× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 31c2c61edbaf239811b3a5cba747fd5010c9eee9a59ea7683da63036ba79c168
Nom du fichier : Формуляр.exe
Ratio de détection : 18 / 56
Date d'analyse : 2016-09-13 22:57:53 UTC (il y a 2 ans, 8 mois) Voir les derniers
Antivirus Résultat Mise à jour
AegisLab Troj.Agent.Gen|2|103!c 20160913
Avast Win32:Malware-gen 20160913
Avira (no cloud) TR/Agent.17920.699 20160913
CrowdStrike Falcon (ML) malicious_confidence_88% (W) 20160725
Cyren W32/Trojan.VWWG-1883 20160913
DrWeb Trojan.MulDrop2.48927 20160913
GData Win32.Trojan.Agent.QUGU54 20160913
Ikarus Trojan.Win32.Agent 20160913
Sophos ML virus.win32.neshta.a 20160912
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20160913
McAfee Artemis!B7E26D5BE4AA 20160913
McAfee-GW-Edition BehavesLike.Win32.BadFile.lm 20160913
NANO-Antivirus Trojan.Win32.MulDrop2.efqfxx 20160913
TheHacker Posible_Worm32 20160911
TrendMicro PAK_Generic.005 20160913
TrendMicro-HouseCall TROJ_GEN.R002H0CI816 20160913
ViRobot Trojan.Win32.Z.Muldrop2.17920[h] 20160913
Zillya Adware.BrowseFox.Win32.220210 20160912
Ad-Aware 20160913
AhnLab-V3 20160913
Alibaba 20160913
ALYac 20160913
Antiy-AVL 20160913
Arcabit 20160913
AVG 20160913
AVware 20160913
Baidu 20160913
BitDefender 20160913
Bkav 20160913
CAT-QuickHeal 20160913
ClamAV 20160913
CMC 20160912
Comodo 20160912
Emsisoft 20160913
ESET-NOD32 20160913
F-Prot 20160913
F-Secure 20160913
Fortinet 20160913
Jiangmin 20160913
K7AntiVirus 20160913
K7GW 20160913
Kaspersky 20160913
Malwarebytes 20160913
Microsoft 20160913
eScan 20160913
nProtect 20160913
Panda 20160913
Qihoo-360 20160913
Rising 20160913
Sophos AV 20160913
SUPERAntiSpyware 20160913
Symantec 20160913
Tencent 20160913
VBA32 20160913
VIPRE 20160913
Yandex 20160913
Zoner 20160913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX_LZMA, embedded
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-18 16:48:03
Entry Point 0x0000AF50
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
PathQuoteSpacesA
wsprintfA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
UKRAINIAN DEFAULT 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:05:18 17:48:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
1.67

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xaf50

InitializedDataSize
12288

SubsystemVersion
3.1

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
36864

Compressed bundles
File identification
MD5 b7e26d5be4aa19e0665f375b1a03571b
SHA1 91583a90c24f5566efc48b61596c430725ea90a7
SHA256 31c2c61edbaf239811b3a5cba747fd5010c9eee9a59ea7683da63036ba79c168
ssdeep
384:bFduwHIxu3K89aNJawcudoD7UteOp9qw08aIIIIkIIIP:bFduwoIAnbcuyD7UBpww08aIIIIkIII

authentihash cc12a96c154518cdea7c5b2fd50cf0a185a8358461f66aec4bb6a61e1ce47ac6
imphash 1b30fa183bfe9ff390e568cb23d331e5
File size 17.5 KB ( 17920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
OS/2 Executable (generic) (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-10-21 10:54:08 UTC (il y a 7 ans, 7 mois)
Last submission 2017-10-18 08:56:35 UTC (il y a 1 an, 7 mois)
Noms du fichier 31c2c61edbaf239811b3a5cba747fd5010c9eee9a59ea7683da63036ba79c168
aa
b7e26d5be4aa19e0665f375b1a03571b.exe
1.exe$
b7e26d5be4aa19e0665f375b1a03571b
????????.exe
________.exe$
aWoOYpaoGX.caj
gmnbBt.msc
UhdpJTw.gz
Формуляр.exe
.exe
формуляр.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047H05KG15.

Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications