× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 5bb007565f5200404cdb1da88dfc5a32ef58d1a2af01ca9ee1ae7386195a4b60
Dateiname: Installer.exe
Erkennungsrate: 2 / 55
Analyse-Datum: 2014-12-02 13:00:30 UTC ( vor 2 Jahre, 9 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Bkav HW32.Packed.7C27 20141202
CMC Trojan.Win32.VBKrypt!O 20141201
Ad-Aware 20141202
AegisLab 20141202
Yandex 20141201
AhnLab-V3 20141202
ALYac 20141202
Antiy-AVL 20141202
Avast 20141202
AVG 20141202
Avira (no cloud) 20141202
AVware 20141121
Baidu-International 20141202
BitDefender 20141202
ByteHero 20141202
CAT-QuickHeal 20141202
ClamAV 20141202
Comodo 20141202
Cyren 20141202
DrWeb 20141202
ESET-NOD32 20141202
F-Prot 20141202
F-Secure 20141202
Fortinet 20141202
GData 20141202
Ikarus 20141202
Jiangmin 20141201
K7AntiVirus 20141202
K7GW 20141202
Kaspersky 20141202
Kingsoft 20141202
Malwarebytes 20141202
McAfee 20141202
McAfee-GW-Edition 20141202
Microsoft 20141202
eScan 20141202
NANO-Antivirus 20141202
Norman 20141202
nProtect 20141202
Panda 20141202
Qihoo-360 20141202
Rising 20141202
Sophos AV 20141202
SUPERAntiSpyware 20141202
Symantec 20141202
Tencent 20141202
TheHacker 20141201
TotalDefense 20141202
TrendMicro 20141202
TrendMicro-HouseCall 20141202
VBA32 20141202
VIPRE 20141202
ViRobot 20141202
Zillya 20141201
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.1.15.04
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-12 01:45:37
Entry Point 0x0018B2CB
Number of sections 3
PE sections
PE imports
RegCloseKey
GetOpenFileNameA
BitBlt
GetProcAddress
GetModuleHandleA
SafeArrayGetDim
GetModuleBaseNameA
DragFinish
VerQueryValueA
mixerOpen
WSACleanup
CoGetObject
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_RCDATA 3
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 24
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.1.15.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
982016

MIMEType
application/octet-stream

FileVersion
1.1.15.04

TimeStamp
2014:08:12 02:45:37+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:12:29 02:19:06+01:00

ProductVersion
1.1.15.04

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:12:29 02:19:06+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
594944

FileSubtype
0

ProductVersionNumber
1.1.15.4

EntryPoint
0x18b2cb

ObjectFileType
Executable application

File identification
MD5 deed1948dfda4502bcc11dbe67862fbb
SHA1 f53d5bc78a90b47c927250f6d65db141cf8a0c55
SHA256 5bb007565f5200404cdb1da88dfc5a32ef58d1a2af01ca9ee1ae7386195a4b60
ssdeep
12288:VPtI4EnOs/fxcWR9bQjiLf3GKgLJUuP59OywwiyB3GEALS:BtI4Up/fxvsjG3GKgFUuP59OywY3GnS

authentihash cc80aeaff08a978065e4de20dd97bbec1fbe530401c2906bceae4fe401ff6e0c
imphash 00f4c09ccfa6e99153e1f3dd9e0448de
File size 504.0 KB ( 516096 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-02 13:00:30 UTC ( vor 2 Jahre, 9 Monate )
Last submission 2014-12-02 13:00:30 UTC ( vor 2 Jahre, 9 Monate )
Dateinamen Installer.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.