× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 3e8e2946ba1b848e9a8c3e4694255d1375deb41d576dad52c02148714940a746
Nombre: ofinor_remote.exe
Detecciones: 20 / 52
Fecha de análisis: 2014-05-21 15:56:42 UTC ( hace 4 años, 12 meses ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Trojan.Generic.11287180 20140521
Baidu-International Hacktool.Win32.RemoteAdmin.ASS 20140521
BitDefender Trojan.Generic.11287180 20140521
Emsisoft Trojan.Generic.11287180 (B) 20140521
F-Secure Trojan.Generic.11287180 20140521
Fortinet Riskware/Autoit 20140521
GData Trojan.Generic.11287180 20140521
Ikarus not-a-virus:RemoteAdmin.Win32.WinVNC 20140521
K7AntiVirus Riskware ( 0040f10b1 ) 20140521
K7GW Riskware ( 0040f10b1 ) 20140521
Kaspersky not-a-virus:RemoteAdmin.Win32.Autoit.c 20140521
McAfee Artemis!1D540842E652 20140521
McAfee-GW-Edition Artemis!1D540842E652 20140521
eScan Trojan.Generic.11287180 20140521
NANO-Antivirus Riskware.Win32.RemoteAdmin.zfqwn 20140521
nProtect Trojan.Generic.11287180 20140521
Panda Trj/Autoit.gen 20140521
Qihoo-360 Win32/Virus.RemoteAdmin.125 20140521
Symantec WS.Reputation.1 20140521
TrendMicro-HouseCall TROJ_GEN.F47V0513 20140521
AegisLab 20140521
Yandex 20140521
AhnLab-V3 20140521
AntiVir 20140521
Antiy-AVL 20140521
Avast 20140521
AVG 20140521
Bkav 20140521
ByteHero 20140521
CAT-QuickHeal 20140521
ClamAV 20140521
CMC 20140521
Commtouch 20140521
Comodo 20140520
DrWeb 20140521
ESET-NOD32 20140521
F-Prot 20140521
Jiangmin 20140521
Kingsoft 20140521
Malwarebytes 20140521
Microsoft 20140521
Norman 20140521
Rising 20140520
Sophos AV 20140521
SUPERAntiSpyware 20140521
Tencent 20140515
TheHacker 20140520
TotalDefense 20140521
TrendMicro 20140521
VBA32 20140521
VIPRE 20140521
ViRobot 20140521
Zillya 20140521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 6, 1
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-16 07:47:33
Entry Point 0x000B2B80
Number of sections 3
PE sections
Overlays
MD5 af96730face735bc2ca7a31775a25982
File type data
Offset 278528
Size 782481
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
SafeArrayUnaccessData
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 17
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
458752

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
3.3.6.1

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0xb2b80

MIMEType
application/octet-stream

FileVersion
3, 3, 6, 1

TimeStamp
2010:04:16 08:47:33+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 6, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
270336

FileSubtype
0

ProductVersionNumber
3.3.6.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 1d540842e652ae3e0b89ac0589e602ac
SHA1 2d797ff009b9c566cec64326fe7722b4409d91eb
SHA256 3e8e2946ba1b848e9a8c3e4694255d1375deb41d576dad52c02148714940a746
ssdeep
24576:HFE//Tct4bOsog7j3V8ZlxcpDnkEWxyDCa765PqBcllT0:lSVN/OZM1kaDb4qBcjT0

authentihash ea0592b9d93559753a11828911da12ea379f06c51d31b231c21d46ab350cb541
imphash 77b2e5e9b52fbef7638f64ab65f0c58c
Tamaño del fichero 1.0 MB ( 1061009 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.6%)
UPX compressed Win32 Executable (5.2%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2014-05-13 07:50:03 UTC ( hace 5 años )
Last submission 2015-12-17 20:12:30 UTC ( hace 3 años, 5 meses )
Nombres ofinor_remote.exe
InstantSupport.exe
3e8e2946ba1b848e9a8c3e4694255d1375deb41d576dad52c02148714940a746.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections