× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 63c60e798a5738e10cb6fda1975c360d9889b4c437c2c04bd20ec967926c9b7e
Nombre: Dextroyer.exe
Detecciones: 15 / 71
Fecha de análisis: 2019-02-27 14:38:42 UTC ( hace 2 meses, 3 semanas )
Antivirus Resultado Actualización
Acronis suspicious 20190222
AegisLab Trojan.Win32.EquationDrug.tphT 20190227
Avira (no cloud) TR/Dropper.Gen 20190227
Bkav HW32.Packed. 20190227
ClamAV Win.Malware.Johnnie-6858836-0 20190227
CrowdStrike Falcon (ML) win/malicious_confidence_60% (D) 20190212
Cylance Unsafe 20190227
DrWeb SCRIPT.Virus 20190227
Endgame malicious (moderate confidence) 20190215
F-Secure Trojan.TR/Dropper.Gen 20190227
Sophos ML heuristic 20181128
Jiangmin Trojan.Qhost.it 20190227
Rising Malware.Heuristic.MLite(97%) (AI-LITE:Sfwo/iYMF4L0p4KGDBP2yw) 20190227
Trapmine malicious.high.ml.score 20190123
Zillya Trojan.SchoolGirl.Win32.86 20190227
Ad-Aware 20190227
AhnLab-V3 20190227
Alibaba 20180921
ALYac 20190227
Antiy-AVL 20190227
Arcabit 20190227
Avast 20190227
Avast-Mobile 20190227
AVG 20190227
Babable 20180918
Baidu 20190215
BitDefender 20190227
CAT-QuickHeal 20190225
CMC 20190227
Comodo 20190227
Cybereason 20190109
Cyren 20190227
eGambit 20190227
Emsisoft 20190227
ESET-NOD32 20190227
F-Prot 20190227
Fortinet 20190227
GData 20190227
Ikarus 20190227
K7AntiVirus 20190227
K7GW 20190227
Kaspersky 20190227
Kingsoft 20190227
Malwarebytes 20190227
MAX 20190227
McAfee 20190227
McAfee-GW-Edition 20190227
Microsoft 20190227
eScan 20190227
NANO-Antivirus 20190227
Palo Alto Networks (Known Signatures) 20190227
Panda 20190227
Qihoo-360 20190227
SentinelOne (Static ML) 20190203
Sophos AV 20190227
SUPERAntiSpyware 20190220
Symantec 20190227
Symantec Mobile Insight 20190220
TACHYON 20190227
Tencent 20190227
TheHacker 20190225
TotalDefense 20190227
TrendMicro 20190227
TrendMicro-HouseCall 20190227
Trustlook 20190227
VBA32 20190227
VIPRE 20190227
ViRobot 20190227
Webroot 20190227
Yandex 20190226
ZoneAlarm by Check Point 20190227
Zoner 20190227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2019

Product Dextroyer
Original name dextroyer.exe
Internal name ams_runtime
File version 1.0.0.0
Description Dextroyer
Comments Maravento.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001A238
Number of sections 8
PE sections
Overlays
MD5 cd8145e2e1b58f25903dfc45d0e7bf0e
File type application/x-locale
Offset 161792
Size 8178081
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SelectObject
GetTextExtentPoint32A
CreateFontA
TextOutA
ExtTextOutA
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
GetSystemDefaultLangID
ExitProcess
GetThreadLocale
GetVersionExA
GlobalUnlock
GetModuleFileNameA
GetFileSize
RtlUnwind
RemoveDirectoryA
GetLocalTime
GlobalHandle
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
CreateEventA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
SetFileTime
ExpandEnvironmentStringsA
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
DeleteFileA
WriteFile
EnumCalendarInfoA
ReadFile
ResetEvent
lstrcpynA
FindNextFileA
GetACP
GetDiskFreeSpaceA
MoveFileExA
GetCurrentThreadId
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
GetExitCodeProcess
InitializeCriticalSection
CompareStringA
VirtualQuery
VirtualFree
LocalFileTimeToFileTime
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
SetCurrentDirectoryA
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
DrawEdge
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
EndPaint
DestroyWindow
CharNextA
CharUpperBuffA
MessageBoxA
PeekMessageA
BeginPaint
CharToOemA
DefWindowProcA
InvalidateRect
GetKeyboardType
GetSysColor
RegisterClassExA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 3
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 4
PE resources
ExifTool file metadata
LegalTrademarks
Maravento Studio

SubsystemVersion
4.0

Comments
Maravento.com

InitializedDataSize
53248

ImageVersion
0.0

ProductName
Dextroyer

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
ASCII

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
dextroyer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ams_runtime

ProductVersion
1.0.0.0

FileDescription
Dextroyer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2019

MachineType
Intel 386 or later, and compatibles

CompanyName
Maravento

CodeSize
107520

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1a238

ObjectFileType
Executable application

File identification
MD5 8ef292df9f2f507013fbf7fad0b43c55
SHA1 7111bf07ed721fc30193d05d99759bb9c3997431
SHA256 63c60e798a5738e10cb6fda1975c360d9889b4c437c2c04bd20ec967926c9b7e
ssdeep
196608:HezCc6n3F4pVnCil+g7OmvuX/SyTXErXs9yBYbnkQXU9Z9:HqR63KpVnFnUSmUMJ1XUZ

authentihash 3edde2e680cbb3c8bda4a92f86a274315686587ba0b1b28e7f82db263e9582c9
imphash de1fa96ad5bc81910ffb7ed552e29d0d
Tamaño del fichero 8.0 MB ( 8339873 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (93.8%)
Win32 Executable Delphi generic (2.0%)
DOS Borland compiled Executable (generic) (1.4%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-27 14:38:42 UTC ( hace 2 meses, 3 semanas )
Last submission 2019-02-27 14:38:42 UTC ( hace 2 meses, 3 semanas )
Nombres dextroyer.exe
ams_runtime
Dextroyer.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.