× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 94361bcab39dc3b3286107f7a2d005bc9b79961d30283068bf80b966206d86d0
Dateiname: Kodi Texture.exe
Erkennungsrate: 1 / 57
Analyse-Datum: 2015-03-13 08:53:24 UTC ( vor 4 Jahre, 2 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Rising PE:Backdoor.Win32.DarkKomet.b!1075356506 20150312
Ad-Aware 20150313
AegisLab 20150313
Yandex 20150312
AhnLab-V3 20150313
Alibaba 20150313
ALYac 20150313
Antiy-AVL 20150313
Avast 20150313
AVG 20150313
Avira (no cloud) 20150313
AVware 20150313
Baidu-International 20150313
BitDefender 20150313
Bkav 20150312
ByteHero 20150313
CAT-QuickHeal 20150312
ClamAV 20150313
CMC 20150313
Comodo 20150313
Cyren 20150313
DrWeb 20150313
Emsisoft 20150313
ESET-NOD32 20150313
F-Prot 20150313
F-Secure 20150313
Fortinet 20150313
GData 20150313
Ikarus 20150313
Jiangmin 20150311
K7AntiVirus 20150313
K7GW 20150313
Kaspersky 20150313
Kingsoft 20150313
Malwarebytes 20150313
McAfee 20150313
McAfee-GW-Edition 20150313
Microsoft 20150313
eScan 20150313
NANO-Antivirus 20150313
Norman 20150313
nProtect 20150312
Panda 20150311
Qihoo-360 20150313
Sophos AV 20150313
SUPERAntiSpyware 20150313
Symantec 20150313
Tencent 20150313
TheHacker 20150313
TotalDefense 20150312
TrendMicro 20150313
TrendMicro-HouseCall 20150313
VBA32 20150312
VIPRE 20150313
ViRobot 20150313
Zillya 20150312
Zoner 20150312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
by e0xify

File version 1.2.0.0
Description for Kodi.
Comments http://www.autoitscript.com/autoit3/
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-13 08:52:51
Entry Point 0x0029C210
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 23
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
http://www.autoitscript.com/autoit3/

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
1.2.0.0

UninitializedDataSize
2387968

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
1855488

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.0.0

TimeStamp
2015:03:13 09:52:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.3.12.0

FileDescription
for Kodi.

OSVersion
5.1

FileOS
Win32

LegalCopyright
by e0xify

MachineType
Intel 386 or later, and compatibles

CodeSize
348160

FileSubtype
0

ProductVersionNumber
3.3.12.0

EntryPoint
0x29c210

ObjectFileType
Unknown

File identification
MD5 027b0dc620bf0b7419791cf8d3a1020d
SHA1 1268a18c591c8a4b8c5f47b2ad538bc208d5ee03
SHA256 94361bcab39dc3b3286107f7a2d005bc9b79961d30283068bf80b966206d86d0
ssdeep
24576:Dq5TfcdHj4fmbDsy0dceXjPogFsQgR1rhdqjMGiwWTYpqRL7JJWHozuv/qIO00iD:DUTsamVPIx9ehhdOMGiwWGQJWHx9O01

authentihash 66041cff039a719340d2d8df5637449f433676018fbf1fe23a0a6597bb90c608
imphash ef471c0edf1877cd5a881a6a8bf647b9
File size 2.1 MB ( 2201088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-03-13 08:53:24 UTC ( vor 4 Jahre, 2 Monate )
Last submission 2015-03-13 08:53:24 UTC ( vor 4 Jahre, 2 Monate )
Dateinamen Kodi Texture.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.