× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: d3c9292e901e67c21222804a5cac366172bf1b8f7c7bc7b7d7c63460b867ded0
Dateiname: BitDefender schoolPoison Virus Remover
Erkennungsrate: 39 / 56
Analyse-Datum: 2015-10-26 08:34:59 UTC ( vor 2 Jahre )
Antivirus Ergebnis Aktualisierung
Ad-Aware Gen:Variant.Graftor.241876 20151026
Yandex Trojan.Fynloski!hJujJLkjcJg 20151025
AhnLab-V3 Trojan/Win32.Klovbot 20151026
ALYac Gen:Variant.Graftor.241876 20151026
Antiy-AVL Trojan/Win32.SGeneric 20151026
Arcabit Trojan.Graftor.D3B0D4 20151026
Avast Win32:Malware-gen 20151026
AVG SHeur4.CLBF 20151026
Avira (no cloud) TR/Crypt.Xpack.250862 20151026
AVware Trojan.Win32.Generic!BT 20151026
Baidu-International Trojan.Win32.Fynloski.AM 20151026
BitDefender Gen:Variant.Graftor.241876 20151026
CAT-QuickHeal Trojan.Skeeyah.r4 20151026
Cyren W32/Trojan.DIYM-7038 20151026
DrWeb BackDoor.Comet.884 20151026
Emsisoft Gen:Variant.Graftor.241876 (B) 20151026
ESET-NOD32 Win32/Fynloski.AM 20151026
F-Secure Gen:Variant.Graftor.241876 20151026
GData Gen:Variant.Graftor.241876 20151026
Ikarus Trojan.Fynlosk 20151026
K7AntiVirus Trojan ( 004b8b481 ) 20151026
K7GW Trojan ( 004b8b481 ) 20151026
Kaspersky UDS:DangerousObject.Multi.Generic 20151026
Malwarebytes Backdoor.DarkComet 20151026
McAfee RDN/Generic.bfr 20151026
McAfee-GW-Edition RDN/Generic.bfr 20151026
Microsoft Trojan:Win32/Skeeyah.A!rfn 20151026
eScan Gen:Variant.Graftor.241876 20151026
NANO-Antivirus Trojan.Win32.Comet.dvdkqr 20151026
Panda Trj/CI.A 20151026
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20151026
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos AV Mal/Generic-S 20151026
Symantec Trojan.Gen 20151026
Tencent Win32.Trojan.Crypt.Lmas 20151026
TrendMicro TROJ_GEN.R0CCC0EHC15 20151026
VIPRE Trojan.Win32.Generic!BT 20151026
ViRobot Trojan.Win32.S.Agent.520192.JO[h] 20151026
Zillya Trojan.Fynloski.Win32.4307 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151026
ClamAV 20151026
CMC 20151026
Comodo 20151026
F-Prot 20151026
Fortinet 20151026
Jiangmin 20151025
nProtect 20151026
SUPERAntiSpyware 20151026
TheHacker 20151026
TotalDefense 20151026
TrendMicro-HouseCall 20151026
VBA32 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) <BitDefender>. All rights reserved.

Publisher BitDefender AntiVirus
Product schoolPoison Virus Remover
Original name schoolPoison Remover
Internal name BitDefender schoolPoison Virus Remover
File version 1.0.0.1
Description schoolPoison Virus Remover
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-09 20:17:03
Entry Point 0x00001B0A
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VirtualAllocEx
WriteConsoleW
GetConsoleCP
HeapDestroy
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
InterlockedIncrement
GetConsoleOutputCP
SetHandleCount
LockResource
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
LCMapStringA
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_STRING 14
RT_ICON 5
BIN 2
RT_MENU 2
RT_DIALOG 1
Struct(241) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
NEUTRAL 7
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
479232

EntryPoint
0x1b0a

OriginalFileName
schoolPoison Remover

MIMEType
application/octet-stream

LegalCopyright
(c) <BitDefender>. All rights reserved.

FileVersion
1.0.0.1

TimeStamp
2015:08:09 21:17:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BitDefender schoolPoison Virus Remover

ProductVersion
1.0.0.1

FileDescription
schoolPoison Virus Remover

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitDefender AntiVirus

CodeSize
36864

ProductName
schoolPoison Virus Remover

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a57ab4ce78759fa3f9273d2e204b0254
SHA1 ba2e0859465c914e7d72db4a251b86f345b9705b
SHA256 d3c9292e901e67c21222804a5cac366172bf1b8f7c7bc7b7d7c63460b867ded0
ssdeep
6144:3h6edXLpKOseh6dDYcOzOohWoQb+RYWeWE3z2vnMIswhZNB73Z1CoJmyKGJzc:3AUcO0OcOzOAuyRxnMIzNBLLX9KR

authentihash 5ea01ab09b6f5482907763afc5fe22571f107e19f96c014f88c3675f68655e21
imphash 3f05d501126322a0a80eda4edeb45361
File size 508.0 KB ( 520192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-10 05:35:22 UTC ( vor 2 Jahre, 3 Monate )
Last submission 2015-08-11 10:19:09 UTC ( vor 2 Jahre, 3 Monate )
Dateinamen BitDefender schoolPoison Virus Remover
tmp_20291-schoolpoison_remover1511731882.exe
schoolpoison_remover.exe
d3267b808ead865ac9fee288c50b54dd0faa2f51
D3C9292E901E67C21222804A5CAC366172BF1B8F7C7BC7B7D7C63460B867DED0.EXE
schoolPoison Remover
schoolpoison_remover.exe
D3C9292E901E67C21222804A5CAC366172BF1B8F7C7BC7B7D7C63460B867DED0.EXE
schoolpoisonremover.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0EHC15.

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs