× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 05b96b412347a1383d7add644b2bc29142ec79df581655ffca4731dbde742d40
Nombre: s1.exe
Detecciones: 31 / 54
Fecha de análisis: 2017-01-08 23:27:57 UTC ( hace 5 meses, 2 semanas ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.4140606 20170108
AegisLab Troj.W32.Gen.lXlr 20170108
AhnLab-V3 Trojan/Win32.Derbit.C1738067 20170108
Arcabit Trojan.Generic.D3F2E3E 20170108
Avast Win32:Malware-gen 20170108
Avira (no cloud) TR/Crypt.Xpack.mpaze 20170108
AVware Trojan.Win32.Generic!BT 20170108
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170107
BitDefender Trojan.GenericKD.4140606 20170108
DrWeb Trojan.PWS.Siggen1.60844 20170108
Emsisoft Trojan.GenericKD.4140606 (B) 20170108
ESET-NOD32 Win32/TrojanDownloader.Agent.CZA 20170108
F-Secure Trojan.GenericKD.4140606 20170108
Fortinet W32/Agent.CZA!tr.dldr 20170108
GData Trojan.GenericKD.4140606 20170108
Ikarus Trojan-Downloader.Win32.Agent 20170108
Invincea virus.win32.sality.am 20161216
K7GW Trojan-Downloader ( 004fffe51 ) 20170108
Kaspersky Trojan-Spy.Win32.Zbot.xxvg 20170108
McAfee RDN/Suspicious.bfr 20170108
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170108
Microsoft Trojan:Win32/Derbit.A 20170108
eScan Trojan.GenericKD.4140606 20170108
nProtect Trojan-Spy/W32.ZBot.244224.BH 20170108
Panda Trj/CI.A 20170108
Sophos Mal/Generic-S 20170108
Tencent Win32.Trojan-downloader.Agent.Lmkz 20170109
TrendMicro TROJ_GEN.R01BC0DA717 20170108
TrendMicro-HouseCall TROJ_GEN.R01BC0DA717 20170109
VIPRE Trojan.Win32.Generic!BT 20170108
ViRobot Trojan.Win32.Z.Agent.244224.BU[h] 20170108
Alibaba 20170108
ALYac 20170108
Antiy-AVL 20170108
AVG 20170108
Bkav 20170107
CAT-QuickHeal 20170107
ClamAV 20170108
CMC 20170108
Comodo 20170108
CrowdStrike Falcon (ML) 20161024
Cyren 20170108
F-Prot 20170108
Jiangmin 20170108
K7AntiVirus 20170108
Kingsoft 20170109
Malwarebytes 20170108
NANO-Antivirus 20170108
Qihoo-360 20170109
Rising 20170108
SUPERAntiSpyware 20170108
TheHacker 20170108
Trustlook 20170109
VBA32 20170106
WhiteArmor 20161221
Yandex 20170106
Zillya 20170104
Zoner 20170108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Burnaware. All rights reserved.

Product 396
File version 7.7.6.687
Description Tragedy Nonprofessional Mycollection
Comments Tragedy Nonprofessional Mycollection
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-05 10:45:04
Entry Point 0x0000752C
Number of sections 5
PE sections
PE imports
ReadEventLogA
OpenProcessToken
CloseEventLog
PrivilegeCheck
OpenThreadToken
GetOldestEventLogRecord
OpenEventLogW
GetOpenFileNameA
FindTextA
CreatePen
SaveDC
TextOutA
ColorMatchToTarget
GetClipBox
GetObjectType
GetDeviceCaps
DeleteDC
GetMapMode
DeleteObject
BitBlt
CreateEllipticRgn
GetStockObject
GetDIBits
CreateCompatibleDC
StretchDIBits
SelectObject
ColorCorrectPalette
SetTextJustification
CreateSolidBrush
Polyline
GetBkColor
CreateCompatibleBitmap
CheckColorsInGamut
EnumUILanguagesA
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
SetConsoleWindowInfo
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleScreenBufferSize
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
MoveFileExA
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GlobalLock
lstrcpyA
GetTimeFormatA
GetProcAddress
LocalSize
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SysFreeString
VariantInit
SysAllocString
SHBindToParent
SHParseDisplayName
PathRemoveBackslashA
UrlUnescapeW
PathRelativePathToA
wnsprintfA
GetMessageA
GetCursorInfo
SetCapture
EndDialog
LoadMenuA
HideCaret
SetCaretPos
ReleaseCapture
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowLongA
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
GetMenu
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
PostMessageA
MoveWindow
GetDlgItemTextA
RegisterWindowMessageA
MessageBoxA
PeekMessageA
CopyImage
IsWindowEnabled
GetSysColor
GetDlgItemInt
CheckDlgButton
GetDC
RegisterClassExA
GetCursorPos
SystemParametersInfoA
BeginPaint
GetIconInfo
ShowCaret
SendMessageW
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
ScreenToClient
SetRect
InvalidateRect
DrawFocusRect
SetTimer
LoadCursorA
LoadIconA
FillRect
IsDlgButtonChecked
SetDlgItemInt
IsRectEmpty
GetCursor
ReleaseDC
EndPaint
SetCursor
DestroyWindow
GetThemeSysColorBrush
GetThemeSysBool
WTSQuerySessionInformationA
GdipCreateFromHDC
GdipCreatePen1
GdipDisposeImage
GdipCreateBitmapFromGraphics
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeletePen
ReleaseStgMedium
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_STRING 9
RT_BITMAP 7
UNICODEDATA 5
BIN 4
Struct(240) 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Tragedy Nonprofessional Mycollection

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.7.6.687

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
144384

PrivateBuild
7.7.6.687

EntryPoint
0x752c

MIMEType
application/octet-stream

LegalCopyright
Copyright Burnaware. All rights reserved.

FileVersion
7.7.6.687

TimeStamp
2017:01:05 11:45:04+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
7.7.6.687

FileDescription
Tragedy Nonprofessional Mycollection

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Burnaware

CodeSize
98816

ProductName
396

ProductVersionNumber
7.7.6.687

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 39b541bfb60c2ae1981ece634be963cf
SHA1 eafff1c7c7f3b80020d289cb015ba819c34a32f7
SHA256 05b96b412347a1383d7add644b2bc29142ec79df581655ffca4731dbde742d40
ssdeep
6144:3U23XMS5h26v2H8uzGY+3iGFTnZYEwbY:k23r5Y62H8uzG5iuT7

authentihash 01d2ed251bc10629177150c2978fd5603c3dfcb410ca2ff5085ad8652cbf5283
imphash 4661bbad23fc1ae0806fa02675c13e28
Tamaño del fichero 238.5 KB ( 244224 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-05 16:40:39 UTC ( hace 5 meses, 2 semanas )
Last submission 2017-04-16 20:15:07 UTC ( hace 2 meses, 1 semana )
Nombres 2017-01-06-Sundown-EK-payload-Terdot.A-Zloader.exe-
226.exe
Sundown-EK-payload-Terdot.A-Zloader.exe
2017-01-06-Sundown-EK-payload-Terdot.A-Zloader.exe
2017-01-06-Sundown-EK-payload.exe
225.exe
weviyro.exe
s1.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications