× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 7ae9aae77884ac0baa2f8168b3ed4de0c0c9834a42d8e5a775f47a2c66cec237
Nombre: utiwmtkx.sys
Detecciones: 11 / 56
Fecha de análisis: 2015-01-13 03:50:25 UTC ( hace 4 años, 2 meses ) Ver el más reciente
Antivirus Resultado Actualización
AegisLab Troj.Agent 20150113
ALYac Trojan.Downloader.Bagle-KF 20150113
Antiy-AVL Trojan/Win32.SGeneric 20150112
Bkav W32.LmirESys3.Rootkit 20150112
ClamAV Trojan.Agent-66914 20150113
Cyren W32/Bagle.TGIN-4537 20150113
F-Prot W32/Bagle.IJ 20150113
K7AntiVirus Trojan ( 0001140e1 ) 20150112
K7GW Trojan ( 0001140e1 ) 20150112
Rising PE:Trojan.Win32.Generic.1273D2DC!309580508 20150112
ViRobot Trojan.Win32.Bagle.7168[h] 20150112
Ad-Aware 20150113
Yandex 20150112
AhnLab-V3 20150112
Avast 20150113
AVG 20150113
Avira (no cloud) 20150110
AVware 20150113
Baidu-International 20150112
BitDefender 20150113
ByteHero 20150113
CAT-QuickHeal 20150112
CMC 20150109
Comodo 20150113
DrWeb 20150113
Emsisoft 20150113
ESET-NOD32 20150112
F-Secure 20150113
Fortinet 20150111
GData 20150113
Ikarus 20150113
Jiangmin 20150112
Kaspersky 20150113
Kingsoft 20150113
Malwarebytes 20150113
McAfee 20150113
McAfee-GW-Edition 20150113
Microsoft 20150113
eScan 20150113
NANO-Antivirus 20150113
Norman 20150112
nProtect 20150112
Panda 20150112
Qihoo-360 20150113
Sophos AV 20150113
SUPERAntiSpyware 20150113
Symantec 20150113
Tencent 20150113
TheHacker 20150112
TotalDefense 20150112
TrendMicro 20150113
TrendMicro-HouseCall 20150113
VBA32 20150112
VIPRE 20150113
Zillya 20150112
Zoner 20150112
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
FileVersionInfo properties
Copyright
Zaitsev Oleg, Copyright (C) 2004-2006

Product AVZ Driver
Original name avz.sys
Internal name avz.sys
File version 1, 2, 0, 0
Description AVZ Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-12 14:51:59
Entry Point 0x00001990
Number of sections 6
PE sections
PE imports
KeRaiseIrqlToDpcLevel
KfLowerIrql
_except_handler3
RtlInitUnicodeString
MmBuildMdlForNonPagedPool
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoCreateDevice
MmProbeAndLockPages
ObReferenceObjectByName
PsGetCurrentProcessId
MmMapLockedPagesSpecifyCache
MmIsAddressValid
IoGetCurrentProcess
IoAllocateMdl
ObfDereferenceObject
IoFreeMdl
IoDriverObjectType
KeServiceDescriptorTable
MmUnlockPages
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.0

LanguageCode
Russian

FileFlagsMask
0x0017

FileDescription
AVZ Driver

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x1990

OriginalFileName
avz.sys

MIMEType
application/octet-stream

LegalCopyright
Zaitsev Oleg, Copyright (C) 2004-2006

FileVersion
1, 2, 0, 0

TimeStamp
2008:01:12 15:51:59+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
avz.sys

ProductVersion
1, 2, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CodeSize
3584

ProductName
AVZ Driver

ProductVersionNumber
1.2.0.0

FileTypeExtension
dll

ObjectFileType
Driver

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 524d8d450622db4a7875b111c299a76b
SHA1 fe22db1e0b864e77baeca5520c05c42431784fd8
SHA256 7ae9aae77884ac0baa2f8168b3ed4de0c0c9834a42d8e5a775f47a2c66cec237
ssdeep
96:wQQovxXZHQ7SioGfU2zSVeUvaUOPLNI8n1Sw1xJj0o:w+PQ/oV2z2eaaUOW8RI

authentihash e9dc3edbd6691ab2622c75e56978f25f2bd19723946230e019568611ade638e7
imphash 3fe3e8c9c493d0f9964271bdf019d9ab
Tamaño del fichero 7.0 KB ( 7168 bytes )
Tipo Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
via-tor pedll native

VirusTotal metadata
First submission 2009-01-30 14:00:58 UTC ( hace 10 años, 1 mes )
Last submission 2019-02-22 10:25:43 UTC ( hace 3 semanas, 5 días )
Nombres utqxnjq3.sys
utkynja5.sys
utqyotg4.sys
utmymzg1.sys
utm0mzqz.sys
utezote5.sys
utiznzu5.sys
ute3otax.sys
utm0mtc3.sys
utmwmzcw.sys
utixnze5.sys
utmymtaz.sys
uteynzmw.sys
utezodc5.sys
utq4nzcx.sys
utmyndm0.sys
UTQXNZAX.SYS
utm0otgz.sys
utixotq0.sys
utm5ndg1.sys
utqxodiz.sys
utiymty5.sys
utqwmzcy.sys
srosa2.sys
uti1mjk3.sys
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!