× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 14b05f0bd0ca6e169a8d4be542a4165c4266a0419c1d0d857b98b4d84619bdf7
Nom du fichier : ea0c2e9912cfcdd48be6e5acef5a5130.virus
Ratio de détection : 21 / 55
Date d'analyse : 2016-07-31 04:20:55 UTC (il y a 1 an)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.GenericKD.3430875 20160731
ALYac Trojan.GenericKD.3430875 20160731
Arcabit Trojan.Generic.D3459DB 20160731
AVware Trojan.Win32.Generic!BT 20160731
BitDefender Trojan.GenericKD.3430875 20160731
Emsisoft Trojan.GenericKD.3430875 (B) 20160731
ESET-NOD32 Win32/PSW.Papras.EH 20160730
F-Secure Trojan.GenericKD.3430875 20160731
Fortinet Riskware/LMN 20160731
GData Trojan.GenericKD.3430875 20160731
K7AntiVirus Password-Stealer ( 004c815b1 ) 20160730
K7GW Password-Stealer ( 004c815b1 ) 20160731
Kaspersky not-a-virus:Downloader.Win32.LMN.upgr 20160731
McAfee Generic PUP.z 20160731
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20160730
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160731
eScan Trojan.GenericKD.3430875 20160731
nProtect Trojan.GenericKD.3430875 20160729
Qihoo-360 HEUR/QVM41.1.0000.Malware.Gen 20160731
Symantec Heur.AdvML.C 20160731
VIPRE Trojan.Win32.Generic!BT 20160731
AegisLab 20160731
AhnLab-V3 20160730
Alibaba 20160730
Antiy-AVL 20160731
Avast 20160731
AVG 20160731
Avira (no cloud) 20160730
Baidu 20160730
Bkav 20160727
CAT-QuickHeal 20160730
ClamAV 20160731
CMC 20160728
Comodo 20160731
Cyren 20160731
DrWeb 20160731
F-Prot 20160731
Ikarus 20160730
Jiangmin 20160731
Kingsoft 20160731
Malwarebytes 20160731
NANO-Antivirus 20160731
Panda 20160730
Sophos AV 20160731
SUPERAntiSpyware 20160730
Tencent 20160731
TheHacker 20160729
TotalDefense 20160731
TrendMicro 20160731
TrendMicro-HouseCall 20160731
VBA32 20160729
ViRobot 20160730
Yandex 20160730
Zillya 20160730
Zoner 20160731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-01 08:08:23
Entry Point 0x0001D728
Number of sections 4
PE sections
Overlays
MD5 a6bdec70d01615b8d5b0c93d7dd0ba92
File type application/x-rar
Offset 294912
Size 646130
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
SystemTimeToFileTime
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
IsWindow
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_ICON 13
RT_STRING 9
RT_DIALOG 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL DEFAULT 14
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:01 09:08:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
153088

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
140800

SubsystemVersion
5.0

EntryPoint
0x1d728

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ea0c2e9912cfcdd48be6e5acef5a5130
SHA1 4dc96d87a2877318742d175d75dbcb4b2baa63e3
SHA256 14b05f0bd0ca6e169a8d4be542a4165c4266a0419c1d0d857b98b4d84619bdf7
ssdeep
24576:HNBIx5GJIdlrTBRr7KVzJt7hwZdXiukrz:Qx5WklfM3mZ1Kz

authentihash 02494c763d8feb718e89ef014bb22f1db3c5208593ab372564d238846b84f0b0
imphash 3eaa732d4dae53340f9646bdd85dac41
File size 919.0 KB ( 941042 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-07-31 04:20:55 UTC (il y a 1 an)
Last submission 2016-07-31 04:20:55 UTC (il y a 1 an)
Noms du fichier bdf7.exe
b
bdf7.exe
ea0c2e9912cfcdd48be6e5acef5a5130.virus
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications