× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 1d399729475b6ad39ed5ef1519be4abe7e8b80c49ef9497ee5101fb21a533ce0
Nombre: conlhost.exe
Detecciones: 47 / 56
Fecha de análisis: 2016-12-18 13:40:53 UTC ( hace 1 año, 10 meses )
Antivirus Resultado Actualización
Ad-Aware Gen:Variant.Ransom.Seven.17 20161218
AegisLab Gen.Variant.Zusy!c 20161217
AhnLab-V3 Trojan/Win32.Cryptolocker.R178776 20161218
ALYac Gen:Variant.Ransom.Seven.17 20161218
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161218
Arcabit Trojan.Ransom.Seven.17 20161218
Avast Win32:Malware-gen 20161218
AVG Generic_r.IOV 20161218
Avira (no cloud) TR/Crypt.Xpack.onvj 20161218
AVware Trojan.Win32.Injector.cdgy (v) 20161218
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Gen:Variant.Ransom.Seven.17 20161218
Bkav W32.BckdrAndromJ.Trojan 20161217
CAT-QuickHeal Ransom.Tescrypt.A5 20161217
Comodo TrojWare.Win32.Injector.DCW 20161218
Cyren W32/S-c72660e8!Eldorado 20161218
DrWeb Trojan.Packed2.37677 20161218
Emsisoft Gen:Variant.Ransom.Seven.17 (B) 20161218
ESET-NOD32 Win32/Filecoder.7ev3n.B 20161218
F-Prot W32/S-c72660e8!Eldorado 20161218
F-Secure Gen:Variant.Ransom.Seven.17 20161218
Fortinet W32/Injector.DCTY!tr 20161218
GData Gen:Variant.Ransom.Seven.17 20161218
Ikarus Backdoor.Win32.Androm 20161218
Sophos ML trojan.win32.matsnu.q 20161216
Jiangmin Backdoor.Androm.gov 20161218
K7AntiVirus Trojan ( 004e659f1 ) 20161218
K7GW Trojan ( 004e659f1 ) 20161218
Kaspersky HEUR:Trojan.Win32.Generic 20161218
Malwarebytes Trojan.MalPack 20161218
McAfee PWSZbot-FAQK!AA19E546531D 20161218
McAfee-GW-Edition PWSZbot-FAQK!AA19E546531D 20161218
Microsoft Trojan:Win32/Skeeyah.A!rfn 20161218
eScan Gen:Variant.Ransom.Seven.17 20161218
NANO-Antivirus Trojan.Win32.Encoder.ebqrvy 20161218
Panda Trj/CI.A 20161218
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20161218
Rising Malware.Obscure!1.9C59-RhUvxdhysUI (cloud) 20161218
Sophos AV Mal/Zbot-UM 20161218
Symantec Ransom.Seven 20161218
Tencent Win32.Trojan.Filecoder.Llqv 20161218
TheHacker Trojan/Filecoder.7ev3n.b 20161214
TrendMicro Ransom_EMPER.CBQ164M 20161218
TrendMicro-HouseCall Ransom_EMPER.CBQ164M 20161218
VBA32 Backdoor.Androm 20161216
VIPRE Trojan.Win32.Injector.cdgy (v) 20161218
Yandex Backdoor.Androm!DoUPvR5KYms 20161217
Alibaba 20161216
ClamAV 20161218
CMC 20161218
CrowdStrike Falcon (ML) 20161024
Kingsoft 20161218
nProtect 20161218
SUPERAntiSpyware 20161218
TotalDefense 20161218
Trustlook 20161218
ViRobot 20161218
WhiteArmor 20161212
Zillya 20161216
Zoner 20161218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-12 16:56:45
Entry Point 0x00005996
Number of sections 6
PE sections
Overlays
MD5 5f2ea8f663d17df3234d62f3d9f960b7
File type data
Offset 73728
Size 416295
Entropy 8.00
PE imports
RegQueryValueExW
GetObjectA
GetCharABCWidthsFloatA
GetCharacterPlacementW
GetTextMetricsA
GetObjectW
GetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
SetFilePointer
GetModuleFileNameW
GlobalFree
CreateFileW
LCMapStringA
HeapAlloc
GetStartupInfoW
GetStringTypeW
GetModuleHandleW
HeapSize
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(4435)
Ord(755)
Ord(3577)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(795)
Ord(616)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(3917)
Ord(2570)
Ord(2506)
Ord(2388)
Ord(3716)
Ord(567)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(2403)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(3087)
Ord(4269)
Ord(2504)
Ord(4213)
Ord(4392)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(2746)
Ord(5977)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4692)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(2015)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(2546)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4370)
Ord(4270)
Ord(2634)
Ord(5286)
Ord(6370)
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??7ios_base@std@@QBE_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Bios_base@std@@QBEPAXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
_except_handler3
__p__fmode
__CxxFrameHandler
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
GetCapture
GetSystemMetrics
SetTimer
SendMessageW
IsIconic
ReleaseDC
EnableWindow
LoadIconW
GetClientRect
DrawIcon
SendMessageA
KillTimer
GetSystemMenu
CreateDialogParamA
GetWindowPlacement
GetDC
InvalidateRect
Number of PE resources by type
RT_BITMAP 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE SIMPLIFIED 2
SPANISH MODERN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
16

LanguageCode
Greek

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x5996

OriginalFileName
Puzzle.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2015

FileVersion
1, 0, 0, 1

TimeStamp
2016:04:12 17:56:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Puzzle

ProductVersion
1, 0, 0, 1

FileDescription
Puzzle

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

ProductName
Puzzle

ProductVersionNumber
1.0.0.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 aa19e546531df221e18ca06899ea3624
SHA1 143b65196e981e781cff8517b39a690c2afc3eb7
SHA256 1d399729475b6ad39ed5ef1519be4abe7e8b80c49ef9497ee5101fb21a533ce0
ssdeep
6144:e2lSZ9YaxnwaCd8MljnhQJhOyEpBVqGxnz0IT1ClGd4UlUZxg9FehH5okmgAw:e2Uh4dTZqhOZBVqmz0IT1Yq4TxcehZlx

authentihash 22e996bfdc6bee1aebcf56482fab99f2b46173ddffb9758d57b826a26d03dc38
imphash 88803cecfbc7cd6c2bef1eadbd8df5ca
Tamaño del fichero 478.5 KB ( 490023 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-21 15:42:17 UTC ( hace 2 años, 6 meses )
Last submission 2016-04-21 15:42:17 UTC ( hace 2 años, 6 meses )
Nombres conlhost.exe
7ev3n_honest.exe
7ev3n_honest.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications