× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 7ca29eb58e21c8130912baa2d8e3ee7b8783142b85e2c1312cdd439f59518407
Dateiname: IMG_1390.SCR
Erkennungsrate: 19 / 43
Analyse-Datum: 2015-01-31 18:34:25 UTC ( vor 2 Jahre, 10 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Gen:Variant.Graftor.173509 20150131
AhnLab-V3 Worm/Win32.Gamarue 20150131
AVG SHeur4.CGAS 20150131
Avira (no cloud) TR/Agent.398336.66 20150131
Baidu-International Trojan.Win32.Kryptik.BCWWK 20150130
BitDefender Gen:Variant.Graftor.173509 20150131
Bkav HW32.Packed.FAF7 20150130
Emsisoft Gen:Variant.Graftor.173509 (B) 20150131
F-Secure Gen:Variant.Graftor.173509 20150131
GData Gen:Variant.Graftor.173509 20150131
Ikarus Trojan.Win32.Crypt 20150131
Malwarebytes Trojan.Agent.DED 20150131
McAfee Ransom-FWF!FCD4ECDBF821 20150131
eScan Gen:Variant.Graftor.173509 20150131
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150131
Sophos AV Mal/Generic-S 20150131
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20150131
Symantec Trojan.Zbot 20150131
Tencent Win32.Trojan.Bp-generic.Jaiu 20150131
AegisLab 20150130
Yandex 20150131
Alibaba 20150130
ALYac 20150131
Antiy-AVL 20150131
Avast 20150131
AVware 20150131
ByteHero 20150131
CAT-QuickHeal 20150131
ClamAV 20150131
CMC 20150129
Comodo 20150131
Cyren 20150131
DrWeb 20150131
ESET-NOD32 20150131
F-Prot 20150131
Fortinet 20150131
Jiangmin 20150129
K7AntiVirus 20150131
K7GW 20150130
Kaspersky 20150131
Kingsoft 20150131
McAfee-GW-Edition 20150131
Microsoft 20150131
NANO-Antivirus 20150131
Norman 20150131
nProtect 20150130
Panda 20150131
Rising 20150130
TheHacker 20150131
TotalDefense 20150131
TrendMicro 20150131
TrendMicro-HouseCall 20150131
VBA32 20150129
VIPRE 20150131
ViRobot 20150131
Zillya 20150131
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Pilot 2007-2013

Publisher June complex evidence - www.Pilot.com
Product Pilot
File version 5.0.0.8
Description Reader Virginia April bite gift machinery perfectly
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-30 11:57:37
Entry Point 0x0000208B
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
ContinueDebugEvent
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
LocalReAlloc
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
UnhandledExceptionFilter
WritePrivateProfileSectionW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FoldStringW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
CompareStringW
CompareStringA
CreateDirectoryExW
GetCPInfo
TlsFree
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetTimeZoneInformation
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
LCMapStringA
WriteConsoleA
GetCurrentProcess
IsValidCodePage
HeapCreate
VirtualFree
WriteConsoleOutputA
InterlockedDecrement
Sleep
WriteConsoleW
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
EnableMenuItem
ScreenToClient
SendMessageA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
RegisterClassA
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 10
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Struct(18) 1
Number of PE resources by language
NEUTRAL 12
LITHUANIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Pilot

FileDescription
Reader Virginia April bite gift machinery perfectly

InitializedDataSize
344576

ImageVersion
0.0

ProductName
Pilot

FileVersionNumber
1.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

OriginalFilename
Anyway.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0.8

TimeStamp
2015:01:30 12:57:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Anyway.exe

SubsystemVersion
5.0

FileAccessDate
2015:02:10 17:44:30+01:00

ProductVersion
8.0

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2015:02:10 17:44:30+01:00

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) Pilot 2007-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
June complex evidence - www.Pilot.com

CodeSize
52736

FileSubtype
0

ProductVersionNumber
4.7.0.0

EntryPoint
0x208b

ObjectFileType
Executable application

File identification
MD5 fcd4ecdbf8218622cf9f88044856d7d5
SHA1 430a1906cfbf9194a8ea2726bb347262aca698e0
SHA256 7ca29eb58e21c8130912baa2d8e3ee7b8783142b85e2c1312cdd439f59518407
ssdeep
12288:XrU81kfgjdlAuOE8IkbUFSZXzHMdgPqC1s/:XrUHgjUjIMTPqt

authentihash bd53bfff4d7da4736d6c2929acae8eaa2e72f5cc014b54e5b9273ee8ecbad5f7
imphash 91b27852fff365f8d6ba5a333b29a26d
File size 389.0 KB ( 398336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-30 14:04:43 UTC ( vor 2 Jahre, 10 Monate )
Last submission 2015-02-10 16:44:24 UTC ( vor 2 Jahre, 10 Monate )
Dateinamen IMG_1390.SCR
7ca29eb58e21c8130912baa2d8e3ee7b8783142b85e2c1312cdd439f59518407.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications