× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: c26d4297e986cbcfd9dae0f105d2549b03d0710aa61d9fb21cfec769c53bc407
Nombre: Pago de nomina impuestos vencidos.exe
Detecciones: 14 / 56
Fecha de análisis: 2016-11-09 19:10:56 UTC ( hace 4 meses, 3 semanas ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Gen:Variant.Symmi.58536 20161109
AegisLab Packer.W32.Black.lia7 20161109
ALYac Gen:Variant.Symmi.58536 20161109
Arcabit Trojan.Symmi.DE4A8 20161109
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9983 20161109
BitDefender Gen:Variant.Symmi.58536 20161109
Bkav HW32.Packed.AA8E 20161109
CrowdStrike Falcon (ML) malicious_confidence_79% (D) 20161024
Emsisoft Gen:Variant.Symmi.58536 (B) 20161109
F-Secure Gen:Variant.Symmi.58536 20161109
GData Gen:Variant.Symmi.58536 20161109
Invincea trojan.win32.skeeyah.a!rfn 20161018
eScan Gen:Variant.Symmi.58536 20161109
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161109
AhnLab-V3 20161109
Alibaba 20161109
Antiy-AVL 20161109
Avast 20161109
AVG 20161109
Avira (no cloud) 20161109
AVware 20161109
CAT-QuickHeal 20161109
ClamAV 20161109
CMC 20161109
Comodo 20161109
Cyren 20161109
DrWeb 20161109
ESET-NOD32 20161109
F-Prot 20161109
Fortinet 20161109
Ikarus 20161109
Jiangmin 20161109
K7AntiVirus 20161108
K7GW 20161109
Kaspersky 20161109
Kingsoft 20161109
Malwarebytes 20161109
McAfee 20161109
McAfee-GW-Edition 20161109
Microsoft 20161109
NANO-Antivirus 20161109
nProtect 20161109
Panda 20161109
Rising 20161109
Sophos 20161109
SUPERAntiSpyware 20161109
Symantec 20161109
Tencent 20161109
TheHacker 20161109
TrendMicro 20161109
TrendMicro-HouseCall 20161109
VBA32 20161109
VIPRE 20161109
ViRobot 20161109
Yandex 20161109
Zillya 20161108
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 10:17 AM 11/11/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-31 11:38:14
Entry Point 0x00307000
Number of sections 6
PE sections
Overlays
MD5 4b03d5403d832c5a9bff4c038029344b
File type data
Offset 1728512
Size 4912
Entropy 7.07
PE imports
InitCommonControls
Number of PE resources by type
RT_BITMAP 23
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH *unknown* 23
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
643072

ImageVersion
1.0

ProductName
lollivar orbitolite

FileVersionNumber
6.5.9.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
elaeagnaceae.exe

MIMEType
application/octet-stream

FileVersion
6.599

TimeStamp
2016:10:31 12:38:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
elaeagnaceae

ProductVersion
1.976

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0x9)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
36864

FileSubtype
0

ProductVersionNumber
1.9.7.6

EntryPoint
0x307000

ObjectFileType
Unknown (9)

File identification
MD5 7551ae065c9530b041e55104a11255a9
SHA1 50e09a720911d179499ce2fbb1ae0c2276a7351f
SHA256 c26d4297e986cbcfd9dae0f105d2549b03d0710aa61d9fb21cfec769c53bc407
ssdeep
49152:lIsL8GqrRLwcCLbdeVXDGLXVvLMd1/O8kpZde:lRQHKNLwNDGLFvLM/BkpLe

authentihash 45075ede3436a72c276d382ed6608421612c9e1f389d0e90a37c3e04f1a4cada
imphash baa93d47220682c04d92f7797d9224ce
Tamaño del fichero 1.7 MB ( 1733424 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-09 19:10:56 UTC ( hace 4 meses, 3 semanas )
Last submission 2016-11-09 19:10:56 UTC ( hace 4 meses, 3 semanas )
Nombres Pago de nomina impuestos vencidos.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications