× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 93ca7729d53871dc86bd61372ba669c99633192cd5fa6ec85c1e33cca36e5e78
Dateiname: MonKey.exe
Erkennungsrate: 2 / 56
Analyse-Datum: 2016-03-09 21:42:10 UTC ( vor 3 Jahre, 1 Monat ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jm 20160309
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20160309
Ad-Aware 20160309
AegisLab 20160309
Yandex 20160308
AhnLab-V3 20160309
Alibaba 20160309
ALYac 20160309
Antiy-AVL 20160309
Arcabit 20160309
Avast 20160309
AVG 20160309
Avira (no cloud) 20160309
AVware 20160309
Baidu 20160225
Baidu-International 20160309
BitDefender 20160309
Bkav 20160309
ByteHero 20160309
CAT-QuickHeal 20160309
ClamAV 20160308
CMC 20160307
Comodo 20160309
Cyren 20160309
DrWeb 20160309
Emsisoft 20160309
ESET-NOD32 20160309
F-Prot 20160309
F-Secure 20160309
Fortinet 20160309
GData 20160309
Ikarus 20160309
Jiangmin 20160309
K7AntiVirus 20160309
K7GW 20160309
Kaspersky 20160309
Malwarebytes 20160309
McAfee 20160309
Microsoft 20160309
eScan 20160309
NANO-Antivirus 20160309
nProtect 20160309
Panda 20160309
Rising 20160309
Sophos AV 20160309
SUPERAntiSpyware 20160309
Symantec 20160309
Tencent 20160309
TheHacker 20160309
TrendMicro 20160309
TrendMicro-HouseCall 20160309
VBA32 20160309
VIPRE 20160309
ViRobot 20160309
Zillya 20160309
Zoner 20160309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Juergen Haegele, Top-PE.de

File version 2.2.0.0
Description Schaltet mit F11 den PC Monitor aus - mit F10 wieder an.
Comments Monitor An-Aus
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-09 21:39:10
Entry Point 0x0011BA20
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 17
GERMAN 1
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
Monitor An-Aus

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.2.0.0

UninitializedDataSize
806912

LanguageCode
German

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
278528

EntryPoint
0x11ba20

MIMEType
application/octet-stream

LegalCopyright
Juergen Haegele, Top-PE.de

FileVersion
2.2.0.0

TimeStamp
2016:03:09 22:39:10+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.3.14.2

FileDescription
Schaltet mit F11 den PC Monitor aus - mit F10 wieder an.

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
352256

FileSubtype
0

ProductVersionNumber
3.3.14.2

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 f54e3dc15a619aad67f2f4fa50f263bc
SHA1 0e272e2b602bd656c2b873f272298b25f3ee5658
SHA256 93ca7729d53871dc86bd61372ba669c99633192cd5fa6ec85c1e33cca36e5e78
ssdeep
12288:3ozGdX0M4ornOmZIzfMwHHQmRROXKY9bM:34GHnhIzOaY94

authentihash 3652a9b6df4a9da5f852341fd8bb512e1dafc53b275e3423ce4224a4ba5a0c05
imphash fc6683d30d9f25244a50fd5357825e79
File size 616.0 KB ( 630784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (30.6%)
Win64 Executable (generic) (27.6%)
Win32 EXE Yoda's Crypter (26.6%)
Win32 Dynamic Link Library (generic) (6.5%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-03-09 21:42:10 UTC ( vor 3 Jahre, 1 Monat )
Last submission 2016-03-09 21:42:10 UTC ( vor 3 Jahre, 1 Monat )
Dateinamen MonKey.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications