× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 3c057a4402394a7f2f2f6b1841154be50816dec8217d1509f921b2f82d4396a1
Nombre: phytochrome-scr
Detecciones: 39 / 56
Fecha de análisis: 2015-01-22 01:34:32 UTC ( hace 3 años, 10 meses ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Trojan.Ransom.Dalexis.B 20150122
AhnLab-V3 Trojan/Win32.Downloader 20150121
Antiy-AVL Trojan[Downloader]/Win32.Agent 20150121
Avast Win32:Downloader-VQV [Trj] 20150122
AVG Downloader.Small.MXW 20150121
Avira (no cloud) TR/Cabhot.A.92 20150122
AVware Trojan.Win32.Generic!BT 20150122
BitDefender Trojan.Ransom.Dalexis.B 20150122
Bkav W32.PatidocA.Trojan 20150121
ClamAV Win.Trojan.Agent-837620 20150122
Cyren W32/Trojan.ALNH-3401 20150122
DrWeb Trojan.DownLoad3.35539 20150122
Emsisoft Trojan.Ransom.Dalexis.B (B) 20150122
ESET-NOD32 Win32/TrojanDownloader.Elenoocka.A 20150122
F-Prot W32/Trojan3.NEM 20150122
F-Secure Trojan:W32/Agent.DVYJ 20150121
Fortinet W32/Kryptik.CVBD!tr 20150121
GData Trojan.Ransom.Dalexis.B 20150122
Ikarus Evilware.Outbreak 20150121
Jiangmin TrojanDownloader.Agent.fook 20150121
K7AntiVirus Trojan-Downloader ( 00499db21 ) 20150121
Kaspersky Trojan-Downloader.Win32.Agent.hfhq 20150122
Malwarebytes Trojan.Email.FakeDoc 20150122
McAfee Downloader-FAMV!AE569E20F223 20150122
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.mh 20150122
Microsoft TrojanDownloader:Win32/Dalexis.C 20150122
eScan Trojan.Ransom.Dalexis.B 20150122
NANO-Antivirus Trojan.Win32.DownLoad3.dmowmu 20150122
Norman Agent.BMMAC 20150121
nProtect Trojan/W32.Agent.29696.YM 20150121
Panda Trj/Ransom.AB 20150121
Qihoo-360 Win32/Worm.45d 20150122
Rising PE:Trojan.Win32.Filecoder.h!1075356377 20150121
Sophos AV Troj/Agent-ALFA 20150122
Symantec Downloader.Ponik 20150122
TrendMicro TROJ_CRYPCTB.SME 20150122
TrendMicro-HouseCall TROJ_DALEXIS.SMJ1 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
ViRobot Trojan.Win32.Ransom.29696.A[h] 20150122
AegisLab 20150122
Yandex 20150121
Alibaba 20150120
ALYac 20150121
Baidu-International 20150121
ByteHero 20150122
CAT-QuickHeal 20150121
CMC 20150120
Comodo 20150121
Kingsoft 20150122
SUPERAntiSpyware 20150122
Tencent 20150122
TheHacker 20150121
TotalDefense 20150121
VBA32 20150121
Zillya 20150121
Zoner 20150121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-19 11:16:28
Entry Point 0x00002345
Number of sections 5
PE sections
PE imports
DeviceIoControl
GetSystemTimeAsFileTime
GetComputerNameA
WaitForSingleObject
GetConsoleAliasW
GetTickCount
LoadLibraryA
CreateNamedPipeA
GetPrivateProfileStructW
UpdateResourceA
GetProcessId
GetCurrentProcess
GetDateFormatA
GetPrivateProfileIntA
CreateDirectoryA
GetCurrentDirectoryA
GetConsoleTitleA
GetProcAddress
GetProcessHeap
SetEnvironmentVariableW
SetFilePointer
HeapValidate
CompareStringA
GetTimeFormatA
lstrcpynA
GetBinaryTypeA
ReadConsoleA
WriteConsoleA
SetCurrentDirectoryW
GetNumberFormatW
CloseHandle
UrlCreateFromPathA
UrlIsNoHistoryW
UrlIsA
UrlCompareA
PathCombineA
UrlUnescapeA
PathCommonPrefixA
UrlGetPartA
PathCompactPathA
UrlEscapeA
UrlHashA
UrlGetLocationA
UrlIsOpaqueA
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSFreeMemory
WTSRegisterSessionNotification
WTSSendMessageA
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSVirtualChannelQuery
WTSEnumerateServersA
CAEnumFirstCA
CAEnumNextCA
CACloseCA
CACloseCertType
CountryRunOnce
InvokeControlPanel
vSetDdrawflag
GradientFill
DllInitialize
TransparentBlt
AlphaBlend
NDdeShareGetInfoA
NDdeShareDelA
NDdeShareEnumA
NDdeShareSetInfoA
NDdeShareAddA
wsprintfA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
GetWindowLongA
PostMessageA
DrawIcon
IsZoomed
DialogBoxParamA
PeekMessageA
SetCursorPos
GetWindowTextA
GetCaretPos
GetPropA
IsCharLowerW
CharToOemA
Number of PE resources by type
RT_ICON 2
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:19 12:16:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
23040

SubsystemVersion
5.1

EntryPoint
0x2345

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 ae569e20f223d8b74e512512dd726e03
SHA1 99eaff3d332a8a17864bf35ef2508c914ddf2759
SHA256 3c057a4402394a7f2f2f6b1841154be50816dec8217d1509f921b2f82d4396a1
ssdeep
384:avVbGfXrY45es0Ql72neq1wNbam9KZMI6xELvQpRGOzCT1Vw:OVbKXrpestwC8mlELvQpa

authentihash 0085e109f824da1b85d80cae62e35d2de64bf95fdcc49ea695d6b9771ceb2ae3
imphash 39dbc9bb8e435aa4a792b6f8d9ba63b9
Tamaño del fichero 29.0 KB ( 29696 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-19 12:35:47 UTC ( hace 3 años, 10 meses )
Last submission 2015-01-22 01:34:32 UTC ( hace 3 años, 10 meses )
Nombres phytochrome.scr
phytochrome-scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections