× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: aea189ff401947025eb600fb015e90ba962a82011e943d5d4a1b124c92836751
Nombre: payload(1).exe
Detecciones: 13 / 70
Fecha de análisis: 2019-01-16 20:53:35 UTC ( hace 4 meses, 1 semana ) Ver el más reciente
Antivirus Resultado Actualización
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190116
eGambit Unsafe.AI_Score_77% 20190116
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee GenericRXGU-PR!ED5E99CDCCE1 20190116
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20190116
Microsoft Trojan:Win32/Fuerboos.C!cl 20190116
Qihoo-360 HEUR/QVM10.1.97B1.Malware.Gen 20190116
Rising Trojan.Fuerboos!8.EFC8/N3#92% (RDM+:cmRtazp5NZ4Vcy0RxIaMT5LExIAM) 20190116
Symantec ML.Attribute.HighConfidence 20190116
Trapmine malicious.high.ml.score 20190103
Webroot W32.Adware.Installcore 20190116
Acronis 20190116
Ad-Aware 20190116
AegisLab 20190116
AhnLab-V3 20190116
Alibaba 20180921
ALYac 20190116
Antiy-AVL 20190116
Arcabit 20190116
Avast 20190116
Avast-Mobile 20190116
AVG 20190116
Avira (no cloud) 20190116
Babable 20180918
Baidu 20190116
BitDefender 20190116
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190116
CMC 20190116
Comodo 20190116
Cybereason 20190109
Cyren 20190116
DrWeb 20190116
Emsisoft 20190116
ESET-NOD32 20190116
F-Prot 20190116
F-Secure 20190116
Fortinet 20190116
GData 20190116
Ikarus 20190116
Jiangmin 20190116
K7AntiVirus 20190116
K7GW 20190116
Kaspersky 20190116
Kingsoft 20190116
Malwarebytes 20190116
MAX 20190116
eScan 20190116
NANO-Antivirus 20190116
Palo Alto Networks (Known Signatures) 20190116
Panda 20190116
SentinelOne (Static ML) 20181223
Sophos AV 20190116
SUPERAntiSpyware 20190109
TACHYON 20190116
Tencent 20190116
TheHacker 20190115
TrendMicro 20190116
TrendMicro-HouseCall 20190116
Trustlook 20190116
VBA32 20190116
VIPRE 20190116
ViRobot 20190116
Yandex 20190116
Zillya 20190115
ZoneAlarm by Check Point 20190116
Zoner 20190116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-25 18:59:25
Entry Point 0x00004D6E
Number of sections 6
PE sections
PE imports
GetSecurityDescriptorDacl
InitiateSystemShutdownW
LookupPrivilegeNameA
SetBkColor
EndPath
FillPath
StretchDIBits
GetNativeSystemInfo
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
TerminateThread
GetThreadPriorityBoost
GetModuleFileNameW
GetDriveTypeA
LCMapStringA
IsDebuggerPresent
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
HeapAlloc
GetCommTimeouts
GetWindowsDirectoryW
GetLocaleInfoA
GetCurrentProcessId
MapViewOfFileEx
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
SetCommMask
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
TlsFree
HeapSize
RaiseException
GetCPInfo
GetStringTypeA
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetProcessWorkingSetSize
GetThreadTimes
DuplicateHandle
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetProcessAffinityMask
QueryPerformanceCounter
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
LocalFileTimeToFileTime
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
SetComputerNameExW
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
SetLastError
InterlockedIncrement
GradientFill
GetMenuInfo
GetScrollRange
EnableScrollBar
GetFocus
GetWindowTextA
GetPropA
Number of PE resources by type
RT_ICON 8
CAMIBEZIVEHUDUNINEXAWUVOFAPEXA 1
RT_STRING 1
DAGOSOSEPUDAHEME 1
RT_ACCELERATOR 1
RT_BITMAP 1
BAJIRASULARULEGAFEFOJIXEJALUGI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
122368

EntryPoint
0x4d6e

MIMEType
application/octet-stream

TimeStamp
2017:07:25 19:59:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gapudileh.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
139776

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ed5e99cdcce189bbc471ddee5bf04444
SHA1 4614542926ec25be04e4095e52dc91dc4c53dfbc
SHA256 aea189ff401947025eb600fb015e90ba962a82011e943d5d4a1b124c92836751
ssdeep
6144:2VhQH2Li7JZNfvXk9iKdtKp9Cv1nwJNybM:2VPSDlk9Hzpwa4

authentihash e016efaacd9d767d3195b3fcc767a2f0cb696831c7f3821633cb5fc68120c016
imphash 753337159e6fa84e80332f20f98ff321
Tamaño del fichero 254.0 KB ( 260096 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-16 20:53:35 UTC ( hace 4 meses, 1 semana )
Last submission 2019-01-16 20:53:35 UTC ( hace 4 meses, 1 semana )
Nombres payload(1).exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections