× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: ddb4adf5dff5656673bf90e37ff397cb0736c68225ae8f4d17ee17f83c723994
Nombre: MobaLiveCD_v2.1.exe
Detecciones: 0 / 54
Fecha de análisis: 2016-02-12 07:31:17 UTC ( hace 1 día, 7 horas )
Probablemente inofensivo Todo indica que este archivo es seguro.
Antivirus Resultado Actualización
ALYac 20160211
AVG 20160212
Ad-Aware 20160212
AegisLab 20160212
Agnitum 20160211
AhnLab-V3 20160211
Alibaba 20160204
Antiy-AVL 20160211
Arcabit 20160212
Avast 20160212
Avira 20160212
Baidu-International 20160211
BitDefender 20160212
Bkav 20160204
ByteHero 20160212
CAT-QuickHeal 20160212
CMC 20160205
ClamAV 20160212
Comodo 20160211
Cyren 20160212
DrWeb 20160212
ESET-NOD32 20160212
Emsisoft 20160212
F-Prot 20160212
F-Secure 20160212
Fortinet 20160211
GData 20160212
Ikarus 20160212
Jiangmin 20160212
K7AntiVirus 20160212
K7GW 20160212
Kaspersky 20160212
Malwarebytes 20160212
McAfee 20160212
McAfee-GW-Edition 20160212
MicroWorld-eScan 20160212
Microsoft 20160212
NANO-Antivirus 20160212
Panda 20160210
Qihoo-360 20160212
Rising 20160212
SUPERAntiSpyware 20160212
Sophos 20160212
Symantec 20160211
Tencent 20160212
TheHacker 20160212
TrendMicro 20160212
TrendMicro-HouseCall 20160212
VBA32 20160211
VIPRE 20160212
ViRobot 20160212
Zillya 20160211
Zoner 20160212
nProtect 20160211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
mobatek.net

Product MobaLiveCD
Original name MobaLiveCD
Internal name MobaLiveCD
File version 2.0
Description LiveCD emulation
Comments Free software (GPL license)
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x00449C20
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ImageList_Add
GetSaveFileNameA
SaveDC
WNetGetConnectionA
GradientFill
CoInitialize
VariantCopy
SHGetMalloc
VerQueryValueA
Number of PE resources by type
EXEFILE 47
RT_STRING 29
RT_BITMAP 22
RT_RCDATA 10
RT_GROUP_CURSOR 9
RT_CURSOR 9
RT_ICON 5
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 66
FRENCH 53
ENGLISH NEUTRAL 7
GERMAN 4
RUSSIAN 3
ENGLISH US 1
ExifTool file metadata
LegalTrademarks
mobatek.net

SubsystemVersion
4.0

Comments
Free software (GPL license)

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LiveCD emulation

CharacterSet
Windows, Latin1

InitializedDataSize
45056

EntryPoint
0x449c20

OriginalFileName
MobaLiveCD

MIMEType
application/octet-stream

LegalCopyright
mobatek.net

FileVersion
2.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MobaLiveCD

ProductVersion
2.0

UninitializedDataSize
2936832

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mobatek

CodeSize
1556480

ProductName
MobaLiveCD

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 2b6637697de9274eed353fc9244ca575
SHA1 e7a6ca60d13019f7d87f42f4618d8b232e92d0cd
SHA256 ddb4adf5dff5656673bf90e37ff397cb0736c68225ae8f4d17ee17f83c723994
ssdeep
24576:fCEyfdSNMdV+54yudlHW5OKJzipqkZF+9V5F37R/moxUEYcccDDPicbDBO:6Eyfdl8tudE5O43NumqiPicbDBO

authentihash fd5f3fa3204b29d631b7265d318b077c47933f9cfe8397e49af10672168f01b0
imphash 4310e014f0c49587cf0faeb0c2385fb7
Tamaño del fichero 1.5 MB ( 1601024 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe via-tor upx software-collection

VirusTotal metadata
First submission 2009-09-02 15:05:38 UTC ( hace 6 años, 5 meses )
Last submission 2016-02-12 07:31:17 UTC ( hace 1 día, 7 horas )
Nombres e7a6ca60d13019f7d87f42f4618d8b232e92d0cd
file
smona131263307520389678815
MobaLiveCD_v2.1.exe
smona127449435193756735081
mobalivecd-2393-jetelecharge.exe
moba live cd.exe
MobaLiveCD_2.1.exe
MobaLiveCD_v2.1.exe
MobaLiveCD_v2.1 (1).exe
MobaLiveCD_v2.1 (testUSB).exe
MobaLiveCD_v2.1.exe
MobaLiveCD_v2.1.exe
MobaLiveCD_v2.1[1].exe
781619-MobaLiveCD_v2.1.exe
smona131572549030742240628
smona_ddb4adf5dff5656673bf90e37ff397cb0736c68225ae8f4d17ee17f83c723994.bin
myfile
MobaLiveCD_v2.1.exe
filename
file
MobaLiveCD_v2.1(Kiem tra tinh khoi dong cua CD or USB Flash drive).exe
mobalivecd-2.1.exe
C385BD430010AEC06E6B18CF65EF6600D099C8DA.exe
mobalivecd_2-1_fr_371404.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!