× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: c2e93fe7fcc96bb63aaf905196589c2c852dfae1767c6d120fc95e6c5668ba7d
نام فایل: f5a2609391a373a32bcdf532592b4268.vir
نرخ کشف: 54 / 66
تاریخ تحلیل: 2018-05-19 06:59:18 UTC ( 1 ماه، 1 هفته قبل )
آنتی ویروس نتایج بروزرسانی
Ad-Aware Gen:Variant.Barys.57392 20180519
AegisLab Backdoor.W32.Androm!c 20180519
AhnLab-V3 Backdoor/Win32.Androm.R222017 20180518
ALYac Gen:Variant.Barys.57392 20180519
Arcabit Trojan.Barys.DE030 20180519
Avast Win32:Malware-gen 20180519
AVG Win32:Malware-gen 20180519
Avira (no cloud) TR/Dropper.Gen 20180518
AVware Trojan.Win32.Generic!BT 20180519
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9971 20180518
BitDefender Gen:Variant.Barys.57392 20180519
Bkav W32.PeditosLTAAI.Trojan 20180518
CAT-QuickHeal Trojan.Generic.S1562693 20180518
ClamAV Win.Trojan.WillExec-6356235-0 20180519
Comodo TrojWare.Win32.Agent.CD 20180519
Cylance Unsafe 20180519
Cyren W32/GenBl.F5A26093!Olympus 20180519
DrWeb Trojan.Packed2.40557 20180519
Emsisoft Gen:Variant.Barys.57392 (B) 20180519
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Injector.DRGL 20180519
F-Secure Gen:Variant.Barys.57392 20180519
Fortinet W32/Injector.DQID!tr 20180519
GData Win32.Trojan.Khalesi.B 20180519
Ikarus Trojan-Banker.Emotet 20180518
Sophos ML heuristic 20180503
Jiangmin Backdoor.Androm.sdz 20180519
K7AntiVirus Trojan ( 00521b151 ) 20180519
K7GW Trojan ( 00521b151 ) 20180519
Kaspersky HEUR:Trojan.Win32.Generic 20180519
Malwarebytes Trojan.Injector 20180519
MAX malware (ai score=86) 20180519
McAfee FakeAlert-FNV!F5A2609391A3 20180519
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.dh 20180519
Microsoft Trojan:Win32/Lethic.Q!bit 20180518
eScan Gen:Variant.Barys.57392 20180519
NANO-Antivirus Virus.Win32.Gen.ccmw 20180519
Palo Alto Networks (Known Signatures) generic.ml 20180519
Panda Trj/GdSda.A 20180519
Qihoo-360 HEUR/QVM07.1.95B7.Malware.Gen 20180519
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180519
Symantec Trojan.Gen 20180518
Tencent Win32.Trojan.Generic.Edxa 20180519
TheHacker Trojan/Injector.drgl 20180516
TrendMicro TROJ_KHALESI.SMALY 20180519
TrendMicro-HouseCall TROJ_KHALESI.SMALY 20180519
VBA32 Backdoor.Androm 20180518
VIPRE Trojan.Win32.Generic!BT 20180519
ViRobot Trojan.Win32.XPacker.Gen 20180519
Webroot W32.Adware.Gen 20180519
Yandex Trojan.Injector!oak7H5VQwC8 20180518
Zillya Backdoor.Androm.Win32.46234 20180516
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180519
Alibaba 20180518
Antiy-AVL 20180519
Avast-Mobile 20180518
Babable 20180406
CMC 20180519
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180519
F-Prot 20180519
Kingsoft 20180519
nProtect 20180519
Rising 20180519
SUPERAntiSpyware 20180519
Symantec Mobile Insight 20180518
TotalDefense 20180519
Trustlook 20180519
Zoner 20180518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-02 22:58:38
Entry Point 0x00002305
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:02 23:58:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x2305

InitializedDataSize
225280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f5a2609391a373a32bcdf532592b4268
SHA1 f28bc82a165ff68b9814e5507937a16eb5a55d2a
SHA256 c2e93fe7fcc96bb63aaf905196589c2c852dfae1767c6d120fc95e6c5668ba7d
ssdeep
6144:6seyuAwDSxiv4J2Z8CvlHm66W59l36xEo7EqfvcVo8XtB8pK43+:6seyuAwDSxiv4J2Z8p+P36x97jvcVJB1

authentihash 32904829f018aac6adcd9d7fc7500bde5c4a28baa20183a15aec55c9c8b1e22d
imphash 838bea1adfd32cd060e2ed3493579dcf
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-03 16:59:00 UTC ( 9 ماه، 3 هفته قبل )
Last submission 2018-05-19 06:59:18 UTC ( 1 ماه، 1 هفته قبل )
نام های فایل 7878ded4.exe
f5a2609391a373a32bcdf532592b4268.vir
47c6086b-d9c2-b082-86e2-0156e7ecb874.exe
بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications