× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 632ea6293115ec91192b71346686e906aa4a80afb1d3746f77ca9a92e03dd7e2
Dateiname: uImage.exe
Erkennungsrate: 11 / 61
Analyse-Datum: 2017-05-19 22:19:39 UTC ( vor 1 Jahr, 2 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Avira (no cloud) PUA/ICLoader.Gen7 20170519
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Application.AdLoad (A) 20170519
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Kryptik.FSKY 20170519
Fortinet W32/Kryptik.FSKC!tr 20170519
Sophos ML worm.win32.ganelp.e 20170519
McAfee PUP-FZO 20170519
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170519
Webroot W32.Adware.Gen 20170519
Ad-Aware 20170519
AegisLab 20170519
AhnLab-V3 20170519
Alibaba 20170519
ALYac 20170519
Antiy-AVL 20170519
Arcabit 20170519
Avast 20170519
AVG 20170519
AVware 20170519
Baidu 20170503
BitDefender 20170519
Bkav 20170519
CAT-QuickHeal 20170519
ClamAV 20170519
CMC 20170519
Comodo 20170519
Cyren 20170519
DrWeb 20170519
F-Prot 20170519
F-Secure 20170519
GData 20170519
Ikarus 20170519
Jiangmin 20170519
K7AntiVirus 20170519
K7GW 20170518
Kaspersky 20170519
Kingsoft 20170519
Malwarebytes 20170519
McAfee-GW-Edition 20170519
Microsoft 20170519
eScan 20170519
NANO-Antivirus 20170519
nProtect 20170519
Palo Alto Networks (Known Signatures) 20170519
Panda 20170519
Qihoo-360 20170519
Rising 20170515
Sophos AV 20170519
SUPERAntiSpyware 20170519
Symantec Mobile Insight 20170518
Tencent 20170519
TheHacker 20170516
TrendMicro 20170519
TrendMicro-HouseCall 20170519
Trustlook 20170519
VBA32 20170519
VIPRE 20170519
ViRobot 20170519
WhiteArmor 20170517
Yandex 20170518
Zillya 20170518
ZoneAlarm by Check Point 20170519
Zoner 20170519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
File version 16.04
Description GUI Downloader
Signature verification Certificate out of its validity period
Signers
[+] OOO, SKUBA SOFT
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 5/9/2017
Valid to 12:59 AM 5/21/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E33CB0D8610AD81E4C3483A2AD5F9DD765436E4A
Serial number 3D 61 17 F5 98 8E 12 D1 86 36 99 3C D7 B3 52 47
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-19 22:09:56
Entry Point 0x000F09A0
Number of sections 6
PE sections
Overlays
MD5 52eed84d771f29662e23a6d78d7d5edb
File type data
Offset 1241088
Size 5056
Entropy 7.54
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
RegQueryValueW
RegDeleteKeyW
RegQueryValueExW
AllocateLocallyUniqueId
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
GetBkColor
SelectObject
GetTextColor
Escape
GetViewportExtEx
DeleteObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetFileAttributesA
SetEvent
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
DuplicateHandle
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetTimeFormatA
CreateFileMappingA
GetACP
HeapReAlloc
GetStringTypeW
FreeLibrary
TerminateProcess
LCMapStringA
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
CloseHandle
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
PathAddBackslashW
EmptyClipboard
GetMessagePos
EndDialog
BeginPaint
DefWindowProcA
SetClassLongA
LoadBitmapA
SetWindowPos
AppendMenuA
GetWindowRect
ScreenToClient
IsWindowEnabled
GetSysColor
CheckDlgButton
DrawTextA
CreatePopupMenu
SetClipboardData
FindWindowExA
IsWindowVisible
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
LoadCursorA
TrackPopupMenu
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
SetCursor
VerQueryValueW
InternetReadFile
Number of PE resources by type
RT_DIALOG 10
RT_STRING 5
RT_BITMAP 3
RT_ICON 2
Struct(10002) 2
Struct(240) 1
RT_VERSION 1
Struct(10001) 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
ENGLISH ARABIC QATAR 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
102400

ImageVersion
0.0

FileVersionNumber
16.4.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
16.04

TimeStamp
2017:05:19 23:09:56+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
17.5.0.0

FileDescription
GUI Downloader

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Petrov Ivan

CodeSize
1138688

FileSubtype
0

ProductVersionNumber
17.5.0.0

EntryPoint
0xf09a0

ObjectFileType
Executable application

File identification
MD5 9f1b6f1157cd936e4c709715d08ed262
SHA1 26b54f477769eb051d7def5e0333200b842709e9
SHA256 632ea6293115ec91192b71346686e906aa4a80afb1d3746f77ca9a92e03dd7e2
ssdeep
24576:NQDi2p7JZ5Jyq9PoscURNSFlyzGNbxaLem34DF0PFW/G4O8b8ITDnln:SDi21JZ5PHBcVxc74O8b8ITDnln

authentihash 93027e1e36906cf48af11566119021df5cec4091ea7f4929d6cabed7020e7556
imphash 80ec872c9bd45e9a1dd06464aaf49b10
File size 1.2 MB ( 1246144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-05-19 22:19:39 UTC ( vor 1 Jahr, 2 Monate )
Last submission 2017-05-19 22:19:39 UTC ( vor 1 Jahr, 2 Monate )
Dateinamen uImage.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.