× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: f20355d0e3689bf7e8540c6881cb5299e36c5342a3679dd54d206c4ff4f8b979
Dateiname: 113_TKG.PDF.exe
Erkennungsrate: 45 / 48
Analyse-Datum: 2014-01-07 17:16:49 UTC ( vor 3 Monate, 1 Woche )
Antivirus Ergebnis Aktualisierung
AVG SHeur4.BDIK 20140107
Ad-Aware Trojan.Generic.KD.892548 20140107
Agnitum Trojan.Blocker!TBx5Lcx40Fs 20140107
AhnLab-V3 Downloader/Win32.Andromeda 20140107
AntiVir TR/Crypt.XPACK.Gen2 20140107
Antiy-AVL Trojan/Win32.Zbot 20140107
Avast Win32:Injector-AZY [Trj] 20140107
Baidu-International Trojan.Win32.Generic.AtH 20131213
BitDefender Trojan.Generic.KD.892548 20140107
Bkav W32.FakeSvchostOPF.Trojan 20140107
CAT-QuickHeal Trojan.Injector.gen 20140107
Commtouch W32/Trojan.GIKT-9222 20140107
Comodo TrojWare.Win32.Zbot.JOVJ 20140107
DrWeb Trojan.Inject2.23 20140107
ESET-NOD32 Win32/TrojanDownloader.Wauchos.I 20140107
Emsisoft Trojan.Generic.KD.892548 (B) 20140107
F-Prot W32/Trojan3.EXI 20140107
F-Secure Trojan.Generic.KD.892548 20140107
Fortinet W32/Blocker.AVTC!tr 20140107
GData Trojan.Generic.KD.892548 20140107
Ikarus Virus.Win32.Injector 20140107
Jiangmin Trojan/Blocker.etb 20140107
K7AntiVirus Riskware ( 0040eff71 ) 20140107
K7GW Riskware ( 0040eff71 ) 20140107
Kaspersky HEUR:Trojan.Win32.Generic 20140107
Kingsoft Win32.Heur.KVMF9.hy.(kcloud) 20130829
Malwarebytes Trojan.Ransom.ED 20140107
McAfee Generic Downloader.z 20140107
McAfee-GW-Edition Generic Downloader.z 20140107
MicroWorld-eScan Trojan.Generic.KD.892548 20140107
Microsoft VirTool:Win32/Injector.gen!DK 20140107
NANO-Antivirus Trojan.Win32.Zbot.bqzzdu 20140107
Norman Wauchos.C 20140107
Panda Trj/Dtcontx.C 20140107
Rising PE:Trojan.Win32.Generic.14439034!339972148 20140107
Sophos Troj/Zbot-EEH 20140107
Symantec Backdoor.Trojan 20140106
TheHacker Trojan/Downloader.Wauchos.i 20140107
TotalDefense Win32/Inject.AXN 20140107
TrendMicro TSPY_ZBOT.EFH 20140107
TrendMicro-HouseCall TSPY_ZBOT.EFH 20140107
VBA32 Hoax.Blocker 20140105
VIPRE LooksLike.Win32.Ransom.b (v) 20140107
ViRobot Trojan.Win32.A.Blocker.30724 20140107
nProtect Trojan/W32.Blocker.30724 20140107
ByteHero 20131226
ClamAV 20140107
SUPERAntiSpyware 20140107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Sony .ltd
Product Sounder
Original name sounder.exe
Internal name sounder.exe
File version 56,45,33,3
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-07 16:23:01
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
HeapAlloc
LocalFree
SetFilePointer
HeapFree
CreateProcessA
InitializeCriticalSection
GetFileSize
GetModuleHandleA
HeapCreate
ReadFile
LoadLibraryA
FreeLibrary
HeapReAlloc
HeapDestroy
ExitProcess
CloseHandle
CreateFileA
MultiByteToWideChar
GetModuleFileNameA
GetProcAddress
LocalAlloc
memset
strlen
strcmp
memmove
NtUnmapViewOfSection
CoCreateInstance
mixerGetNumDevs
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
5120

ImageVersion
0.0

ProductName
Sounder

FileVersionNumber
56.45.33.3

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
2.5

FileOS
Unknown (0)

MIMEType
application/octet-stream

FileVersion
56,45,33,3

TimeStamp
2013:03:07 17:23:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sounder.exe

ProductVersion
56,45,33,3

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
sounder.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sony .ltd

CodeSize
8192

FileSubtype
0

ProductVersionNumber
56.45.33.3

EntryPoint
0x1000

ObjectFileType
Unknown

File identification
MD5 2c1a7509b389858310ffbc72ee64d501
SHA1 2770179f39727acef1962a75ac290bce3a161b37
SHA256 f20355d0e3689bf7e8540c6881cb5299e36c5342a3679dd54d206c4ff4f8b979
ssdeep
768:FzPWu3+SJ2OpsErMfQM/zGD9lX5LdRJZB5YSTm8pp:FLWW2O8f1zGD99DVrxh

File size 30.0 KB ( 30724 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-11 08:34:29 UTC ( vor 1 Jahr, 1 Monat )
Last submission 2014-01-07 17:16:49 UTC ( vor 3 Monate, 1 Woche )
Dateinamen 2c1a7509b389858310ffbc72ee64d501
SDFGJ575GK1.JPEG-suspect-virus.exe
image-28.scr
dxmetmmg.exe
file-5244170_exe
dxeayqaa.exe
SDFGJ575GK1.JPEG.exe
113_TKG.PDF.ex_
13863685656-9-4_3.exe
MMS.JPEG.exe
ReservationFJRU7FJ3883.pdf.exe
MMS-GJD56FDD.JPEG.exe
sounder.exe
113_TKG.PDF.exe
vti-rescan
VIRUS_BICHO_dxouue.exe
113_TKG.PDF._xe
svchost.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications