× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 2312030adb18bc74f2dae3a3a21d9bf6c66c31769011fdfb46943648e78cdef6
Nom du fichier : scandsk.exe
Ratio de détection : 26 / 46
Date d'analyse : 2013-08-14 22:40:49 UTC (il y a 4 ans, 8 mois) Voir les derniers
Antivirus Résultat Mise à jour
AhnLab-V3 Trojan/Win32.Agent 20130814
AntiVir TR/Crypt.XPACK.Gen2 20130814
Avast Win32:MalOb-IJ [Cryp] 20130814
BitDefender Gen:Variant.Kazy.84479 20130814
Commtouch W32/FakeAlert.FY.gen!Eldorado 20130814
DrWeb Trojan.Packed 20130814
Emsisoft Gen:Variant.Kazy.84479 (B) 20130814
ESET-NOD32 Win32/Simda.B 20130814
F-Prot W32/FakeAlert.FY.gen!Eldorado 20130814
F-Secure Gen:Variant.Kazy.84479 20130814
Fortinet W32/Simda.BC!tr 20130814
GData Gen:Variant.Kazy.84479 20130814
Jiangmin Win32/Virut.bn 20130814
K7AntiVirus Backdoor 20130814
K7GW Backdoor 20130814
Kaspersky Backdoor.Win32.Simda.aalt 20130814
Malwarebytes Trojan.Agent.FSA66 20130814
McAfee BackDoor-FBAQ!727AA2741CF1 20130814
McAfee-GW-Edition BackDoor-FBAQ!727AA2741CF1 20130814
Microsoft Backdoor:Win32/Simda 20130814
eScan Gen:Variant.Kazy.84479 20130814
Norman Simda.INW 20130814
Panda Suspicious file 20130814
Sophos AV Mal/EncPk-OJ 20130814
Symantec Suspicious.Cloud.5 20130814
VIPRE Backdoor.Win32.Simda.bb (v) 20130814
Yandex 20130814
Antiy-AVL 20130814
AVG 20130814
ByteHero 20130814
CAT-QuickHeal 20130814
ClamAV 20130814
Comodo 20130814
Ikarus 20130814
Kingsoft 20130723
NANO-Antivirus 20130814
nProtect 20130814
PCTools 20130814
Rising 20130814
SUPERAntiSpyware 20130814
TheHacker 20130814
TotalDefense 20130814
TrendMicro 20130814
TrendMicro-HouseCall 20130814
VBA32 20130814
ViRobot 20130814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-10-12 00:01:52
Entry Point 0x00001F3E
Number of sections 4
PE sections
PE imports
GetServiceKeyNameW
LookupAccountSidW
RegQueryValueExA
CryptSetHashParam
CryptHashData
UnlockServiceDatabase
CreateWellKnownSid
OpenProcessToken
SetServiceObjectSecurity
SystemFunction031
RegEnumKeyA
SetSecurityDescriptorSacl
RegQueryMultipleValuesA
NotifyBootConfigStatus
GetKernelObjectSecurity
LockServiceDatabase
OpenThreadToken
LsaQueryDomainInformationPolicy
WmiNotificationRegistrationW
ObjectCloseAuditAlarmA
RevertToSelf
OpenSCManagerW
RegSetValueExA
RegSaveKeyW
SetSecurityDescriptorGroup
CryptMsgOpenToDecode
InternalSetIpNetEntry
InternalGetIfTable
InternalSetIpForwardEntry
InternalCreateIpForwardEntry
InternalDeleteIpNetEntry
InternalSetIpStats
InternalSetTcpEntry
GetBestRoute
NotifyAddrChange
InternalCreateIpNetEntry
InternalGetIpNetTable
GetInterfaceInfo
InternalGetIpForwardTable
GetIcmpStatistics
GetUdpStatistics
EnableRouter
GetNumberOfInterfaces
HeapFree
CopyFileW
GetDriveTypeW
GlobalDeleteAtom
FindVolumeClose
SetConsoleTextAttribute
QueueUserAPC
GetPriorityClass
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
lstrcatW
SetFilePointer
EnumSystemLanguageGroupsA
GetExitCodeThread
ExpandEnvironmentStringsA
DosPathToSessionPathW
OpenJobObjectW
ReadFileEx
GetCurrentThreadId
OpenSemaphoreW
VirtualAlloc
WriteConsoleW
OleLockRunning
HGLOBAL_UserFree
StgConvertPropertyToVariant
HICON_UserFree
OleDestroyMenuDescriptor
CoMarshalHresult
CreateFileMoniker
CoGetTreatAsClass
CoRegisterSurrogateEx
CoAddRefServerProcess
CoGetInterfaceAndReleaseStream
CLIPFORMAT_UserMarshal
OleCreateLinkFromData
CreateAntiMoniker
HGLOBAL_UserUnmarshal
CoTaskMemRealloc
CoInitialize
HBITMAP_UserSize
CoCreateInstance
CreateDataCache
CLSIDFromString
WriteClassStm
HGLOBAL_UserSize
OleCreateMenuDescriptor
CreateBindCtx
CoRevertToSelf
lineGetID
lineSetCurrentLocation
lineSetDevConfigA
lineAccept
lineSetStatusMessages
lineGetTranslateCapsW
lineDeallocateCall
lineMakeCallA
lineTranslateAddressW
lineTranslateDialogW
lineMakeCall
lineGetAddressCapsA
lineNegotiateExtVersion
lineInitializeExW
lineOpen
lineClose
lineGetCountryW
lineDrop
lineInitialize
lineGetDevConfigA
MapWindowPoints
RegisterWindowMessageW
SetWindowRgn
GetScrollInfo
CreateIconIndirect
DestroyMenu
GetMessageW
GetShellWindow
MessageBeep
RecordShutdownReason
ValidateRgn
SetWindowLongA
SendDlgItemMessageW
GetSysColor
RegisterClipboardFormatW
ChangeClipboardChain
UnregisterClassA
GetQueueStatus
GetClassLongA
GetMenuItemInfoA
MapVirtualKeyExW
GetSysColorBrush
LockWindowUpdate
GetUserObjectSecurity
ExitWindowsEx
strtol
_mbscpy
strtok
fgetc
log10
_ltoa
_HUGE
_mbslen
_cabs
_get_osfhandle
_isatty
wcsstr
feof
_beginthread
DocumentPropertiesW
AddPrinterDriverExW
OpenPrinterA
ReadPrinter
FreePrinterNotifyInfo
WritePrinter
GetPrinterDataW
EnumPortsA
OpenPrinterW
DeletePrinter
DeletePrinterDataExW
EnumPrinterDriversW
EnumPrinterDataW
EndPagePrinter
DeletePrinterDataW
EnumPrinterDriversA
GetPrinterDataExW
FindNextPrinterChangeNotification
EnumPrintersA
DeletePrinterDriverExW
StartDocPrinterW
GetPrinterDriverA
EndDocPrinter
AddPrinterW
Number of PE resources by type
RT_ICON 22
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 23
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:10:12 01:01:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
417792

LinkerVersion
6.1

EntryPoint
0x1f3e

InitializedDataSize
709632

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.1

UninitializedDataSize
0

File identification
MD5 727aa2741cf1acfda34dd7d039950ea2
SHA1 c7b76deb93a4602ff5557b0f0df8584acd82381a
SHA256 2312030adb18bc74f2dae3a3a21d9bf6c66c31769011fdfb46943648e78cdef6
ssdeep
12288:2tczpDbDsed1HZh9rsSrbD6ZLyN3REMZAjjizlzBc/LgJ/gpcB:2tczR0eDaSrbDqcy/gzBc/8RgyB

File size 723.0 KB ( 740352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-14 22:40:49 UTC (il y a 4 ans, 8 mois)
Last submission 2013-08-15 15:19:08 UTC (il y a 4 ans, 8 mois)
Noms du fichier vti-rescan
scandsk.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !