× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 8f37da03d72b236e9d6b89f135ac6729ad781800568e659d2d593f5402119f52
Dateiname: 2.exe
Erkennungsrate: 9 / 60
Analyse-Datum: 2017-03-15 07:15:35 UTC ( vor 2 Jahre, 2 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.FPTD 20170315
Sophos ML generic.a 20170203
Malwarebytes Trojan.Kovter 20170315
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170315
Rising Malware.Generic.1!tfe (thunder:1:29aL5nwLrTR) 20170315
Symantec ML.Attribute.HighConfidence 20170314
Webroot Malicious 20170315
Ad-Aware 20170315
AegisLab 20170315
AhnLab-V3 20170314
Alibaba 20170228
ALYac 20170315
Antiy-AVL 20170315
Arcabit 20170315
Avast 20170315
AVG 20170315
Avira (no cloud) 20170315
AVware 20170315
Baidu 20170315
BitDefender 20170315
Bkav 20170314
CAT-QuickHeal 20170314
ClamAV 20170314
CMC 20170314
Comodo 20170315
Cyren 20170315
DrWeb 20170315
Emsisoft 20170315
F-Prot 20170315
F-Secure 20170315
Fortinet 20170315
GData 20170315
Ikarus 20170314
Jiangmin 20170315
K7AntiVirus 20170315
K7GW 20170315
Kaspersky 20170315
Kingsoft 20170315
McAfee 20170315
McAfee-GW-Edition 20170315
Microsoft 20170315
eScan 20170315
NANO-Antivirus 20170315
nProtect 20170315
Palo Alto Networks (Known Signatures) 20170315
Panda 20170314
Sophos AV 20170315
SUPERAntiSpyware 20170315
Tencent 20170315
TheHacker 20170315
TotalDefense 20170315
TrendMicro 20170315
Trustlook 20170315
VBA32 20170314
VIPRE 20170315
ViRobot 20170315
WhiteArmor 20170303
Yandex 20170312
Zillya 20170314
ZoneAlarm by Check Point 20170315
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2013 Nullsoft

Product Winamp Error Reporter
Original name feed.exe
Internal name f e e d
File version 1,11, 0, 0
Description Error Reporter
Comments Winamp Beta Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-15 00:48:19
Entry Point 0x00003579
Number of sections 8
PE sections
Overlays
MD5 98de752c06546bf7b96428fa1b17ed2e
File type data
Offset 390656
Size 706
Entropy 7.74
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
CreateDirectoryA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
SetFileTime
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
ExpandEnvironmentStringsA
GetCommandLineA
GetProcAddress
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
MulDiv
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GlobalLock
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
CloseHandle
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHFileOperationA
CharPrevA
GetMessagePos
EnableWindow
EmptyClipboard
EndDialog
BeginPaint
DefWindowProcA
PostQuitMessage
CreatePopupMenu
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
CloseClipboard
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
DrawTextA
SystemParametersInfoA
SetWindowTextA
GetWindowLongA
ShowWindow
SetClipboardData
FindWindowExA
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
InvalidateRect
wsprintfA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH CAN 3
NEUTRAL 2
ENGLISH US 2
ALBANIAN DEFAULT 1
PE resources
ExifTool file metadata
SpecialBuild
5.6.6, Build 3516 FINAL_2013_1213_022844

ProductVersionNumber
5.6.6.3516

SubsystemVersion
4.0

Comments
Winamp Beta Program

InitializedDataSize
411136

ImageVersion
1.0

ProductName
Winamp Error Reporter

FileVersionNumber
1.11.0.0

UninitializedDataSize
218624

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
2.23

PrivateBuild
Release|Win32

FileTypeExtension
exe

OriginalFileName
feed.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1,11, 0, 0

TimeStamp
2008:11:15 01:48:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
f e e d

ProductVersion
5.6.6.3516

FileDescription
Error Reporter

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2005-2013 Nullsoft

MachineType
Intel 386 or later, and compatibles

CompanyName
Nullsoft Inc.

CodeSize
73728

FileSubtype
0

BuildNumber
3516

EntryPoint
0x3579

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a0f433f51540f63b0cd3aae1f96dbabd
SHA1 7fccf2288c39b49c3837ae01983dc9f948bbe927
SHA256 8f37da03d72b236e9d6b89f135ac6729ad781800568e659d2d593f5402119f52
ssdeep
6144:o1bjexbxwCUm0k6TBVyhCQ9W3ZcY5lg6DE0/qgxrRzcW/u/kU8l65M:oljexbxwCUm0kqBVyj9kZcYy0/3xrlr/

authentihash c9d657e2ef12e44bf8939aed9ca44a73704e386f8bafee7c6aabab8d90d1c37e
imphash fde706cff4a78eccf9f4b0be5746124e
File size 382.2 KB ( 391362 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-15 07:15:35 UTC ( vor 2 Jahre, 2 Monate )
Last submission 2017-03-15 08:31:46 UTC ( vor 2 Jahre, 2 Monate )
Dateinamen 2.exe
f e e d
feed.exe
2.exe
Advanced heuristic and reputation engines
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications