× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 626b6852fc49ff6b96124684d67fe7fef852f2cab2425704467c4a0307f7b0b8
Dateiname: aboode.no-ip.org.exe
Erkennungsrate: 47 / 54
Analyse-Datum: 2015-10-26 23:05:49 UTC ( vor 2 Jahre, 12 Monate )
Antivirus Ergebnis Aktualisierung
Yandex Trojan.Zobok.Gen.LP 20151026
AhnLab-V3 Dropper/Win32.Sysn 20151026
ALYac Gen:Variant.Graftor.139944 20151027
Antiy-AVL Trojan/Win32.Boht.akq 20151027
Arcabit Trojan.Graftor.D222A8 20151027
Avast Win32:NewPos-A [Trj] 20151027
AVG BackDoor.Delf.19.Q 20151026
Avira (no cloud) BDS/Hupigon.Gen 20151027
AVware Backdoor.Win32.Bezigate.a (v) 20151026
Baidu-International Trojan.Win32.Boht.akq 20151026
BitDefender Gen:Variant.Graftor.139944 20151027
ByteHero Virus.Win32.Heur.l 20151027
CAT-QuickHeal Trojan.Boht.08293 20151027
ClamAV Win.Trojan.Agent-722538 20151027
Comodo TrojWare.Win32.Boht.AKQ 20151027
Cyren W32/Backdoor.VCKA-5321 20151027
DrWeb Trojan.DownLoad3.35495 20151027
Emsisoft Gen:Variant.Graftor.139944 (B) 20151027
ESET-NOD32 Win32/Delf.AJG 20151027
F-Secure Gen:Variant.Graftor.139944 20151027
Fortinet W32/Boht.AAR!tr 20151026
GData Gen:Variant.Graftor.139944 20151027
Ikarus Trojan-Banker.Win32.Agent 20151027
Jiangmin Trojan/Generic.bpfay 20151026
K7AntiVirus Trojan ( 004afb891 ) 20151026
K7GW Trojan ( 004afb891 ) 20151026
Kaspersky Trojan.Win32.Boht.akq 20151027
Malwarebytes Backdoor.Bozok 20151026
McAfee BackDoor-FBVR!D39AC369D846 20151027
McAfee-GW-Edition BehavesLike.Win32.Backdoor.nh 20151027
Microsoft Backdoor:Win32/Bezigate!rfn 20151027
eScan Gen:Variant.Graftor.139944 20151027
NANO-Antivirus Trojan.Win32.Hupigon.cwsgdx 20151026
nProtect Trojan/W32.Boht.33280 20151026
Panda Trj/Genetic.gen 20151026
Rising PE:Backdoor.Bezigate!6.993 [F] 20151026
Sophos AV Mal/Generic-S 20151027
SUPERAntiSpyware Trojan.Agent/Gen-Delf 20151027
Symantec Backdoor.Bezigate 20151026
Tencent Win32.Trojan.Boht.Wqwo 20151027
TheHacker Trojan/Delf.aav 20151026
TotalDefense Win32/Tnega.bfTaFFB 20151026
TrendMicro TROJ_GEN.R06AE01D815 20151027
VBA32 Trojan.Boht 20151026
VIPRE Backdoor.Win32.Bezigate.a (v) 20151027
ViRobot Backdoor.Win32.Agent.33280.Q[h] 20151026
Zillya Trojan.Boht.Win32.1568 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
CMC 20151026
F-Prot 20151027
TrendMicro-HouseCall 20151027
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000071F0
Number of sections 6
PE sections
PE imports
URLDownloadToFileW
CloseServiceHandle
RegDeleteValueW
RegCloseKey
StartServiceW
RegSetValueExW
QueryServiceStatus
GetUserNameW
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
OpenServiceW
ControlService
EnumServicesStatusW
RegEnumValueA
RegDeleteKeyW
RegQueryValueExW
GetServiceDisplayNameW
GetLastError
FindClose
GetDriveTypeW
GetComputerNameW
OpenProcess
TerminateThread
GetLocaleInfoW
GetModuleFileNameW
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
LoadLibraryA
lstrlenW
CopyFileW
CreatePipe
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
GetFileSize
lstrcatA
LockResource
CreateThread
SetErrorMode
CreateDirectoryW
DeleteFileW
lstrcatW
IsBadReadPtr
lstrcpynW
lstrcpyW
WideCharToMultiByte
GetModuleHandleA
lstrcmpA
ReadFile
SetNamedPipeHandleState
WriteFile
GetCurrentProcess
CreateMutexW
FindNextFileW
FindFirstFileW
lstrcmpW
GetProcAddress
FreeLibrary
FindResourceA
TerminateProcess
CreateProcessA
LoadResource
lstrcpyA
CreateFileW
VirtualFree
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
Sleep
MoveFileW
GetTickCount
HeapAlloc
OutputDebugStringA
GetProcessHeap
VirtualAlloc
GetCurrentProcessId
CloseHandle
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
StrToIntW
EnumWindows
wsprintfA
MessageBoxW
SendMessageW
wsprintfW
GetForegroundWindow
IsWindowVisible
GetWindowTextW
GetWindowPlacement
keybd_event
SetCursorPos
mouse_event
ShowWindow
GetLastInputInfo
socket
closesocket
inet_addr
send
WSAStartup
gethostbyname
connect
shutdown
htons
recv
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
2.25

EntryPoint
0x71f0

InitializedDataSize
6656

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d39ac369d8467b4fa6d6ee2d99111c5a
SHA1 f452e7ef85098f6f0900779aab2881482308db49
SHA256 626b6852fc49ff6b96124684d67fe7fef852f2cab2425704467c4a0307f7b0b8
ssdeep
384:fZzPGPxHwgaWu7/+ulyEMZBSbtR+aHD7N9wUjOreoKxDIqPODwPMShkm/cbFk1Gl:fFqiDZZgzw0qBPbhbO9Ysax58svri

authentihash 3d1eee864ab92c95f149f6ce2d9ccce916e2545314561db47d07532483dfdf72
imphash 8cfee0552f7a278a049c207cb09920ab
File size 32.5 KB ( 33280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2015-04-01 18:22:18 UTC ( vor 3 Jahre, 6 Monate )
Last submission 2015-04-01 18:22:18 UTC ( vor 3 Jahre, 6 Monate )
Dateinamen aboode.no-ip.org.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R06AE01D815.

Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests