× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 8dcc340acb04d144d47ef368296ee30eb42499522c370ed41cbafc44854c1853
Dateiname: flower.exe
Erkennungsrate: 6 / 66
Analyse-Datum: 2018-10-13 11:27:31 UTC ( vor 7 Monate, 1 Woche ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
AegisLab Exploit.W32.Agent.tpiM 20181013
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20181013
SentinelOne (Static ML) static engine - malicious 20181011
TheHacker Trojan/Generik.IJNZZHZ 20181011
Yandex Trojan.DownLoader! 20181012
Ad-Aware 20181013
AhnLab-V3 20181013
Alibaba 20180921
ALYac 20181013
Antiy-AVL 20181013
Arcabit 20181013
Avast 20181013
Avast-Mobile 20181013
AVG 20181013
Avira (no cloud) 20181013
Babable 20180918
Baidu 20181012
BitDefender 20181013
Bkav 20181013
CAT-QuickHeal 20181013
ClamAV 20181013
CMC 20181013
Comodo 20181013
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181013
Cyren 20181013
DrWeb 20181013
eGambit 20181013
Emsisoft 20181013
Endgame 20180730
ESET-NOD32 20181013
F-Prot 20181013
F-Secure 20181013
Fortinet 20181013
GData 20181013
Ikarus 20181013
Jiangmin 20181013
K7AntiVirus 20181013
K7GW 20181013
Kaspersky 20181013
Kingsoft 20181013
Malwarebytes 20181013
MAX 20181013
McAfee 20181013
Microsoft 20181013
eScan 20181013
NANO-Antivirus 20181013
Palo Alto Networks (Known Signatures) 20181013
Panda 20181013
Qihoo-360 20181013
Rising 20181012
Sophos AV 20181013
SUPERAntiSpyware 20181013
Symantec 20181012
Symantec Mobile Insight 20181001
TACHYON 20181013
Tencent 20181013
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181013
VBA32 20181012
ViRobot 20181012
Webroot 20181013
Zillya 20181012
ZoneAlarm by Check Point 20181013
Zoner 20181012
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-11 15:09:08
Entry Point 0x0000769A
Number of sections 6
PE sections
Overlays
MD5 9bddc5429d427adb814a2daff681bf8b
File type data
Offset 243712
Size 5209819
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RaiseException
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
SetEndOfFile
TlsFree
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:11 16:09:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware, 32-bit

EntryPoint
0x769a

InitializedDataSize
172032

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 7287979efa099f378f85bd34565e481b
SHA1 e29a42e07b48017fc2a8d4b6e42f060126f5dd87
SHA256 8dcc340acb04d144d47ef368296ee30eb42499522c370ed41cbafc44854c1853
ssdeep
98304:5oMbCyzecxVNwzz1+BKL6m0zbkyJbqq61BNW5a7ZkvAY4U4gZhS7UH0/4WhiFln1:aVmRNK0Ba6p1bs1G5Xv34gZhmh0l2m

authentihash 9f70f7beeb5b724bb26053899f25f37c540471e84d2035d4bf5ae7dfc324d837
imphash fc40519af20116c903e3ff836e366e39
File size 5.2 MB ( 5453531 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-13 11:27:31 UTC ( vor 7 Monate, 1 Woche )
Last submission 2018-10-13 11:27:31 UTC ( vor 7 Monate, 1 Woche )
Dateinamen flower.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs