× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: ec7746c8a3d0b37f838425ca51ed1b912c9d35d1e8daa0da22b16366d7044719
Nombre: 68e8a702.gxe
Detecciones: 39 / 70
Fecha de análisis: 2018-12-19 09:02:03 UTC ( hace 4 meses ) Ver el más reciente
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.40838491 20181219
AegisLab Trojan.Win32.Scarsi.4!c 20181219
Antiy-AVL Trojan/Win32.Scarsi 20181218
Arcabit Trojan.Generic.D26F255B 20181219
Avast Win32:Trojan-gen 20181219
AVG Win32:Trojan-gen 20181219
Avira (no cloud) TR/AD.MalwareCrypter.fxmlg 20181219
BitDefender Trojan.GenericKD.40838491 20181219
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181022
Cybereason malicious.246c8b 20180225
Cylance Unsafe 20181219
eGambit Unsafe.AI_Score_75% 20181219
Emsisoft Trojan.GenericKD.40838491 (B) 20181219
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNVT 20181219
F-Secure Trojan.GenericKD.40838491 20181219
Fortinet W32/Kryptik.GNVT!tr 20181219
GData Trojan.GenericKD.40838491 20181219
Ikarus Win32.Outbreak 20181219
K7AntiVirus Trojan ( 00543d331 ) 20181219
K7GW Trojan ( 00543d331 ) 20181219
Kaspersky Trojan.Win32.Scarsi.aukl 20181219
Malwarebytes Trojan.MalPack.GS 20181219
McAfee Packed-FPJ!68E8A70246C8 20181219
McAfee-GW-Edition BehavesLike.Win32.Generic.jh 20181219
Microsoft Program:Win32/Vigram.A 20181218
eScan Trojan.GenericKD.40838491 20181219
Palo Alto Networks (Known Signatures) generic.ml 20181219
Panda Trj/GdSda.A 20181219
Qihoo-360 Win32/Trojan.3fe 20181219
Rising Trojan.Kryptik!8.8 (CLOUD) 20181219
Symantec Trojan.Gen.MBT 20181219
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R04AC0WLI18 20181219
TrendMicro-HouseCall TROJ_GEN.R04AC0WLI18 20181219
VBA32 BScope.Trojan.Chapak 20181218
ViRobot Trojan.Win32.Z.Highconfidence.694510 20181218
Webroot W32.Trojan.Heur2.Jp.Qy3@ag7ng2d 20181219
ZoneAlarm by Check Point Trojan.Win32.Scarsi.aukl 20181219
Acronis 20180726
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Avast-Mobile 20181218
Babable 20180918
Baidu 20181207
Bkav 20181217
CAT-QuickHeal 20181218
ClamAV 20181219
CMC 20181218
Comodo 20181219
Cyren 20181219
DrWeb 20181219
F-Prot 20181219
Sophos ML 20181128
Jiangmin 20181219
Kingsoft 20181219
MAX 20181219
NANO-Antivirus 20181219
SentinelOne (Static ML) 20181011
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
Trustlook 20181219
Yandex 20181218
Zillya 20181217
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-20 21:42:56
Entry Point 0x0007BC16
Number of sections 6
PE sections
Overlays
MD5 248dfc2406c47e3fc7edbc8c97d7dab4
File type data
Offset 593408
Size 101102
Entropy 4.73
PE imports
ClearEventLogA
BackupEventLogW
ChangeServiceConfigA
CloseServiceHandle
SetViewportExtEx
EndPath
StretchBlt
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
FillConsoleOutputCharacterA
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetStdHandle
GetModuleFileNameA
RtlUnwind
ExitThread
FindFirstChangeNotificationW
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
InterlockedCompareExchange
GetLocaleInfoW
LeaveCriticalSection
GetModuleFileNameW
RaiseException
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
TlsFree
HeapSetInformation
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
EnumTimeFormatsW
DecodePointer
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
TlsGetValue
IsValidCodePage
HeapCreate
FindAtomA
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcAddress
ExitProcess
SetLastError
InterlockedIncrement
DragFinish
ShellExecuteA
MapVirtualKeyA
GetParent
UpdateWindow
PrivateExtractIconsW
SetProcessDefaultLayout
LoadBitmapA
PeekMessageW
GetDialogBaseUnits
LoadKeyboardLayoutW
GetMessageExtraInfo
LookupIconIdFromDirectoryEx
LoadCursorFromFileW
MapDialogRect
GetRawInputDeviceInfoW
SetParent
LoadCursorA
LoadIconA
MapVirtualKeyExW
CreateIconFromResource
LoadImageA
LoadIconW
CreateWindowExW
LoadAcceleratorsW
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_STRING 1
VOYECAMIBEZIVEHUDUNINEXAWUVOFA 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
185856

EntryPoint
0x7bc16

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, tiyuzuviyal

FileVersion
3.3.6.5

TimeStamp
2017:11:20 22:42:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dudezomepo.exe

ProductVersion
3.3.6.5

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
564736

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 68e8a70246c8b03a1e255baea5995dd7
SHA1 51d4e67b941cc7dfef24711c4c74e28a076c7445
SHA256 ec7746c8a3d0b37f838425ca51ed1b912c9d35d1e8daa0da22b16366d7044719
ssdeep
12288:2+cPSZ205cBnLd2cPPIEzWe+fiWiPDQVxKBY5Zi4ku37t/c:2+c2tC2yIETUVxKBY5Zi4ke7q

authentihash 5101a1b97155dac7dbcd0807d8276bf11b74a5bd6e189d50a773672848273068
imphash 3d784b4b9d90ce20045eda60dd477aa4
Tamaño del fichero 678.2 KB ( 694510 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
OS/2 Executable (generic) (4.0%)
Clipper DOS Executable (4.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-16 00:52:20 UTC ( hace 4 meses, 1 semana )
Last submission 2018-12-19 09:02:03 UTC ( hace 4 meses )
Nombres zorro
a2.exe
L8IZ0NKWG9.exe
e5dcb178.exe
zorro.exe
nh47ezdygv.exe
68e8a702.gxe
9acd96c2f770.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs