× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 38e6cc9ca7a6f3e63fd535c7c2824122a59897fd9587e14f80d8cb04558b81e6
Nom du fichier : 480848172062f4e63909b43aab5013be_kaf0x0
Ratio de détection : 5 / 46
Date d'analyse : 2013-08-21 12:29:38 UTC (il y a 4 ans, 10 mois) Voir les derniers
Antivirus Résultat Mise à jour
ESET-NOD32 Win32/Moure.D 20130821
Kaspersky HEUR:Trojan.Win32.Generic 20130821
Malwarebytes Backdoor.Bot 20130821
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20130820
TheHacker Posible_Worm32 20130821
Yandex 20130820
AhnLab-V3 20130821
AntiVir 20130821
Antiy-AVL 20130821
Avast 20130821
AVG 20130821
BitDefender 20130821
ByteHero 20130814
CAT-QuickHeal 20130821
ClamAV 20130821
Commtouch 20130821
Comodo 20130821
DrWeb 20130821
Emsisoft 20130821
F-Prot 20130821
F-Secure 20130821
Fortinet 20130821
GData 20130821
Ikarus 20130821
Jiangmin 20130821
K7AntiVirus 20130820
K7GW 20130820
Kingsoft 20130723
McAfee 20130821
Microsoft 20130821
eScan 20130821
NANO-Antivirus 20130821
Norman 20130821
nProtect 20130821
Panda 20130821
PCTools 20130821
Rising 20130821
Sophos AV 20130821
SUPERAntiSpyware 20130821
Symantec 20130821
TotalDefense 20130820
TrendMicro 20130821
TrendMicro-HouseCall 20130821
VBA32 20130821
VIPRE 20130821
ViRobot 20130821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008

Publisher Valve Corporation
Product Steam P2P NAT Type Probe
Version 1, 0, 0, 1
Original name nattypeprobe.dll
Internal name Steam P2P NAT Type Probe
File version 8.1.21.73
Description Steam NAT Type Probe
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00019F50
Number of sections 3
PE sections
PE imports
DirectInputCreateW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
mciGetDeviceIDFromElementIDA
Number of PE resources by type
RT_ACCELERATOR 11
RT_ICON 2
RT_CURSOR 2
RT_GROUP_ICON 2
RT_STRING 1
AVI 1
DATA 1
RT_VERSION 1
PNG 1
Number of PE resources by language
NEUTRAL DEFAULT 14
NEUTRAL 3
ITALIAN 2
KYRGYZ DEFAULT 1
NORWEGIAN BOKMAL 1
BULGARIAN DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
4.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.1.21.73

UninitializedDataSize
61440

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008

FileVersion
8.1.21.73

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Steam P2P NAT Type Probe

ProductVersion
1, 0, 0, 1

FileDescription
Steam NAT Type Probe

OSVersion
5.0

OriginalFilename
nattypeprobe.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Valve Corporation

CodeSize
45056

ProductName
Steam P2P NAT Type Probe

ProductVersionNumber
1.0.0.1

EntryPoint
0x19f50

ObjectFileType
Dynamic link library

File identification
MD5 480848172062f4e63909b43aab5013be
SHA1 be99bc27bd82e34417ca186c454c60ae81af09f5
SHA256 38e6cc9ca7a6f3e63fd535c7c2824122a59897fd9587e14f80d8cb04558b81e6
ssdeep
1536:wUF1m/nRfDJvPp7CSS88AF+zKW9l0olL4Menouy8v:wznRfR9CPtAF+KM+outv

File size 50.5 KB ( 51712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-08-21 12:29:38 UTC (il y a 4 ans, 10 mois)
Last submission 2013-08-28 09:40:17 UTC (il y a 4 ans, 9 mois)
Noms du fichier vti-rescan
Steam P2P NAT Type Probe
nattypeprobe.dll
480848172062f4e63909b43aab5013be_kaf0x0
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !