× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db6edde280746449f017cce7fa43bf383f1cd6a3606a39cd14c78b1e24b4f014
Detection ratio: 19 / 68
Analysis date: 2018-06-28 00:31:38 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Generic37.Cmce!c 20180628
AVware Trojan.Win32.Generic!BT 20180627
Bkav W32.eHeur.Malware03 20180627
CAT-QuickHeal Trojan.IGENERIC 20180627
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20180530
Cylance Unsafe 20180628
Cyren W32/GenBl.AA077B75!Olympus 20180627
DrWeb BackDoor.BlackHole.26537 20180627
Endgame malicious (moderate confidence) 20180612
Fortinet W32/Agent.OJQ!tr.spy 20180627
GData Win32.Trojan.Agent.WP 20180627
Ikarus Trojan.SuspectCRC 20180627
Jiangmin Backdoor.Generic.aomx 20180627
NANO-Antivirus Trojan.Win32.BlackHole.dufdfa 20180627
Symantec ML.Attribute.HighConfidence 20180627
TrendMicro-HouseCall TROJ_GEN.R002H0CF318 20180628
VBA32 Backdoor.BlackHole 20180627
VIPRE Trojan.Win32.Generic!BT 20180628
Yandex BackDoor.BlackHole! 20180627
Ad-Aware 20180627
AhnLab-V3 20180627
Alibaba 20180627
ALYac 20180628
Antiy-AVL 20180628
Arcabit 20180627
Avast 20180627
Avast-Mobile 20180627
AVG 20180627
Avira (no cloud) 20180628
Babable 20180406
Baidu 20180627
BitDefender 20180627
ClamAV 20180627
CMC 20180627
Comodo 20180628
Cybereason 20180225
eGambit 20180628
Emsisoft 20180627
ESET-NOD32 20180628
F-Prot 20180628
F-Secure 20180628
Sophos ML 20180601
K7AntiVirus 20180627
K7GW 20180627
Kaspersky 20180627
Kingsoft 20180628
Malwarebytes 20180627
MAX 20180628
McAfee 20180627
McAfee-GW-Edition 20180627
Microsoft 20180627
eScan 20180627
Palo Alto Networks (Known Signatures) 20180628
Panda 20180626
Qihoo-360 20180628
Rising 20180627
SentinelOne (Static ML) 20180618
Sophos AV 20180628
SUPERAntiSpyware 20180628
Symantec Mobile Insight 20180626
TACHYON 20180628
Tencent 20180628
TheHacker 20180628
TotalDefense 20180628
TrendMicro 20180627
Trustlook 20180628
ViRobot 20180627
Webroot 20180628
Zillya 20180627
ZoneAlarm by Check Point 20180627
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BY 西门吹气球 QQ36307936

Product 端口延迟检测
Internal name 端口PING
File version 1.0.0.0
Description 端口PING
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-03 13:27:39
Entry Point 0x000159F0
Number of sections 4
PE sections
PE imports
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
CreateFontA
GetStockObject
CreatePatternBrush
CreateSolidBrush
BitBlt
SetBkColor
CreateRoundRectRgn
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
TerminateThread
GetOEMCP
LCMapStringA
MulDiv
HeapDestroy
GetTickCount
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
CreateThread
GetEnvironmentStrings
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
IsBadReadPtr
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
WriteFile
GetStartupInfoA
CloseHandle
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
ExitProcess
GetProcessHeap
LocalFree
TerminateProcess
GetEnvironmentVariableA
HeapCreate
VirtualFree
RtlMoveMemory
InterlockedDecrement
GetFileType
TlsSetValue
HeapAlloc
GetVersion
LeaveCriticalSection
VirtualAlloc
lstrcpyn
SetLastError
InterlockedIncrement
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
SetWindowRgn
GetMenuInfo
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
GetMenuItemID
GetAsyncKeyState
ReleaseDC
GetMenu
CreateWindowExA
SendMessageA
GetClientRect
SetMenuDefaultItem
CallNextHookEx
GetWindowTextLengthA
GetMenuItemInfoA
GetMenuStringA
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
DefWindowProcA
GetClassInfoExA
ShowWindow
SetMenuInfo
GetPropA
GetMenuState
EnableWindow
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetMenuDefaultItem
GetDlgItemInt
GetMenuItemRect
IsZoomed
DrawMenuBar
IsIconic
GetSubMenu
SetTimer
FillRect
GetDialogBaseUnits
IsDialogMessageA
SetFocus
BeginPaint
KillTimer
TrackMouseEvent
RegisterWindowMessageA
DefMDIChildProcA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetWindowLongA
CreateMenu
GetDlgItem
CreateDialogParamA
ScreenToClient
GetClassLongA
InsertMenuA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
SetParent
SetDlgItemInt
GetSystemMenu
GetDC
SetForegroundWindow
EndDialog
LoadMenuA
SetWindowTextA
SetClassLongA
RemoveMenu
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
DialogBoxParamA
GetSysColor
RegisterClassExA
MenuItemFromPoint
DestroyIcon
IsWindowVisible
InvalidateRect
wsprintfA
TranslateAcceleratorA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
SetMenu
SetCursor
htonl
accept
WSAStartup
connect
getsockname
htons
getpeername
select
recv
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
gethostbyname
WSASetLastError
closesocket
setsockopt
socket
bind
recvfrom
inet_ntoa
sendto
Number of PE resources by type
RT_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 8
PE resources
ExifTool file metadata
LegalTrademarks
@

UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (FFFF)

FileFlagsMask
0x0000

FileDescription
PING

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
ASCII

InitializedDataSize
147456

EntryPoint
0x159f0

MIMEType
application/octet-stream

LegalCopyright
BY QQ36307936

FileVersion
1.0.0.0

TimeStamp
2011:08:03 15:27:39+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
PING

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
122880

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 aa077b75a963e44284ee0d298018f359
SHA1 16d2049390a8e70249a02ff6f2247bd94e72892e
SHA256 db6edde280746449f017cce7fa43bf383f1cd6a3606a39cd14c78b1e24b4f014
ssdeep
3072:tMBSA1vJcAGOziLEIfYOcZwcHPtNjRw7pllC0WDQjv1yk/t9jCZ+QxYbdVQlllll:tHAJJcAGO/IfYOcyKRw7

authentihash 5900dda8b8b90279aa4c20a03f5c05a849f638697f4eb313c919f4971276f8bf
imphash 791d5a7e1939a1f39df11cef9d6e675b
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-12-31 12:48:55 UTC ( 6 years, 3 months ago )
Last submission 2018-04-23 06:56:27 UTC ( 12 months ago )
File names xbc.exe
ping.exe
防ping端口检测.exe
?ping????.exe
dulnp.dll
file-4962181_exe
??PING
ping.exe
端口PING
端口ping.exe
キタpingカヒソレシ・・exe.bin
ping.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications