× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: 717a391c24a0e8796ac9fda436164b5764f5050bbdd8dbe16373787103753819
نام فایل: Faint.exe
نرخ کشف: 49 / 56
تاریخ تحلیل: 2015-07-27 17:59:54 UTC ( 1 سال، 11 ماه قبل )
آنتی ویروس نتایج بروزرسانی
Ad-Aware Trojan.GenericKDV.966993 20150727
Yandex Backdoor.Azbreg!MUY+pZg20Uk 20150727
AhnLab-V3 Backdoor/Win32.Androm 20150727
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20150727
Arcabit Trojan.GenericV.DEC151 20150727
Avast Win32:Trojan-gen 20150727
AVG BackDoor.Generic17.AXW 20150727
Avira (no cloud) TR/Crypt.ULPM.Gen 20150727
AVware Worm.Win32.Hamweq 20150727
Baidu-International Worm.Win32.AutoRun.42 20150727
BitDefender Trojan.GenericKDV.966993 20150727
CAT-QuickHeal Worm.Hamweq.rw3 20150727
Comodo Heur.Suspicious 20150727
Cyren W32/Hamweq.IUPB-8009 20150727
DrWeb BackDoor.Ddoser.131 20150727
Emsisoft Trojan.GenericKDV.966993 (B) 20150727
ESET-NOD32 Win32/AutoRun.KS 20150727
F-Prot W32/Hamweq.AG 20150727
F-Secure Trojan.GenericKDV.966993 20150727
Fortinet W32/Azbreg.KS!tr.bdr 20150727
GData Trojan.GenericKDV.966993 20150727
Ikarus Worm.Win32.Hamweq 20150727
Jiangmin Backdoor/Azbreg.bpb 20150726
K7AntiVirus Riskware ( 0040eff71 ) 20150727
K7GW Riskware ( 0040eff71 ) 20150727
Kaspersky Backdoor.Win32.Azbreg.ucr 20150727
Kingsoft Win32.Troj.Agent.k.(kcloud) 20150727
Malwarebytes Trojan.Agent.RSRVGen 20150727
McAfee W32/Rimecud 20150727
McAfee-GW-Edition BehavesLike.Win32.Virut.qc 20150727
Microsoft Worm:Win32/Hamweq.A 20150727
eScan Trojan.GenericKDV.966993 20150727
NANO-Antivirus Trojan.Win32.Siggen.crawoy 20150727
nProtect Backdoor/W32.Azbreg.58880 20150727
Panda Trj/OCJ.E 20150727
Qihoo-360 HEUR/Malware.QVM11.Gen 20150727
Rising PE:Trojan.Win32.Generic.14883593!344470931 20150722
Sophos Mal/ZboCheMan-N 20150727
SUPERAntiSpyware Trojan.Agent/Gen-Vermer 20150727
Symantec W32.Pilleuz 20150727
Tencent Win32.Backdoor.Azbreg.Chf 20150727
TheHacker Posible_Worm32 20150727
TotalDefense Win32/Tnega.ASBC 20150727
TrendMicro WORM_HAMWEQ.FU 20150727
TrendMicro-HouseCall WORM_HAMWEQ.FU 20150727
VBA32 Trojan.SB.01742 20150727
VIPRE Worm.Win32.Hamweq 20150727
Zillya Worm.AutoRun.Win32.104945 20150727
Zoner I-Worm.AutoRun.KS 20150727
AegisLab 20150727
Alibaba 20150727
ALYac 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Stag 1997 2007

Publisher O*r>
Original name Faint.exe
File version 5, 8, 6
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-18 09:47:37
Entry Point 0x00082FE0
Number of sections 3
PE sections
PE imports
LsaLookupNames
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
RT_DLGINCLUDE 16
RT_DIALOG 15
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 40
PE resources
ExifTool file metadata
CharacterSet
Unicode

SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileVersionNumber
5.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

qmMS5x4CnHINo1rFbj
BJ8uktUTB4D3MLvO

sOSLIMdcWWYUC
BOHFE7EELI1Odhll

L1L6JWcHamorLwQQ64
tb8aj1wxIUOXTHuNScwI

InitializedDataSize
24576

FBA8Y4DmcaFnYRfMQ
rxWOgR4IuRpq4QD4yOjG

FileTypeExtension
exe

OriginalFileName
Faint.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5, 8, 6

TimeStamp
2006:02:18 10:47:37+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5 8 1286

UninitializedDataSize
499712

kgVkhS725rRyYP45Kqh
WIOsbjaX6fcPGwT

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Stag 1997 2007

RbnqPMJHsGO
IyxHUFd5CSUSmVp2p8i

MachineType
Intel 386 or later, and compatibles

CompanyName
O*r>

CodeSize
36864

FileSubtype
0

ProductVersionNumber
5.8.0.0

AuC7MxJL3h24
Stc2YppxedK

EntryPoint
0x82fe0

ObjectFileType
Executable application

R6jXYhUej8kT
ITeD8obbhwfMEcEMuA

File identification
MD5 00632e0224390d5ebdfa50efc51ed8d3
SHA1 3266392d010460fed1a0df5795de3e38fe0446eb
SHA256 717a391c24a0e8796ac9fda436164b5764f5050bbdd8dbe16373787103753819
ssdeep
1536:Kz6ixRYwfCIyYWBf8y0EfDpQdyAGG1Gx:4Hx2wRDWJ8y0ECYN

authentihash 6cae5917e6990e42e297fcf3b8b5bd71417dbae6f50cfdac9979c208c59597e2
imphash f09f4b154a17052da6c4bff7c4e201ea
File size 57.5 KB ( 58880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
honeypot peexe

VirusTotal metadata
First submission 2013-04-26 18:04:50 UTC ( 4 سال، 2 ماه قبل )
Last submission 2015-06-12 11:12:32 UTC ( 2 سال قبل )
نام های فایل 006467617
hostsn.exe1
aa
Faint.exe
00632e0224390d5ebdfa50efc51ed8d3
WL-0aa7eb44b572b5f287553ad48f08fe88-0.ex$
v.exe
00632e0224390d5ebdfa50efc51ed8d3.3266392d010460fed1a0df5795de3e38fe0446eb
output.10493897.txt
hostsn.exe
00632e0224390d5ebdfa50efc51ed8d3
v.exe
B2700.exe
sample.exe
10493897
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!