× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 15738d22ac6eacf1f54cc155bde72d368f81ab2525dd2f64733a36e31d8b137e
Nombre: Asrar_2.exe
Detecciones: 6 / 67
Fecha de análisis: 2017-11-15 12:41:33 UTC ( hace 1 año, 2 meses ) Ver el más reciente
Antivirus Resultado Actualización
Jiangmin Trojan/VB.bpor 20171115
McAfee Artemis!B9A1BF137AEC 20171115
McAfee-GW-Edition Artemis!Trojan 20171115
TheHacker Trojan/VB.bikq 20171112
TrendMicro-HouseCall Suspicious_GEN.F47V0913 20171115
Zillya Trojan.VB.Win32.94932 20171115
Ad-Aware 20171115
AegisLab 20171115
AhnLab-V3 20171115
Alibaba 20170911
ALYac 20171115
Antiy-AVL 20171115
Arcabit 20171115
Avast 20171115
Avast-Mobile 20171115
AVG 20171115
Avira (no cloud) 20171115
AVware 20171115
Baidu 20171115
BitDefender 20171115
Bkav 20171115
CAT-QuickHeal 20171114
ClamAV 20171115
CMC 20171109
Comodo 20171115
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171115
Cyren 20171115
DrWeb 20171115
eGambit 20171115
Emsisoft 20171115
Endgame 20171024
ESET-NOD32 20171115
F-Prot 20171115
F-Secure 20171115
Fortinet 20171115
GData 20171115
Ikarus 20171115
Sophos ML 20170914
K7AntiVirus 20171115
K7GW 20171115
Kaspersky 20171115
Kingsoft 20171115
Malwarebytes 20171115
MAX 20171115
Microsoft 20171115
eScan 20171115
NANO-Antivirus 20171115
nProtect 20171115
Palo Alto Networks (Known Signatures) 20171115
Panda 20171114
Qihoo-360 20171115
Rising 20171115
SentinelOne (Static ML) 20171113
Sophos AV 20171115
SUPERAntiSpyware 20171115
Symantec 20171115
Symantec Mobile Insight 20171115
Tencent 20171115
TrendMicro 20171115
Trustlook 20171115
VBA32 20171115
VIPRE 20171115
ViRobot 20171115
Webroot 20171115
WhiteArmor 20171104
Yandex 20171114
ZoneAlarm by Check Point 20171115
Zoner 20171115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Asrar El Mojahedeen
Internal name Asrar El Moujahedeen
File version 2.0.0.000
Description Ekhlaas Islamic Network Public Key Strong Encryption
Comments Ekhlaas Islamic Network
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0010ADE8
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegFlushKey
RegQueryValueExA
RegCloseKey
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
InitCommonControls
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameA
GetSaveFileNameA
PolyPolyline
SetMapMode
GetWindowOrgEx
GetNearestColor
GetTextMetricsA
CombineRgn
GetTextExtentPointA
SetPixel
EndDoc
IntersectClipRect
CopyEnhMetaFileA
CreateEllipticRgn
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetPaletteEntries
SetWindowExtEx
SetViewportExtEx
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetStretchBltMode
GetCurrentPositionEx
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
GetDeviceCaps
SetAbortProc
CreateBrushIndirect
SelectPalette
SetROP2
EndPage
SetDIBColorTable
DeleteObject
CreatePenIndirect
PatBlt
GetClipBox
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
StartPage
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
CreatePolygonRgn
CreateICA
CreateHalftonePalette
GetRgnBox
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
CreateSolidBrush
Polyline
CreateCompatibleBitmap
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetTempPathA
WideCharToMultiByte
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetSystemTime
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
MulDiv
GetSystemDirectoryA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
EnterCriticalSection
LoadLibraryW
FreeLibrary
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
GlobalLock
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetCurrentThreadId
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoGetMalloc
IsEqualGUID
CoTaskMemFree
SafeArrayAccessData
SafeArrayGetElement
SafeArrayPtrOfIndex
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
GetErrorInfo
SysFreeString
SafeArrayPutElement
VariantChangeTypeEx
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetDesktopFolder
Ord(4)
SHGetPathFromIDListA
ShellExecuteA
Ord(2)
SHFileOperationA
RedrawWindow
GetMessagePos
SetWindowRgn
DestroyWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
GetWindowTextW
EnumClipboardFormats
LockWindowUpdate
GetWindowTextLengthW
CharLowerA
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetMenuState
DestroyIcon
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
CharUpperW
PeekMessageA
ChildWindowFromPoint
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
ActivateKeyboardLayout
RegisterClassW
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
DeferWindowPos
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetUpdateRect
GetMenuStringW
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
MapVirtualKeyW
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
MapWindowPoints
IsCharAlphaNumericA
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
SetKeyboardState
GetKeyNameTextW
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
GetDCEx
GetDlgItem
ScreenToClient
PostMessageW
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
BeginDeferWindowPos
ValidateRect
SetWindowsHookExW
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
CreateIcon
GetCapture
WaitMessage
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
GetMenu
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
EnableMenuItem
CreateMDIWindowW
GetKeyNameTextA
DefFrameProcW
IsWindowVisible
GetDesktopWindow
GetClipboardData
WinHelpA
UnionRect
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CallWindowProcW
GetClassNameW
CharLowerBuffA
GetClassInfoW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_BITMAP 36
RT_RCDATA 21
RT_STRING 20
RT_GROUP_CURSOR 7
RT_ICON 7
RT_CURSOR 7
RT_GROUP_ICON 7
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 91
ARABIC JORDAN 16
ENGLISH UK 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Ekhlaas Islamic Network

InitializedDataSize
4877312

ImageVersion
0.0

ProductName
Asrar El Mojahedeen

FileVersionNumber
2.0.0.100

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
2.0.0.000

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Asrar El Moujahedeen

ProductVersion
2.0.0.000

FileDescription
Ekhlaas Islamic Network Public Key Strong Encryption

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ekhlaas Islamic Network

CodeSize
1089536

FileSubtype
0

ProductVersionNumber
2.0.0.100

EntryPoint
0x10ade8

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b9a1bf137aecbd36e234fa08bb4ac69b
SHA1 b24b2d9159dfbd3eb28993cd6bbb2fe05e4d2d8a
SHA256 15738d22ac6eacf1f54cc155bde72d368f81ab2525dd2f64733a36e31d8b137e
ssdeep
98304:ksxCo/v/02JhgRM/C2JugRM/u2Y5KxRb/Kl2JhgRM/C2JugRM/u2Y5KxRb/KC2JQ:ksx7P02JhgRM/C2JugRM/u2Y5KxRb/KB

authentihash 8a1f2b2c85b2e0676f33e9303473655b21785fea590f0de936e8d32be0648dde
imphash c3a0daa6cb6083df8ae0cc9f71766b81
Tamaño del fichero 5.7 MB ( 5967872 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 5 (84.9%)
InstallShield setup (8.1%)
Win32 Executable Delphi generic (2.6%)
DOS Borland compiled Executable (generic) (1.8%)
Win32 Executable (generic) (0.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2009-06-07 06:53:21 UTC ( hace 9 años, 7 meses )
Last submission 2018-10-17 00:40:28 UTC ( hace 3 meses, 1 semana )
Nombres Copie de Asrar_2.exe
Asrar_2.exe
smona131637068288081794092
Asrar_2.exe
Asrar_4.exe
Asrar-2.exe
Mujahiddeen Secrets (Asrar).exe
vt-upload-htpgv
b24b2d9159dfbd3eb28993cd6bbb2fe05e4d2d8a.bin
temp766.exe
smona_15738d22ac6eacf1f54cc155bde72d368f81ab2525dd2f64733a36e31d8b137e.bin
Asrar_2.exe
_.exe
smona131538527256442098267
Asrar_2.exe9
smona131685878350722273347
asrar_2.exe
teste.exe
b9a1bf137aecbd36e234fa08bb4ac69b
I_Decrypted_new_Asrar_2_Asrar_3_exe_
15738d22ac6eacf1f54cc155bde72d368f81ab2525dd2f64733a36e31d8b137e.exe
file-3319354_exe
Asrar El Moujahedeen
5_652268192093175859.exe
Asrar_2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.