× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 46f0c9955e0b80650ac4ec8d24476f763cf18dad1204c0840df282b73b97651f
Dateiname: ExBox.exe
Erkennungsrate: 0 / 56
Analyse-Datum: 2017-01-10 08:56:21 UTC ( vor 4 Monate, 2 Wochen ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware 20170110
AegisLab 20170110
AhnLab-V3 20170109
Alibaba 20170110
ALYac 20170110
Antiy-AVL 20170110
Arcabit 20170110
Avast 20170110
AVG 20170110
Avira (no cloud) 20170110
AVware 20170110
Baidu 20170110
BitDefender 20170110
Bkav 20170110
CAT-QuickHeal 20170110
ClamAV 20170110
CMC 20170110
Comodo 20170110
CrowdStrike Falcon (ML) 20161024
Cyren 20170110
DrWeb 20170110
Emsisoft 20170110
ESET-NOD32 20170110
F-Prot 20170110
F-Secure 20170110
Fortinet 20170110
GData 20170110
Ikarus 20170109
Invincea 20161216
Jiangmin 20170110
K7AntiVirus 20170110
K7GW 20170110
Kaspersky 20170110
Kingsoft 20170110
Malwarebytes 20170110
McAfee 20170108
McAfee-GW-Edition 20170110
Microsoft 20170110
eScan 20170110
NANO-Antivirus 20170110
nProtect 20170110
Panda 20170109
Qihoo-360 20170110
Rising 20170110
Sophos 20170110
SUPERAntiSpyware 20170110
Tencent 20170110
TheHacker 20170108
TrendMicro 20170110
TrendMicro-HouseCall 20170110
Trustlook 20170110
VBA32 20170109
VIPRE 20170110
ViRobot 20170110
WhiteArmor 20170109
Yandex 20170109
Zillya 20170109
Zoner 20170110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
M. Hoffmann

Product ExBox!
Internal name ExBox!
File version 2.2.5.8157
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-10 08:55:20
Entry Point 0x00D49590
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawDibOpen
AVIFileExit
ImageList_Add
PrintDlgW
ImmGetContext
AlphaBlend
OleDraw
VariantCopy
OleCreatePropertyFrame
DragFinish
VerQueryValueA
InternetOpenW
timeGetTime
OpenPrinterW
Number of PE resources by type
RT_STRING 71
RT_RCDATA 65
RT_CURSOR 57
RT_BITMAP 49
RT_GROUP_CURSOR 44
UNICODEDATA 6
RT_ICON 5
RT_DIALOG 4
MAD 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 136
ITALIAN 68
ENGLISH US 56
GERMAN 20
NEUTRAL SYS DEFAULT 16
GERMAN ARABIC JORDAN 7
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
7475200

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.5.8157

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
311296

EntryPoint
0xd49590

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2.5.8157

TimeStamp
2017:01:10 09:55:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ExBox!

ProductVersion
2.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
M. Hoffmann

MachineType
Intel 386 or later, and compatibles

CompanyName
MonkeyBits

CodeSize
6455296

LastCompiledTime
2017.01.10 09:55:16

ProductName
ExBox!

ProductVersionNumber
2.2.5.8157

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 ed5f22bdd243e91ed9f3b601b9d96f3b
SHA1 88aacc4e8993768bb6323ad9ba6c7b0a621f13dd
SHA256 46f0c9955e0b80650ac4ec8d24476f763cf18dad1204c0840df282b73b97651f
ssdeep
196608:wUkfqXBFUU4lJtBzJWTvWjiyIevmFXS/86losrTe3K:Y4aQ4PrmFafoD3K

authentihash 239713870809efb0af367cb8e2fff8afda23f7e45ec1c8baf8de0b1ef74d50ee
imphash a2e210a8ab33cd395f034101975835a6
File size 6.5 MB ( 6764032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.3%)
Win32 Executable (generic) (7.0%)
Win16/32 Executable Delphi generic (3.2%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-01-10 08:56:21 UTC ( vor 4 Monate, 2 Wochen )
Last submission 2017-03-13 21:56:29 UTC ( vor 2 Monate, 1 Woche )
Dateinamen ExBox.exe
ExBox.exe
ExBox!
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications