× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 3759fa4f4afb1324ba3465d9251d9fcc920f451d169d9cbadec4c36139d7e00c
Nombre: 08bb987f9aac11b60451715ea29b8a8a5aeb18da
Detecciones: 29 / 64
Fecha de análisis: 2019-03-01 18:08:44 UTC ( hace 2 meses, 3 semanas )
Antivirus Resultado Actualización
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31738577 20190301
AhnLab-V3 Malware/Win32.Generic.C2950469 20190301
ALYac Trojan.GenericKD.31738577 20190301
Arcabit Trojan.Generic.D1E44AD1 20190301
Avast Win32:Adware-gen [Adw] 20190301
AVG Win32:Adware-gen [Adw] 20190301
Avira (no cloud) HEUR/AGEN.1010414 20190301
BitDefender Trojan.GenericKD.31738577 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_90% (D) 20190212
Cybereason malicious.739fa9 20190109
Emsisoft Trojan.GenericKD.31738577 (B) 20190301
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190301
F-Secure Heuristic.HEUR/AGEN.1010414 20190301
GData Trojan.GenericKD.31738577 20190301
Ikarus PUA.OxyPumper 20190301
Jiangmin RiskTool.BitCoinMiner.jrn 20190301
Kaspersky UDS:DangerousObject.Multi.Generic 20190301
MAX malware (ai score=89) 20190301
McAfee RDN/Generic PUP.z 20190301
McAfee-GW-Edition BehavesLike.Win32.PUPXBB.dh 20190301
Microsoft Trojan:Win32/Fuery.C!cl 20190301
eScan Trojan.GenericKD.31738577 20190301
Qihoo-360 HEUR/QVM20.1.8E9B.Malware.Gen 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190301
VBA32 suspected of Trojan.Downloader.gen.h 20190301
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190301
AegisLab 20190301
Alibaba 20180921
Antiy-AVL 20190301
Avast-Mobile 20190301
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190228
ClamAV 20190228
CMC 20190301
Comodo 20190301
Cyren 20190301
DrWeb 20190301
eGambit 20190301
Fortinet 20190301
Sophos ML 20181128
K7AntiVirus 20190301
K7GW 20190301
Kingsoft 20190301
Malwarebytes 20190301
NANO-Antivirus 20190301
Palo Alto Networks (Known Signatures) 20190301
Panda 20190301
Sophos AV 20190301
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190301
Tencent 20190301
TheHacker 20190225
TotalDefense 20190301
Trapmine 20190301
Trustlook 20190301
VIPRE 20190301
ViRobot 20190301
Webroot 20190301
Yandex 20190301
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-28 12:32:53
Entry Point 0x00017CB7
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
wvsprintfW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:02:28 13:32:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
194560

LinkerVersion
14.16

FileTypeExtension
exe

InitializedDataSize
109056

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x17cb7

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d089fdb739fa90f67246c2a565eeb395
SHA1 08bb987f9aac11b60451715ea29b8a8a5aeb18da
SHA256 3759fa4f4afb1324ba3465d9251d9fcc920f451d169d9cbadec4c36139d7e00c
ssdeep
6144:PBLUc2Xk2e1IzRvB4xLvctoZ69fUuzPoAOL1MfXDuJ/S:PBLU7Xk2e1IzRvB4xLvUCOM96XDuJ/S

authentihash 78539dd8acecb505aebfcb66b95938e87d59b12c599c8a30184bffbe86cf9a9f
imphash 3b4db2ed881907ec403e063f1ee71fad
Tamaño del fichero 294.0 KB ( 301056 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-01 18:08:44 UTC ( hace 2 meses, 3 semanas )
Last submission 2019-03-01 18:08:44 UTC ( hace 2 meses, 3 semanas )
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections