× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 373374262ca7b22aa9702b169e7a7188c3c19af0c53b5d4ec7c029a4fb8c3b57
Nombre: lsm.gxe
Detecciones: 35 / 68
Fecha de análisis: 2018-06-14 13:35:31 UTC ( hace 10 meses, 1 semana ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Gen:Variant.Symmi.31000 20180614
AegisLab Uds.Dangerousobject.Multi!c 20180614
AhnLab-V3 Trojan/Win32.Kryptik.C2567359 20180614
ALYac Gen:Variant.Symmi.31000 20180614
Arcabit Trojan.Symmi.D7918 20180614
Avast FileRepMetagen [Malware] 20180614
AVG FileRepMetagen [Malware] 20180614
BitDefender Gen:Variant.Symmi.31000 20180614
CMC Heur.Win32.VBKrypt.3!O 20180614
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.42f67b 20180225
Cylance Unsafe 20180614
Cyren W32/Trojan.ONSI-0995 20180614
Emsisoft Gen:Variant.Symmi.31000 (B) 20180614
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/GenKryptik.CCKL 20180614
F-Secure Gen:Variant.Symmi.31000 20180614
Fortinet W32/Injector.CAFG!tr 20180614
GData Gen:Variant.Symmi.31000 20180614
Ikarus Win32.Outbreak 20180614
Sophos ML heuristic 20180601
Kaspersky Trojan.Win32.Khalesi.fmb 20180614
Malwarebytes Spyware.TrickBot 20180614
MAX malware (ai score=98) 20180614
McAfee Artemis!62FBDFD42F67 20180614
McAfee-GW-Edition BehavesLike.Win32.Fareit.fh 20180613
eScan Gen:Variant.Symmi.31000 20180614
NANO-Antivirus Trojan.Win32.GenKryptik.feazgm 20180614
Palo Alto Networks (Known Signatures) generic.ml 20180614
Panda Trj/GdSda.A 20180614
Qihoo-360 Win32/Trojan.d55 20180614
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180614
TrendMicro-HouseCall TROJ_GEN.R002H09FE18 20180614
ZoneAlarm by Check Point Trojan.Win32.Khalesi.fmb 20180614
Alibaba 20180614
Antiy-AVL 20180614
Avast-Mobile 20180613
Avira (no cloud) 20180614
AVware 20180614
Babable 20180406
Baidu 20180614
Bkav 20180614
CAT-QuickHeal 20180614
ClamAV 20180614
Comodo 20180613
DrWeb 20180614
eGambit 20180614
F-Prot 20180614
Jiangmin 20180614
K7AntiVirus 20180614
K7GW 20180614
Kingsoft 20180614
Microsoft 20180614
Rising 20180614
Sophos AV 20180614
SUPERAntiSpyware 20180614
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180614
TheHacker 20180613
TotalDefense 20180614
TrendMicro 20180614
Trustlook 20180614
VBA32 20180614
VIPRE 20180614
ViRobot 20180614
Webroot 20180614
Yandex 20180614
Zillya 20180614
Zoner 20180613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BOSCH-7

Product BOSCH-7
Original name BOSCH-7.EXE
Internal name BOSCH-7
File version 1.00
Description BOSCH-7
Comments BOSCH-7
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-12 20:52:01
Entry Point 0x000012CC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
Ord(546)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
__vbaFPException
Ord(695)
_adj_fdivr_m64
_adj_fprem
__vbaR4Var
_adj_fpatan
Ord(650)
EVENT_SINK_AddRef
Ord(676)
Ord(629)
Ord(714)
_adj_fdiv_m32i
Ord(647)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
Ord(671)
Ord(610)
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_r
Ord(100)
Ord(677)
__vbaFreeVar
__vbaFreeStr
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
_CIcos
Ord(713)
__vbaVarDiv
_adj_fptan
Ord(685)
Ord(593)
__vbaObjSet
__vbaI4Var
Ord(538)
Ord(613)
__vbaVarMove
_CIatan
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
380928

SubsystemVersion
4.0

Comments
BOSCH-7

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
BOSCH-7

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x12cc

OriginalFileName
BOSCH-7.EXE

MIMEType
application/octet-stream

LegalCopyright
BOSCH-7

FileVersion
1.0

TimeStamp
2018:06:12 13:52:01-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
BOSCH-7

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BOSCH-7

LegalTrademarks
BOSCH-7

ProductName
BOSCH-7

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 62fbdfd42f67bf89fa92d661bf841a27
SHA1 d10ab999901015bc92c6d40e7015ac58356cfdb2
SHA256 373374262ca7b22aa9702b169e7a7188c3c19af0c53b5d4ec7c029a4fb8c3b57
ssdeep
6144:qGG1rihNIohTZ/juVZuWmUbUZTI9QNi41EuuMtEI:qGG1r0IohhjOAZAu1y

authentihash 20172c84fbc0ca091629c2037ed2375a4f532ed78c7d79fafa9f935c2c1a0ff2
imphash 7d34a052d8f5b1cf1005c6c76aafedfa
Tamaño del fichero 396.0 KB ( 405504 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-14 00:30:37 UTC ( hace 10 meses, 1 semana )
Last submission 2018-06-15 07:11:55 UTC ( hace 10 meses, 1 semana )
Nombres BOSCH-7
lsm.exe
BOSCH-7.EXE
cl.exe
lsm.gxe
f5ae30bbc922dd5b62f5204ca89c3de9eb7a5c91
cl.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.