× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 4f3f957334bcbde8462f9215fd20d6fd6363c449e07bbf49f30428399c9f6e57
Nom du fichier : 687112.exe
Ratio de détection : 6 / 56
Date d'analyse : 2016-12-27 14:20:42 UTC (il y a 7 mois, 3 semaines) Voir les derniers
Antivirus Résultat Mise à jour
Avast Win32:Evo-gen [Susp] 20161227
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20161207
Kaspersky HEUR:Trojan.Win32.Generic 20161227
Malwarebytes Spyware.Agent 20161227
Qihoo-360 HEUR/QVM05.1.0000.Malware.Gen 20161227
VBA32 suspected of Trojan.Notifier.gen 20161227
Ad-Aware 20161227
AegisLab 20161227
AhnLab-V3 20161227
Alibaba 20161223
ALYac 20161227
Antiy-AVL 20161227
Arcabit 20161227
AVG 20161227
Avira (no cloud) 20161227
AVware 20161227
BitDefender 20161227
Bkav 20161227
CAT-QuickHeal 20161227
ClamAV 20161227
CMC 20161227
Comodo 20161227
CrowdStrike Falcon (ML) 20161024
Cyren 20161227
DrWeb 20161227
Emsisoft 20161227
ESET-NOD32 20161227
F-Prot 20161227
F-Secure 20161227
Fortinet 20161227
GData 20161227
Ikarus 20161227
Sophos ML 20161216
Jiangmin 20161226
K7AntiVirus 20161227
K7GW 20161227
Kingsoft 20161227
McAfee 20161227
McAfee-GW-Edition 20161227
Microsoft 20161227
eScan 20161227
NANO-Antivirus 20161227
nProtect 20161227
Panda 20161226
Rising 20161227
Sophos AV 20161227
SUPERAntiSpyware 20161227
Symantec 20161227
Tencent 20161227
TheHacker 20161226
TotalDefense 20161227
TrendMicro 20161227
TrendMicro-HouseCall 20161227
Trustlook 20161227
VIPRE 20161227
ViRobot 20161227
WhiteArmor 20161221
Yandex 20161226
Zillya 20161227
Zoner 20161227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-27 04:40:26
Entry Point 0x00056968
Number of sections 9
PE sections
PE imports
SetSecurityDescriptorOwner
RegCloseKey
AccessCheck
OpenServiceW
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
ChangeServiceConfig2W
OpenProcessToken
QueryServiceStatus
DuplicateToken
AddAccessAllowedAce
RegOpenKeyExW
CreateServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenThreadToken
GetLengthSid
StartServiceW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
SetSecurityDescriptorGroup
GetStdHandle
WaitForSingleObject
SignalObjectAndWait
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetVolumeInformationW
GetLocaleInfoW
GetCPInfo
LoadLibraryW
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
CopyFileW
OutputDebugStringW
GetModuleFileNameW
TryEnterCriticalSection
ExitProcess
RaiseException
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
CreateMutexW
TerminateProcess
GetVersion
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
GetDateFormatW
DeleteFileW
GetProcAddress
CompareStringW
ResetEvent
FindFirstFileW
IsValidLocale
FindFirstFileExW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
InterlockedIncrement
GetLastError
GetSystemInfo
GetThreadLocale
lstrlenW
CreateProcessW
SwitchToThread
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
SHGetSpecialFolderPathW
ShellExecuteW
GetSystemMetrics
MessageBoxW
LoadStringW
MessageBoxA
CharUpperBuffW
CharNextW
WSAStartup
setsockopt
closesocket
shutdown
Number of PE resources by type
RT_STRING 9
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:27 05:40:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
352256

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
82432

SubsystemVersion
5.0

EntryPoint
0x56968

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 db76c3958fc8a4a613cbe9458b4b18f5
SHA1 ef1c581658c23e4cc753dfbcfe92c48fbe74c574
SHA256 4f3f957334bcbde8462f9215fd20d6fd6363c449e07bbf49f30428399c9f6e57
ssdeep
12288:VnbxLB0hZNcMYz0YXH1Kj888888888888W88888888888:Fxd0hZKDbXH1K

authentihash de2726a13bb5e3f4e242cfa2e818ce70bbba05a9b03799d32e8c5f106fd962ec
imphash 79f8f363c171c4a9a5efa53f10bd2ede
File size 425.5 KB ( 435712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (48.3%)
Win32 Executable Delphi generic (16.4%)
Windows screen saver (15.2%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-27 14:20:42 UTC (il y a 7 mois, 3 semaines)
Last submission 2016-12-27 14:20:42 UTC (il y a 7 mois, 3 semaines)
Noms du fichier 687112.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications