× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 1b71e579af7c138736de3dce6fcfa1c3a173be66be0e8bf5a8ffbd70a4a11296
Nombre: agent.exe
Detecciones: 16 / 55
Fecha de análisis: 2015-06-27 18:20:33 UTC ( hace 3 años, 3 meses ) Ver el más reciente
Antivirus Resultado Actualización
Yandex Riskware.RemoteAdmin.DI 20150626
Antiy-AVL RiskWare[RemoteAdmin:not-a-virus]/Win32.Agent 20150627
Avira (no cloud) APPL/MonitorTool.Gen 20150627
Baidu-International Hacktool.Win32.Agent.lr 20150627
Bkav W32.HfsAdware.A773 20150627
DrWeb Program.RemoteAdmin.753 20150627
ESET-NOD32 a variant of Win32/RemoteAdmin.RemoteUtilities.H potentially unsafe 20150627
Fortinet Riskware/RemoteAdmin_RemoteUtilities 20150627
GData Win32.Trojan.Agent.THCX4X 20150627
K7AntiVirus Unwanted-Program ( 004c20111 ) 20150627
K7GW Unwanted-Program ( 004c20111 ) 20150627
Kaspersky not-a-virus:RemoteAdmin.Win32.Agent.lr 20150627
McAfee Artemis!96B0F4E1BE6C 20150627
McAfee-GW-Edition Artemis!PUP 20150627
NANO-Antivirus Riskware.Win32.RemoteAdmin.dqmufp 20150627
Panda Generic Suspicious 20150627
Ad-Aware 20150627
AegisLab 20150626
AhnLab-V3 20150627
Alibaba 20150626
ALYac 20150627
Arcabit 20150627
Avast 20150627
AVG 20150627
AVware 20150627
BitDefender 20150627
ByteHero 20150627
CAT-QuickHeal 20150627
ClamAV 20150626
Comodo 20150627
Cyren 20150627
Emsisoft 20150627
F-Prot 20150627
F-Secure 20150627
Ikarus 20150627
Jiangmin 20150626
Kingsoft 20150627
Malwarebytes 20150627
Microsoft 20150627
eScan 20150627
nProtect 20150626
Qihoo-360 20150627
Rising 20150627
Sophos AV 20150627
SUPERAntiSpyware 20150627
Symantec 20150627
Tencent 20150627
TheHacker 20150626
TrendMicro 20150627
TrendMicro-HouseCall 20150627
VBA32 20150626
VIPRE 20150627
ViRobot 20150627
Zillya 20150627
Zoner 20150627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Usoris LLC. All rights reserved.

Publisher Usoris Systems
Product Remote Utilities
Original name Remote Utilities
File version 6.3
Description Remote Utilities
Signature verification Signed file, verified signature
Signing date 2:06 AM 6/17/2015
Signers
[+] Usoris Systems
Status Valid
Issuer None
Valid from 1:00 AM 2/2/2015
Valid to 12:59 AM 5/4/2017
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 61C939DA1E80C33B935595E168EB6D732206498A
Serial number 28 10 85 93 51 B0 89 06 D0 02 93 C0 9A 25 5A
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer None
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:20
Entry Point 0x000121CF
Number of sections 4
PE sections
Overlays
MD5 e50a223e2f6cb621181cd9efed1beecb
File type data
Offset 143360
Size 3578280
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 9
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.0.4

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
71168

EntryPoint
0x121cf

OriginalFileName
Remote Utilities

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Usoris LLC. All rights reserved.

FileVersion
6.3

TimeStamp
2011:04:28 12:38:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.3

FileDescription
Remote Utilities

OSVersion
4.0

FileOS
Unknown (0x50004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Usoris LLC

CodeSize
71680

ProductName
Remote Utilities

ProductVersionNumber
6.3.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 96b0f4e1be6c0bb17de12bce924bcfa7
SHA1 714c7e18d951fa1269a128f1c1b4147eba268f0d
SHA256 1b71e579af7c138736de3dce6fcfa1c3a173be66be0e8bf5a8ffbd70a4a11296
ssdeep
98304:7uw2agAVHV7RhwXKgoIZc4jxyV5WZ7fYH/vK5y8NTNTF0b:7tjgAz7RaSIZcq207fEvKo0TNT+

authentihash 7f5afa95bc5547feaca6bee9eefaf38c319fc5ad0ac1f1f390450116259ce0d4
imphash c769210c368165fcb9c03d3f832f55eb
Tamaño del fichero 3.5 MB ( 3721640 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-06-19 06:35:24 UTC ( hace 3 años, 4 meses )
Last submission 2015-07-15 08:01:43 UTC ( hace 3 años, 3 meses )
Nombres Agent.exe
Remote Utilities
agent.exe
687982
96B0F4E1BE6C0BB17DE12BCE924BCFA7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.