× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 89afba3a88fa9b355ce1cf2a04b6196cbcbfb4feb38f202828303c3265d85aae
Nombre: Paluego 1.2.4.exe
Detecciones: 2 / 51
Fecha de análisis: 2016-07-15 12:15:49 UTC ( hace 2 años, 8 meses ) Ver el más reciente
Antivirus Resultado Actualización
Panda Trj/GdSda.A 20160714
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20160715
Ad-Aware 20160715
AegisLab 20160715
AhnLab-V3 20160715
Alibaba 20160715
ALYac 20160715
Antiy-AVL 20160715
Arcabit 20160715
Avast 20160715
AVG 20160715
AVware 20160715
Baidu 20160715
BitDefender 20160715
Bkav 20160715
CAT-QuickHeal 20160715
ClamAV 20160715
CMC 20160715
Comodo 20160715
Cyren 20160715
DrWeb 20160715
Emsisoft 20160715
ESET-NOD32 20160715
F-Prot 20160715
F-Secure 20160715
Fortinet 20160715
GData 20160715
Ikarus 20160715
Jiangmin 20160715
K7AntiVirus 20160715
K7GW 20160715
Kaspersky 20160715
Kingsoft 20160715
Malwarebytes 20160715
McAfee 20160715
McAfee-GW-Edition 20160715
Microsoft 20160715
eScan 20160715
NANO-Antivirus 20160715
nProtect 20160715
Sophos AV 20160715
Symantec 20160715
Tencent 20160715
TheHacker 20160714
TrendMicro 20160715
TrendMicro-HouseCall 20160715
VBA32 20160715
VIPRE 20160715
ViRobot 20160715
Zillya 20160715
Zoner 20160715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Pa'luego
Original name Paluego 1.2.4.exe
Internal name Paluego 1.2.4
File version 1.02.0004
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-15 11:24:08
Entry Point 0x000019C0
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(616)
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaVarAnd
__vbaRedim
Ord(537)
__vbaRecDestruct
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaR8Str
_CIlog
Ord(595)
_adj_fptan
__vbaFileClose
__vbaRecUniToAnsi
__vbaAryCopy
__vbaFreeStr
Ord(631)
__vbaStrR8
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(617)
Ord(648)
__vbaI4Str
Ord(607)
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
_adj_fprem1
__vbaLbound
__vbaR4Str
__vbaFileOpen
_CIsin
Ord(606)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
__vbaStrCmp
Ord(570)
__vbaAryUnlock
__vbaFreeObjList
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(573)
_CIcos
Ord(713)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
Ord(621)
Ord(619)
_adj_fdiv_m32
Ord(685)
Ord(712)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaRecDestructAnsi
Ord(519)
__vbaUI1I4
__vbaUI1I2
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
Ord(529)
__vbaObjSet
__vbaVarCat
__vbaFileCloseAll
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
SPANISH MODERN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.2

FileSubtype
0

FileVersionNumber
1.2.0.4

LanguageCode
Spanish (Modern)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x19c0

OriginalFileName
Paluego 1.2.4.exe

MIMEType
application/octet-stream

FileVersion
1.02.0004

TimeStamp
2016:07:15 12:24:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Paluego 1.2.4

ProductVersion
1.02.0004

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
YAO

CodeSize
167936

ProductName
Pa'luego

ProductVersionNumber
1.2.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f092de5cfc50d072d0b2e7d5be483759
SHA1 fb06ef28ac812ba6ea263b39cc98cefe992f8804
SHA256 89afba3a88fa9b355ce1cf2a04b6196cbcbfb4feb38f202828303c3265d85aae
ssdeep
3072:gW0LFY2+qXXHSzz4DIFhZIAGc0zKErLF:gW0W2+qHaAJr

authentihash 7b38d3d85e091647c323d6407fda07e744dce8aaccf27bf95d4f101991897d81
imphash 54ba508060674d2826bf218dd8cb38d4
Tamaño del fichero 192.0 KB ( 196608 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-15 11:25:04 UTC ( hace 2 años, 8 meses )
Last submission 2016-07-15 16:05:30 UTC ( hace 2 años, 8 meses )
Nombres Paluego 1.2.4.exe
Paluego 1.2.4
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.