× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 55f8b8529a1a1bc8373fc058c709c873fe687a82654337d5c53d9ed83114e9cb
Dateiname: KingsRoadHack__7934_il2498233.exe
Erkennungsrate: 21 / 51
Analyse-Datum: 2015-01-11 22:46:41 UTC ( vor 4 Jahre, 2 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Application.Bundler.Amonetize.AO 20150111
AhnLab-V3 PUP/Win32.Amonetiz 20150111
Antiy-AVL GrayWare[AdWare:not-a-virus]/Win32.Amonetize 20150111
AVG Generic.FFA 20150111
Avira (no cloud) Adware/Amonetize.478400.2 20150110
BitDefender Application.Bundler.Amonetize.AO 20150110
DrWeb Trojan.Adfltnet.71 20150111
ESET-NOD32 a variant of Win32/Amonetize.CS 20150111
Fortinet Adware/Amonetize 20150111
GData Application.Bundler.Amonetize.AO 20150111
Kaspersky not-a-virus:AdWare.Win32.Amonetize.rzi 20150111
Malwarebytes PUP.Optional.Bundle 20150111
McAfee Artemis!0E9C57FC3C87 20150111
McAfee-GW-Edition Artemis!PUP 20150111
NANO-Antivirus Trojan.Win32.Adfltnet.dlwosi 20150111
Panda Generic Suspicious 20150111
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150111
Symantec Trojan.Gen.2 20150111
TrendMicro TROJ_SPNR.08A815 20150111
TrendMicro-HouseCall TROJ_SPNR.08A815 20150111
Zillya Adware.Amonetize.Win32.1967 20150111
AegisLab 20150111
Yandex 20150111
ALYac 20150111
Avast 20150111
Baidu-International 20150111
Bkav 20150109
ByteHero 20150111
CAT-QuickHeal 20150110
ClamAV 20150111
Comodo 20150111
Cyren 20150110
F-Prot 20150111
Ikarus 20150111
Jiangmin 20150111
K7AntiVirus 20150111
K7GW 20150110
Kingsoft 20150111
Microsoft 20150111
eScan 20150108
Norman 20150111
nProtect 20150109
Rising 20150111
SUPERAntiSpyware 20150111
Tencent 20150111
TheHacker 20150106
TotalDefense 20150111
VBA32 20150110
VIPRE 20150111
ViRobot 20150110
Zoner 20150107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher AMGRUP LLC
Original name setup.exe
Internal name setup.exe
File version 1.1.5.90
Signature verification Signed file, verified signature
Signing date 3:16 PM 1/6/2015
Signers
[+] AMGRUP LLC
Status Valid
Issuer None
Valid from 1:00 AM 12/2/2014
Valid to 12:59 AM 12/3/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm 1.2.840.113549.1.1.11
Thumbprint 638A1FABF016D7A0DCFC210E5593B15F72670836
Serial number 7B EE 5C 21 71 C6 44 AF 5B 91 7C 9D 0C 4D C0 06
[+] Thawte Code Signing CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer None
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-05 07:54:45
Entry Point 0x00012458
Number of sections 5
PE sections
Overlays
MD5 0e71b490ed52ea6c3cbafdb995d58d2b
File type data
Offset 472576
Size 5824
Entropy 7.37
PE imports
RegSetValueW
RegCloseKey
RegOpenKeyW
RegQueryValueW
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeLibrary
GetStdHandle
GetACP
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
SizeofResource
GetLocaleInfoA
GetCurrentProcessId
ReleaseSemaphore
LockResource
GetCommandLineW
IsValidCodePage
CreateThread
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetUserDefaultLCID
EncodePointer
GetCurrentThread
RaiseException
CreateSemaphoreA
WideCharToMultiByte
LoadLibraryW
TlsFree
FatalAppExitA
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
DecodePointer
CloseHandle
ResetEvent
IsValidLocale
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapDestroy
HeapAlloc
TerminateProcess
AddVectoredExceptionHandler
InitializeCriticalSection
HeapCreate
VirtualFree
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcAddress
VirtualAlloc
SetConsoleCtrlHandler
SetLastError
LeaveCriticalSection
LoadIconW
EnumWindows
LoadIconA
StringFromIID
CoTaskMemFree
CoGetClassObject
Number of PE resources by type
RT_BITMAP 20
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 22
NEUTRAL 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
301056

ImageVersion
0.0

FileVersionNumber
1.1.5.90

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

FileVersion
1.1.5.90

TimeStamp
2015:01:05 08:54:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
1.1.5.90

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
170496

FileSubtype
0

ProductVersionNumber
1.1.5.90

EntryPoint
0x12458

ObjectFileType
Executable application

File identification
MD5 0e9c57fc3c8750ac1dd3adbd54b98d79
SHA1 c189db32678d71bb8396438118a8c865b70c234c
SHA256 55f8b8529a1a1bc8373fc058c709c873fe687a82654337d5c53d9ed83114e9cb
ssdeep
6144:2iiMPvaFGvvgMABHn0R1+CICsWTgdE1bUbN8RnEOxlD/+qg40Frw151cGYtEsGTE:2irysgLHnGZsNWSunLxliqglFUHD1E

authentihash cace0ffa476e6dff0f2037add2d8babf99755cb6ae05d0d385ff60cff240508d
imphash 88a8b10aa65ee013d9d07811a67d1d2a
File size 467.2 KB ( 478400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-01-06 14:17:30 UTC ( vor 4 Jahre, 2 Monate )
Last submission 2015-11-27 11:26:52 UTC ( vor 3 Jahre, 3 Monate )
Dateinamen 52160149
androidandioshacktool__7934_il1719907.exe
paypalhack__6858_il2533969.exe
CrackWinXP__7934_il2083156.exe
Crack__6858_il2064195.exe
ShakesandFidgetGenerator32__6858_il2041911.exe
Launcher__6858_il1830593.exe
WeebTVBezLimituexe__6858_il2269694.exe
Launcher__6858_il2310220.exe
suerveydownloader__7934_il2230616.exe
Launcher__6858_il1757731.exe
Launcher__6858_il2209127.exe
CoDAW__6858_il2065402.exe
GladiatusHack__7934_il2281339.exe
Minecrafthack__7934_il2363136.exe
Launcher__6858_il1751677.exe
keygen2__6858_il1902182.exe
Setup__7123_il8575.exe
SciLorsGrooovesharkDownloader__3502_il2552.exe
GTA5KEYS__6858_il1979884.exe
ShakesandFidgetGenerator32__6858_il2500294.exe
Fifaworldcoinsgenerator__7934_il2105958.exe
keywordrequest__6858_il1757520.exe
PortraitPro12Crack__7934_il1666040.exe
FacebookPasswordCrackerLEAKED2015FREE__6858_il2198762.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications