× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 58bfc31c661b48944f73be149fa4805e6283a41f803d3ca49d37ae8bd4387bc5
Nombre: Xenesis ByForce&ZAHI.exe
Detecciones: 6 / 47
Fecha de análisis: 2013-10-22 05:58:45 UTC ( hace 5 años, 7 meses ) Ver el más reciente
Antivirus Resultado Actualización
AntiVir TR/Black.Gen2 20131022
AVG Win32/Blacked.dropper 20131021
Ikarus Trojan.Win32.VkHost 20131022
Kaspersky HEUR:Trojan.Win32.Generic 20131022
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.O 20131022
Sophos AV Mal/VMProtBad-A 20131022
Yandex 20131021
AhnLab-V3 20131021
Antiy-AVL 20131022
Avast 20131022
Baidu-International 20131021
BitDefender 20131012
Bkav 20131021
ByteHero 20131011
CAT-QuickHeal 20131022
ClamAV 20131022
Commtouch 20131022
Comodo 20131022
DrWeb 20131022
Emsisoft 20131022
ESET-NOD32 20131021
F-Prot 20131022
F-Secure 20131022
Fortinet 20131022
GData 20131022
Jiangmin 20131022
K7AntiVirus 20131021
K7GW 20131021
Kingsoft 20130829
Malwarebytes 20131022
McAfee 20131022
Microsoft 20131022
eScan 20131022
NANO-Antivirus 20131022
Norman 20131021
nProtect 20131022
Panda 20131021
PCTools 20131002
Rising 20131022
SUPERAntiSpyware 20131022
Symantec 20131022
TheHacker 20131021
TotalDefense 20131021
TrendMicro 20131022
TrendMicro-HouseCall 20131022
VBA32 20131021
VIPRE 20131022
ViRobot 20131022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0038DAC0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
OleDraw
VariantCopy
SHGetFileInfoA
VerQueryValueA
Number of PE resources by type
RT_STRING 32
RT_BITMAP 27
RT_RCDATA 17
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 6
RT_DIALOG 1
ORIG1 1
LOADER1 1
CHEAT1 1
INJCT1 1
OBT1 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 71
SPANISH VENEZUELA 12
ENGLISH US 11
ENGLISH NEUTRAL 7
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2011136

LinkerVersion
2.25

EntryPoint
0x38dac0

InitializedDataSize
192512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1712128

PE resource-wise parents
File identification
MD5 1882f60e01a8feb72bae36edc8d0bf3a
SHA1 f938309f6f77f65444ba4b8819e893e9925aa240
SHA256 58bfc31c661b48944f73be149fa4805e6283a41f803d3ca49d37ae8bd4387bc5
ssdeep
49152:nLdHf2vKhzfFjqGgvP/AbhYKjFwuPp/2dUFd+szGdug//wHrLDVlIjspRtgq:nLl2ihzf4GgvPYbhrjFwuPp/EUuszcu

Tamaño del fichero 2.1 MB ( 2202624 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (45.1%)
Win32 EXE Yoda's Crypter (39.2%)
Win32 Executable (generic) (6.6%)
Win16/32 Executable Delphi generic (3.0%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-10-22 05:58:45 UTC ( hace 5 años, 7 meses )
Last submission 2013-10-31 22:18:31 UTC ( hace 5 años, 6 meses )
Nombres file-6114321_exe
Xenesis ByForce
Xenesis ByForce&ZAHI.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!