× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: 715faab6b3b1be49263064a729e1b0a3f6a77293536cb164c01c2458e16cf444
نام فایل: HFV.exe
نرخ کشف: 8 / 61
تاریخ تحلیل: 2017-05-06 15:10:10 UTC ( 2 سال قبل ) آخرین نمایش
آنتی ویروس نتایج بروزرسانی
AegisLab Troj.W32.Autoit.lZhY 20170506
Bkav W32.HfsAtITA.D00C 20170506
CMC Trojan.Win32.Generic!O 20170505
Endgame malicious (moderate confidence) 20170503
Fortinet W32/Generic!tr 20170506
Jiangmin Trojan.Generic.zswv 20170506
Rising Malware.Heuristic!ET#90% (cloud:wbWOVWmDLLS) 20170506
SentinelOne (Static ML) static engine - malicious 20170330
Ad-Aware 20170506
AhnLab-V3 20170506
Alibaba 20170505
ALYac 20170506
Antiy-AVL 20170506
Arcabit 20170506
Avast 20170506
AVG 20170506
Avira (no cloud) 20170506
AVware 20170506
Baidu 20170503
BitDefender 20170506
CAT-QuickHeal 20170506
ClamAV 20170506
Comodo 20170506
CrowdStrike Falcon (ML) 20170130
Cyren 20170506
DrWeb 20170506
Emsisoft 20170506
ESET-NOD32 20170506
F-Prot 20170506
F-Secure 20170506
GData 20170506
Ikarus 20170506
Sophos ML 20170413
K7AntiVirus 20170506
K7GW 20170506
Kaspersky 20170506
Kingsoft 20170506
Malwarebytes 20170506
McAfee 20170506
McAfee-GW-Edition 20170506
Microsoft 20170506
eScan 20170506
NANO-Antivirus 20170506
nProtect 20170506
Palo Alto Networks (Known Signatures) 20170506
Panda 20170506
Qihoo-360 20170506
Sophos AV 20170506
SUPERAntiSpyware 20170506
Symantec 20170505
Symantec Mobile Insight 20170504
Tencent 20170506
TheHacker 20170505
TrendMicro 20170506
TrendMicro-HouseCall 20170506
Trustlook 20170506
VBA32 20170506
VIPRE 20170506
ViRobot 20170506
Webroot 20170506
WhiteArmor 20170502
Yandex 20170504
Zillya 20170505
ZoneAlarm by Check Point 20170506
Zoner 20170506
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 8, 1
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000BAE70
Number of sections 3
PE sections
Overlays
MD5 efa303031855d96a6e3fa82999e572c1
File type data
Offset 311808
Size 395085
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 21
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
491520

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.3.8.1

LanguageCode
English (British)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0xbae70

MIMEType
application/octet-stream

FileVersion
3, 3, 8, 1

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 8, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

PE resource-wise parents
Compressed bundles
File identification
MD5 2445c4b101ae24d12de1c1e778559493
SHA1 c327764d6ea29acc2a00fe3d9cdf1838cf21b5d3
SHA256 715faab6b3b1be49263064a729e1b0a3f6a77293536cb164c01c2458e16cf444
ssdeep
12288:s6Wq4aaE6KwyF5L0Y2D1PqLJF3AcCL8bIDIKswLuxlHzU3+4u:qthEVaPqLLAv8QswLuXHgu

authentihash 7fe93ed5f4cbedfcff1b1adaa7729ccec47c53fac72ef5f3171f80aaa55ee950
imphash 890e522b31701e079a367b89393329e6
File size 690.3 KB ( 706893 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.8%)
UPX compressed Win32 Executable (4.6%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe upx usb-autorun overlay

VirusTotal metadata
First submission 2013-12-20 22:29:46 UTC ( 5 سال، 5 ماه قبل )
Last submission 2019-04-29 07:13:07 UTC ( 3 هفته قبل )
نام های فایل 24731265
Hidden Folder Virus.exe
HFV-Cleaner-Pro40-20131217.exe
file-7647744_exe
Hidden Folder Virus Cleaner Pro.exe
Copy of HFV.exe
vti-rescan
20161202191655
715faab6b3b1be49263064a729e1b0a3f6a77293536cb164c01c2458e16cf444
HFV.dat
hfv.exe
2-HFV.exe
filename
HFV_2.exe
HFV 3.3.8.1.exe
output.104513693.txt
hfv-cleaner-pro.exe
USBMonitor.exe
HFV-135.exe
sample ._DONTEXECUTE
HFV Hidden Folder Virus Cleaner Pro.exe
2014-07-18-13-22-31-2445c4b101ae24d12de1c1e778559493
hfv.exe
101
hfv-cleaner-pro-abhinav-bakshi_2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
keylogger

بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Opened service managers
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.