× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 49cd85dd010f83588fb60d1e60684877a515f363267cce5d5f0d0507a78392cd
Nombre: POSNumBot_baked.ex_
Detecciones: 22 / 62
Fecha de análisis: 2017-07-12 16:37:50 UTC ( hace 1 año, 7 meses ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Gen:Trojan.Heur.RP.hqW@aqvqTPd 20170712
Arcabit Trojan.Heur.RP.ED17B4A 20170712
Avast Win32:Poseidon-L [Trj] 20170712
AVG Win32:Poseidon-L [Trj] 20170712
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170712
BitDefender Gen:Trojan.Heur.RP.hqW@aqvqTPd 20170712
Bkav W32.eHeur.Malware00 20170712
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cylance Unsafe 20170712
DrWeb Trojan.FindStr.28 20170712
Emsisoft Gen:Trojan.Heur.RP.hqW@aqvqTPd (B) 20170712
Endgame malicious (high confidence) 20170706
ESET-NOD32 a variant of Win32/Agent.QTJ 20170712
F-Secure Gen:Trojan.Heur.RP.hqW@aqvqTPd 20170712
GData Gen:Trojan.Heur.RP.hqW@aqvqTPd 20170712
Kaspersky Trojan-Ransom.Win32.PornoAsset.czts 20170712
MAX malware (ai score=86) 20170712
McAfee-GW-Edition BehavesLike.Win32.PUPXAQ.ch 20170712
eScan Gen:Trojan.Heur.RP.hqW@aqvqTPd 20170712
Panda Trj/Genetic.gen 20170712
Rising Malware.Heuristic!ET#98% (rdm+) 20170712
ZoneAlarm by Check Point Trojan-Ransom.Win32.PornoAsset.czts 20170712
AegisLab 20170712
AhnLab-V3 20170712
Alibaba 20170712
ALYac 20170712
Antiy-AVL 20170712
Avira (no cloud) 20170712
AVware 20170712
CAT-QuickHeal 20170712
ClamAV 20170712
CMC 20170712
Comodo 20170712
Cyren 20170712
F-Prot 20170712
Fortinet 20170629
Ikarus 20170712
Sophos ML 20170607
Jiangmin 20170712
K7AntiVirus 20170712
K7GW 20170712
Kingsoft 20170712
Malwarebytes 20170712
McAfee 20170712
Microsoft 20170712
NANO-Antivirus 20170712
nProtect 20170712
Palo Alto Networks (Known Signatures) 20170712
Qihoo-360 20170712
SentinelOne (Static ML) 20170516
Sophos AV 20170712
SUPERAntiSpyware 20170712
Symantec 20170712
Symantec Mobile Insight 20170712
Tencent 20170712
TheHacker 20170712
TrendMicro 20170712
TrendMicro-HouseCall 20170712
Trustlook 20170712
VBA32 20170712
VIPRE 20170712
ViRobot 20170712
Webroot 20170712
WhiteArmor 20170706
Yandex 20170712
Zoner 20170712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-17 06:37:40
Entry Point 0x00004F60
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
CryptHashData
CryptDecrypt
CryptDestroyHash
CryptCreateHash
GetAdaptersAddresses
HeapSize
GetLastError
IsValidCodePage
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
OpenProcess
GetSystemInfo
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetWindowsDirectoryA
GetConsoleMode
SetThreadPriority
GetCurrentProcessId
SetLastError
lstrcatA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
ReadProcessMemory
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
EncodePointer
GetCurrentThread
SetStdHandle
CreateMutexA
GetTempPathA
RaiseException
CreateThread
TlsFree
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetTempFileNameA
GetComputerNameA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
HeapAlloc
TerminateProcess
CreateProcessA
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
lstrcpyA
CreateFileW
VirtualFree
VirtualQueryEx
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetVersion
GetProcessHeap
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
EnumProcesses
GetWindowThreadProcessId
GetMessageA
ToAscii
CreateWindowExA
GetKeyboardState
wsprintfA
DispatchMessageA
GetKeyNameTextA
TranslateMessage
GetRawInputData
GetShellWindow
MapVirtualKeyA
RegisterRawInputDevices
PostQuitMessage
DefWindowProcA
GetKeyState
RegisterClassExA
HttpSendRequestA
InternetOpenUrlA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:17 07:37:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70144

LinkerVersion
12.0

EntryPoint
0x4f60

InitializedDataSize
56320

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 261532875decea7471fb673afd12092a
SHA1 4f29841730b4eaa7a188add6b75fde7ef675b6a7
SHA256 49cd85dd010f83588fb60d1e60684877a515f363267cce5d5f0d0507a78392cd
ssdeep
3072:4OVNMouVNfZN/wbFfX+XBbutqu2inFWM:1XANfZap+g2iFW

authentihash 40967860b270b7638a45c006cc652f9e831230bb3a04a75344b8ec3af9de949f
imphash 483167791cec6b22485561c7bf1eb736
Tamaño del fichero 116.5 KB ( 119296 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-12 16:37:50 UTC ( hace 1 año, 7 meses )
Last submission 2018-02-21 22:03:08 UTC ( hace 11 meses, 4 semanas )
Nombres POSNumBot_baked.ex_
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
UDP communications