× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 4aaa6131a78ebfc104a0f0441f31d960a0244639f945d5caaa608ffd7f338656
Dateiname: Vertex[42-47] - copia.exe
Erkennungsrate: 36 / 46
Analyse-Datum: 2013-06-14 10:32:45 UTC ( vor 5 Jahre, 8 Monate )
Antivirus Ergebnis Aktualisierung
AhnLab-V3 Trojan/Win32.Agent 20130613
AntiVir BDS/Vertex.A 20130614
Avast Win32:Agent-APFQ [Trj] 20130614
AVG Generic32.XSA 20130614
BitDefender Trojan.Generic.6490082 20130614
CAT-QuickHeal Trojan.Dusvext.A5 20130614
Commtouch W32/Dusvext.JEML-8693 20130614
Comodo Backdoor.Win32.Amtar.vna 20130614
DrWeb BackDoor.Vertex.25 20130614
Emsisoft Trojan.Generic.6490082 (B) 20130614
ESET-NOD32 Win32/Vnfraye.A 20130614
F-Prot W32/Dusvext.A 20130614
Fortinet W32/Vnfraye.AAA!tr 20130614
GData Trojan.Generic.6490082 20130614
Ikarus Trojan.Win32.Agent 20130614
Jiangmin Trojan/Agent.gzsh 20130614
K7AntiVirus Trojan 20130613
K7GW Trojan 20130613
Kaspersky Trojan.Win32.Agent2.fkmt 20130614
Kingsoft Win32.Troj.Undef.(kcloud) 20130506
Malwarebytes Trojan.Agent 20130613
McAfee PWS-Zbot.gen.ajw 20130614
McAfee-GW-Edition PWS-Zbot.gen.ajw 20130614
Microsoft Trojan:Win32/Dusvext.A 20130614
eScan Trojan.Generic.6490082 20130614
NANO-Antivirus Trojan.Win32.MLW.cptkp 20130614
Norman Vertex.A 20130614
nProtect Trojan/W32.Agent.146944.FJ 20130614
Panda Generic Trojan 20130613
Rising Suspicious 20130614
SUPERAntiSpyware Trojan.Agent/Gen-Dusvext 20130614
TotalDefense Win32/Tnega.AGBV 20130614
TrendMicro TROJ_DUSVEXT.SM 20130614
TrendMicro-HouseCall TROJ_DUSVEXT.SM 20130614
VBA32 BackDoor.Vertex.01368 20130614
ViRobot Backdoor.Win32.IRCBot.146944.J 20130614
Yandex 20130613
Antiy-AVL 20130613
ByteHero 20130613
ClamAV 20130614
eSafe 20130613
PCTools 20130521
Sophos AV 20130614
Symantec 20130614
TheHacker 20130612
VIPRE 20130614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-20 14:05:05
Entry Point 0x0000AF4A
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
GetUserNameA
RegDeleteKeyA
GetCurrentHwProfileA
RegSetValueExA
GetStdHandle
GetFileAttributesA
WaitForSingleObject
EncodePointer
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LoadResource
TlsGetValue
SetLastError
GetModuleFileNameW
CopyFileA
HeapAlloc
GetModuleFileNameA
HeapSetInformation
GetVolumeInformationA
Module32First
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
CreateThread
Module32Next
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
Process32Next
Process32First
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
GetComputerNameA
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WinExec
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
SHGetSpecialFolderPathA
ShellExecuteA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
GetKeyboardState
SetWindowsHookExA
DispatchMessageA
MessageBoxA
ToAscii
TranslateMessage
GetWindowTextA
GetLastInputInfo
GetKeyState
CallNextHookEx
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Ord(3)
Ord(11)
Ord(10)
Ord(57)
Ord(23)
Ord(16)
Ord(116)
Ord(4)
Ord(115)
Ord(52)
Ord(19)
Ord(9)
URLDownloadToFileA
Number of PE resources by type
RT_RCDATA 7
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL SYS DEFAULT 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:20 15:05:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
110080

LinkerVersion
10.0

EntryPoint
0xaf4a

InitializedDataSize
35840

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 25e652615e8ec8a0b8116c7b4d7797b1
SHA1 63f78c1ea0fba759d147c4bc2a78de1e0a7b668e
SHA256 4aaa6131a78ebfc104a0f0441f31d960a0244639f945d5caaa608ffd7f338656
ssdeep
3072:IsD2ADkpFGkTXlDJA6ba2esDetNxVgQ+GV90hlv:IplzpTVDVa2en/VUMqhN

File size 143.5 KB ( 146944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-14 10:32:45 UTC ( vor 5 Jahre, 8 Monate )
Last submission 2013-06-14 10:32:45 UTC ( vor 5 Jahre, 8 Monate )
Dateinamen Vertex[42-47] - copia.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications