× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: abbd035fffd42facc51a33d3dcf015d858a0d5eb570cb4ae9907a8303352497a
Detecciones: 22 / 67
Fecha de análisis: 2017-10-29 13:44:30 UTC ( hace 1 año, 4 meses ) Ver el más reciente
Antivirus Resultado Actualización
AhnLab-V3 Malware/Win32.Generic.R211587 20171029
Avast FileRepMalware 20171029
AVG FileRepMalware 20171029
Avira (no cloud) TR/Crypt.Xpack.zmjbt 20171029
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171027
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cylance Unsafe 20171029
eGambit Unsafe.AI_Score_92% 20171029
ESET-NOD32 a variant of Win32/GenKryptik.BBRV 20171029
Fortinet W32/GenKryptik.AZRU!tr 20171029
Ikarus Win32.Outbreak 20171029
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Dovs.avf 20171029
McAfee Artemis!5E475DA74DA3 20171029
McAfee-GW-Edition BehavesLike.Win32.Ramnit.nh 20171029
Palo Alto Networks (Known Signatures) generic.ml 20171029
Panda Trj/RnkBend.A 20171029
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171029
TrendMicro-HouseCall Suspicious_GEN.F47V1029 20171029
Webroot W32.Trojan.Emotet 20171029
ZoneAlarm by Check Point Trojan.Win32.Dovs.avf 20171029
Ad-Aware 20171029
AegisLab 20171029
Alibaba 20170911
ALYac 20171028
Antiy-AVL 20171029
Arcabit 20171029
Avast-Mobile 20171029
AVware 20171029
BitDefender 20171029
Bkav 20171029
CAT-QuickHeal 20171028
ClamAV 20171029
CMC 20171029
Comodo 20171029
Cybereason 20170628
Cyren 20171029
DrWeb 20171029
Emsisoft 20171029
Endgame 20171024
F-Prot 20171029
F-Secure 20171029
GData 20171029
Jiangmin 20171029
K7AntiVirus 20171027
K7GW 20171029
Kingsoft 20171029
Malwarebytes 20171029
MAX 20171029
Microsoft 20171029
eScan 20171029
NANO-Antivirus 20171029
nProtect 20171029
Qihoo-360 20171029
Rising 20171029
SUPERAntiSpyware 20171029
Symantec 20171028
Symantec Mobile Insight 20171027
Tencent 20171029
TheHacker 20171028
TrendMicro 20171029
Trustlook 20171029
VBA32 20171027
VIPRE 20171029
ViRobot 20171029
WhiteArmor 20171024
Yandex 20171027
Zillya 20171027
Zoner 20171029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name xInfo.DLL
Internal name xInfo
File version 1.01
Description PEiD Plugin
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-29 09:30:27
Entry Point 0x00001650
Number of sections 7
PE sections
PE imports
RegOpenCurrentUser
GetKernelObjectSecurity
GetUserNameW
EnumEnhMetaFile
CreateWaitableTimerW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcatA
GetCurrentThreadId
FillConsoleOutputCharacterW
GetComputerNameA
GetCommandLineA
GetTapePosition
lstrlenW
LeaveCriticalSection
MprAdminGetErrorString
SetupDiGetClassDevPropertySheetsW
PathCompactPathW
StrFormatKBSizeA
PathIsFileSpecW
PathIsFileSpecA
StrStrIW
PathFileExistsA
IsCharAlphaNumericA
GetClassInfoA
PeekMessageW
EmptyClipboard
CharUpperW
GetClientRect
LoadCursorA
DragDetect
PostThreadMessageA
midiOutGetDevCapsW
midiStreamOpen
timeKillEvent
mixerGetLineControlsW
CoGetMalloc
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
HEBREW DEFAULT 3
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.1.0

LanguageCode
English (British)

FileFlagsMask
0x0000

FileDescription
PEiD Plugin

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
38912

EntryPoint
0x1650

OriginalFileName
xInfo.DLL

MIMEType
application/octet-stream

FileVersion
1.01

TimeStamp
2017:10:29 10:30:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xInfo

ProductVersion
1.01

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BobSoft

CodeSize
24576

FileSubtype
0

ProductVersionNumber
1.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 5e475da74da3b6acf43292516e9997d4
SHA1 c05e74ac7040098193d6a872058eaf9bf2afd182
SHA256 abbd035fffd42facc51a33d3dcf015d858a0d5eb570cb4ae9907a8303352497a
ssdeep
1536:QBC7ZST1l9/uQ4dnjR+RT/LWZXhfeHzXlH3sqOnWL:i9/ur1sRzQ5eJsxW

authentihash 55359c603d3af35382e72df00bf943627eb64a93a4f19955208f7b2659915b67
imphash e16820e560b44e6525be33633f77df4f
Tamaño del fichero 92.0 KB ( 94208 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-29 00:37:54 UTC ( hace 1 año, 4 meses )
Last submission 2018-02-20 11:01:04 UTC ( hace 1 año )
Nombres 42656728.exe
MHgzy.exe
xInfo.DLL
procncb(62).gxe
hostservice.exe
44951824.exe
35055176.exe
xInfo
svcwindow.exe
XKsRmDyzBXP.exe
eJSlscP.exe
RKXZ.exe
29680480.exe
42656672.exe
unknown
1002-c05e74ac7040098193d6a872058eaf9bf2afd182
netnvidia.exe
37544560.exe
82zn6eTzQB5zQd.exe
asTbEV.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications