170714
Symantec 20170714
Symantec Mobile Insight 20170713
Tencent 20170714
TheHacker 20170712
TrendMicro 20170714
TrendMicro-HouseCall 20170714
Trustlook 20170714
VBA32 20170713
VIPRE 20170714
ViRobot 20170714
Webroot 20170714
WhiteArmor 20170713
Yandex 20170713
Zillya 20170713
Zoner 20170714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-26 15:13:08
Entry Point 0x0003198E
Number of sections 6
PE sections
PE imports
SystemFunction036
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetACP
FindFirstFileExW
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
SetLastError
LeaveCriticalSection
Ord(272)
Ord(264)
Ord(465)
Ord(349)
Ord(337)
Ord(270)
Ord(266)
_hypot
Ord(347)
Ord(276)
Ord(332)
Ord(469)
_calloc_dbg
Ord(274)
_i64toa_s
_assert
Ord(554)
_gmtime64_s
Ord(459)
Ord(278)
_except_handler2
_heapused
Ord(463)
Ord(339)
Ord(458)
_atoi_l
_dup
_cabs
_difftime64
_endthread
_beep
_heapmin
_ecvt
Ord(461)
Ord(473)
Ord(471)
_initterm_e
_atoi64
Ord(259)
_atoldbl
_i64tow_s
Ord(335)
Ord(548)
Ord(346)
Ord(350)
_inpd
Ord(261)
Ord(333)
Ord(550)
_except_handler4_common
_cgets
Ord(342)
_atodbl_l
Ord(344)
_execlp
_execlpe
Ord(268)
_heapadd
Ord(467)
Ord(546)
_beginthreadex
_execl
_eof
Ord(549)
_difftime32
Ord(557)
Ord(545)
Ord(556)
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL DEFAULT 7
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.1.618

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
394240

EntryPoint
0x3198e

OriginalFileName
FoxitPhantomPDF.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004-2014 Foxit Corporation. All Rights Reserved.

FileVersion
6, 2, 1, 0618

TimeStamp
2017:06:26 16:13:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FoxitPhantomPDF.exe

ProductVersion
6, 2, 1, 0618

FileDescription
Foxit PhantomPDF 6.2

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Foxit Corporation

CodeSize
241152

ProductName
Foxit PhantomPDF

ProductVersionNumber
6.2.1.618

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2113a5c8e3aadec81b795919f1bf759f
SHA1 702fba99fc9cd58e02be8f70ea89c9661fa7d736
SHA256 454d6d2bc3603106bbdb151cf61ab50bfbe5cc63dc4d9a1da7c899b7c7e6e32a
ssdeep
3072:ftZD/kQJh2yw0efHf0VxLNRny2DtBewJH:1ZD//4jS

authentihash 979ea26f67d4f43fd735a596d0b29f8881a8248130c6901fbeb424c5ae60102b
imphash 531d8d89930fc3c9cf38b44f011d8a1f
File size 623.0 KB ( 637952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-14 02:29:19 UTC ( vor 1 Jahr, 7 Monate )
Last submission 2018-01-21 09:42:10 UTC ( vor 1 Jahr, 1 Monat )
Dateinamen stub.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!