× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: b6947e322028b1adda46bbb00d9747cf79e2e38bff9af35e1a60d87b77e40fe3
Dateiname: adobe-update.exe
Erkennungsrate: 3 / 46
Analyse-Datum: 2013-03-04 19:35:12 UTC ( vor 1 Jahr, 1 Monat ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
ESET-NOD32 Win32/Trustezeb.C 20130304
Kaspersky UDS:DangerousObject.Multi.Generic 20130304
Malwarebytes Trojan.Agent.MU 20130304
AVG 20130304
Agnitum 20130304
AhnLab-V3 20130304
AntiVir 20130304
Antiy-AVL 20130304
Avast 20130304
BitDefender 20130304
ByteHero 20130304
CAT-QuickHeal 20130304
ClamAV 20130304
Commtouch 20130304
Comodo 20130304
DrWeb 20130304
Emsisoft 20130304
F-Prot 20130304
F-Secure 20130304
Fortinet 20130304
GData 20130304
Ikarus 20130226
Jiangmin 20130304
K7AntiVirus 20130304
Kingsoft 20130304
McAfee 20130304
McAfee-GW-Edition 20130304
MicroWorld-eScan 20130304
Microsoft 20130304
NANO-Antivirus 20130304
Norman 20130304
PCTools 20130304
Panda 20130304
Rising 20130304
SUPERAntiSpyware 20130304
Sophos 20130304
Symantec 20130304
TheHacker 20130302
TotalDefense 20130304
TrendMicro 20130304
TrendMicro-HouseCall 20130304
VBA32 20130304
VIPRE 20130304
ViRobot 20130304
eSafe 20130211
nProtect 20130304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Codejock Software
Product Licensed for public use
Original name a.exe
Internal name a
File version 1.00.0002
Description Spread BTP-Bund
Comments Santo Stefano Camsastra
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-03 15:21:48
Entry Point 0x000010E0
Number of sections 3
PE sections
PE imports
EVENT_SINK_Release
EVENT_SINK_QueryInterface
Ord(560)
ProcCallEngine
Ord(672)
__vbaExceptHandler
Ord(649)
Ord(100)
MethCallEngine
DllFunctionCall
Ord(656)
Ord(658)
Ord(558)
EVENT_SINK_AddRef
Ord(660)
Ord(708)
Ord(709)
Ord(589)
Ord(594)
Ord(598)
Ord(668)
Number of PE resources by type
RT_ICON 4
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ITALIAN 3
ENGLISH US 1
ExifTool file metadata
LegalTrademarks
ForexPros Owning Team 2001

FileDescription
Spread BTP-Bund

Comments
Santo Stefano Camsastra

LinkerVersion
6.0

ImageVersion
1.0

ProductName
Licensed for public use

FileVersionNumber
1.0.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
53248

OriginalFilename
a.exe

MIMEType
application/octet-stream

FileVersion
1.00.0002

TimeStamp
2013:03:03 16:21:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
a

SubsystemVersion
4.0

FileAccessDate
2013:04:23 07:53:34+01:00

ProductVersion
1.00.0002

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2013:04:23 07:53:34+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Codejock Software

CodeSize
20480

FileSubtype
0

ProductVersionNumber
1.0.0.2

EntryPoint
0x10e0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3772e3c2945e472247241ac27fbf5a16
SHA1 5a1c6adcbb86859c5049b45f66a46b8138a789ee
SHA256 b6947e322028b1adda46bbb00d9747cf79e2e38bff9af35e1a60d87b77e40fe3
ssdeep
768:aRkeyj2blltdwIjjp6DSpJEs4KqGO1BSf39E8I1bskeyvPEg:Elljd3kKEtKhgBo3G82fM

File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-04 15:36:00 UTC ( vor 1 Jahr, 1 Monat )
Last submission 2013-03-28 17:03:43 UTC ( vor 1 Jahr )
Dateinamen a
vt-upload-eFzAy
xondewvc.exe
adobe-update.exe
3772E3C2945E472247241AC27FBF5A16.VIR
a.exe
file-5312337_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.