× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 406c30d40f3837615e3b393edc1d6667213c3d287ec006be6198d68124041d43
Nom du fichier : loader.exe
Ratio de détection : 40 / 53
Date d'analyse : 2015-11-05 19:06:24 UTC (il y a 1 an, 8 mois)
Antivirus Résultat Mise à jour
Ad-Aware Gen:Trojan.Heur.fmW@X2urvLnG 20151105
Yandex Worm.VB!+pjcaSNETYk 20151104
AhnLab-V3 Trojan/Win32.VBInject 20151105
Antiy-AVL Trojan/Win32.Vilsel.gic 20151105
Arcabit Trojan.Heur.EED1B6A 20151105
Avast Win32:VB-ADDL [Trj] 20151105
AVG Packed2_c.CBGY 20151105
AVware Trojan.Win32.Generic!BT 20151105
Baidu-International Trojan.Win32.Fsysna.ceeu 20151105
BitDefender Gen:Trojan.Heur.fmW@X2urvLnG 20151105
CAT-QuickHeal Trojan.VB.r3 20151105
ClamAV Win.Trojan.Agent-951869 20151103
Comodo UnclassifiedMalware 20151105
Cyren W32/Trojan.VQJQ-8066 20151105
Emsisoft Gen:Trojan.Heur.fmW@X2urvLnG (B) 20151105
ESET-NOD32 a variant of Win32/VB.OOB 20151105
F-Prot W32/Trojan2.OVOE 20151105
F-Secure Gen:Trojan.Heur.fmW@X2urvLnG 20151105
Fortinet W32/Klone.BN!worm 20151105
GData Gen:Trojan.Heur.fmW@X2urvLnG 20151105
Ikarus Worm.Win32.VB 20151105
Jiangmin Packed.Klone.yvz 20151104
K7AntiVirus P2PWorm ( 004c6a831 ) 20151105
K7GW P2PWorm ( 004c6a831 ) 20151105
Kaspersky HEUR:Trojan.Win32.Generic 20151105
McAfee RDN/FakeAV-M.bfr 20151105
McAfee-GW-Edition BehavesLike.Win32.VBObfus.mt 20151105
Microsoft Backdoor:Win32/Slingup!rfn 20151105
eScan Gen:Trojan.Heur.fmW@X2urvLnG 20151105
NANO-Antivirus Trojan.Win32.Klone.dtpvxq 20151105
Panda Trj/Genetic.gen 20151105
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151104
Sophos AV Mal/Generic-S 20151105
Symantec Trojan.Gen 20151105
Tencent Win32.Trojan.Fsysna.Ozih 20151105
TrendMicro TROJ_GEN.R01TC0VHD15 20151105
TrendMicro-HouseCall BKDR_SLINGUP.SM 20151105
VBA32 Trojan.VB.Schmidti 20151105
VIPRE Trojan.Win32.Generic!BT 20151105
Zillya Trojan.Fsysna.Win32.7406 20151105
AegisLab 20151105
Alibaba 20151105
ALYac 20151105
Bkav 20151105
ByteHero 20151105
CMC 20151102
DrWeb 20151105
Malwarebytes 20151105
nProtect 20151105
SUPERAntiSpyware 20151105
TheHacker 20151103
ViRobot 20151105
Zoner 20151105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-28 10:25:16
Entry Point 0x00001240
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(712)
Ord(645)
Ord(518)
Ord(537)
Ord(648)
Ord(516)
Ord(531)
Ord(685)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(681)
Ord(576)
Ord(580)
Ord(714)
Ord(717)
Ord(666)
Ord(702)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(626)
Ord(578)
Ord(618)
Ord(608)
Ord(570)
Ord(519)
Ord(100)
Ord(526)
Ord(573)
ProcCallEngine
Ord(711)
Ord(606)
Ord(690)
EVENT_SINK_Release
Ord(616)
Ord(600)
Ord(617)
Ord(593)
Ord(528)
Ord(529)
Ord(667)
Ord(716)
Ord(607)
Ord(670)
Ord(644)
Ord(631)
Ord(579)
Ord(621)
Ord(619)
Ord(546)
Ord(709)
Ord(598)
Number of PE resources by type
CUSTOM 1
Number of PE resources by language
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:28 11:25:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
6.0

EntryPoint
0x1240

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
4.2

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 413ba3a4705504e528ce05c095cbc8a5
SHA1 29b833835a8f48fd20a69c0255b37d15249659f6
SHA256 406c30d40f3837615e3b393edc1d6667213c3d287ec006be6198d68124041d43
ssdeep
768:D9ozIcetNxfmrrs+r1k6S0aqhUTLFXLyTF4XnEP+PjRCDt+N+ukE/gYi7eFTiKKy:D9cIcePWrs+Oo+dX+CTPokOeFoAGqDh

authentihash 5cff8f985eb7431bcbacccb5444db87c5304c140bfa533510726e42f88bf2b18
imphash aca9922f6bc9ce6ee9179c9fc7ebe32d
File size 80.0 KB ( 81920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-06 12:00:37 UTC (il y a 1 an, 11 mois)
Last submission 2015-11-05 19:06:24 UTC (il y a 1 an, 8 mois)
Noms du fichier loader.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.