× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: a897b624b16761e855de57762e7c425110ade3ab41f72381936884e1e0570524
Dateiname: runserver.exe
Erkennungsrate: 2 / 56
Analyse-Datum: 2016-10-04 20:23:32 UTC ( vor 6 Monate, 3 Wochen )
Antivirus Ergebnis Aktualisierung
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161004
Rising Malware.Generic!RBx4SCA1jlN@5 (thunder) 20161004
Ad-Aware 20161004
AegisLab 20161004
AhnLab-V3 20161004
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161004
Arcabit 20161004
Avast 20161004
AVG 20161004
Avira (no cloud) 20161004
AVware 20161004
Baidu 20161001
BitDefender 20161004
Bkav 20161004
CAT-QuickHeal 20161004
ClamAV 20161004
CMC 20161003
Comodo 20161004
CrowdStrike Falcon (ML) 20160725
Cyren 20161004
DrWeb 20161004
Emsisoft 20161004
ESET-NOD32 20161004
F-Prot 20161004
F-Secure 20161004
Fortinet 20161004
GData 20161004
Ikarus 20161004
Invincea 20160928
Jiangmin 20161004
K7AntiVirus 20161004
K7GW 20161004
Kaspersky 20161004
Kingsoft 20161004
Malwarebytes 20161004
McAfee 20161004
McAfee-GW-Edition 20161004
Microsoft 20161004
eScan 20161004
NANO-Antivirus 20161004
nProtect 20161004
Panda 20161004
Sophos 20161004
SUPERAntiSpyware 20161004
Symantec 20161004
Tencent 20161004
TheHacker 20161001
TrendMicro 20161004
TrendMicro-HouseCall 20161004
VBA32 20161004
VIPRE 20161004
ViRobot 20161004
Yandex 20161003
Zillya 20161003
Zoner 20161004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000014F0
Number of sections 8
PE sections
Overlays
MD5 449999f2baa7910569b6a8b01a3a8a17
File type data
Offset 126464
Size 19054768
Entropy 8.00
PE imports
GetLastError
EnterCriticalSection
GetShortPathNameW
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetTempPathW
GetSystemTimeAsFileTime
SetDllDirectoryW
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateProcessW
TlsGetValue
Sleep
FormatMessageA
GetCurrentThreadId
GetEnvironmentVariableW
LeaveCriticalSection
strncmp
__lconv_init
malloc
fseek
_wfindfirst
__wgetmainargs
_wrmdir
fread
fclose
strcat
__dllonexit
__wargv
abort
_setmode
strncpy
fflush
_onexit
_fmode
_vsnwprintf
__winitenv
wcslen
_amsg_exit
_get_osfhandle
strncat
clearerr
wcscmp
_wfindnext
strtok
feof
_lock
_getpid
_findclose
_unlock
ftell
strcpy
_strdup
sprintf
_fileno
exit
__setusermatherr
mbstowcs
_wcmdln
_cexit
memset
_fullpath
strrchr
ferror
free
getenv
setlocale
_wtempnam
vfprintf
_wfopen
calloc
setbuf
strlen
_wstat
_stat
_vsnprintf
_wremove
wcscat
_wmkdir
signal
strchr
memcpy
wcscpy
__argc
fwrite
fprintf
_initterm
__set_app_type
strcmp
_iob
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39936

LinkerVersion
2.24

FileTypeExtension
exe

InitializedDataSize
85504

SubsystemVersion
4.0

EntryPoint
0x14f0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
51200

File identification
MD5 1c88ff00a25a40680f6d1730e3faa274
SHA1 5152477ff3a15a3bdcaae9587bc6654745dee8aa
SHA256 a897b624b16761e855de57762e7c425110ade3ab41f72381936884e1e0570524
ssdeep
393216:seXZC9laZwZ10dTNEn/D/KHYkKKE88vnX1cVR+4+Z37Q:sep6la4yNEmHYkQ9X1cVR+z+

authentihash 356fde604d6d822bbc9edf14e5ae6430d70dacad22ca6a0fa010b59c5c0f2bab
imphash be10bb45cef8dcc6869b921dd20884ae
File size 18.3 MB ( 19181232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-04 20:23:32 UTC ( vor 6 Monate, 3 Wochen )
Last submission 2016-10-04 20:23:32 UTC ( vor 6 Monate, 3 Wochen )
Dateinamen runserver.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
UDP communications