× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 56ff6937ac04352eeb83b3ae75b9a1d2efb3177f7b460c148864a3236b22efb2
Nom du fichier : idm_trial_reset.exe
Ratio de détection : 2 / 55
Date d'analyse : 2015-06-24 22:46:58 UTC (il y a 1 an, 10 mois) Voir les derniers
Antivirus Résultat Mise à jour
Symantec WS.Reputation.1 20150623
ViRobot Backdoor.Win32.A.Dyreza.1179136[h] 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150623
AhnLab-V3 20150623
Alibaba 20150624
ALYac 20150624
Antiy-AVL 20150623
Arcabit 20150624
Avast 20150623
AVG 20150623
Avira (no cloud) 20150624
AVware 20150623
Baidu-International 20150624
BitDefender 20150623
Bkav 20150623
ByteHero 20150624
CAT-QuickHeal 20150623
ClamAV 20150624
Comodo 20150623
Cyren 20150623
DrWeb 20150623
Emsisoft 20150623
ESET-NOD32 20150623
F-Prot 20150623
F-Secure 20150623
Fortinet 20150624
GData 20150623
Ikarus 20150623
Jiangmin 20150623
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150624
Kingsoft 20150624
Malwarebytes 20150624
McAfee 20150624
McAfee-GW-Edition 20150623
Microsoft 20150624
eScan 20150623
NANO-Antivirus 20150623
nProtect 20150623
Panda 20150623
Qihoo-360 20150624
Rising 20150618
Sophos 20150624
SUPERAntiSpyware 20150623
Tencent 20150624
TheHacker 20150622
TrendMicro 20150624
TrendMicro-HouseCall 20150624
VBA32 20150624
VIPRE 20150623
Zillya 20150624
Zoner 20150624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-11 15:52:02
Entry Point 0x001A30D0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_ICON 17
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 32
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
1368064

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
835584

EntryPoint
0x1a30d0

MIMEType
application/octet-stream

TimeStamp
2015:04:11 16:52:02+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
348160

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 072760d80286205652af3041d68d7033
SHA1 94eb839fd537dbfb93cb51c53b2eb15f70480edc
SHA256 56ff6937ac04352eeb83b3ae75b9a1d2efb3177f7b460c148864a3236b22efb2
ssdeep
24576:7q5TfcdHj4fmbrPevqKoyWdMIZJ0HyFaoVuy8jadVhZIV7Um5ibp:7UTsamnmvqKoyWdMIZJ0hm38juS

authentihash 5148f3af57bb6e16394d3990c9849e70db391c42afcbd5aa8992ca07cef99273
imphash ef471c0edf1877cd5a881a6a8bf647b9
File size 1.1 MB ( 1179136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (43.5%)
Win32 EXE Yoda's Crypter (42.7%)
Win32 Executable (generic) (7.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-04-12 09:53:32 UTC (il y a 2 ans)
Last submission 2017-04-25 08:46:57 UTC (il y a 1 heure, 41 minutes)
Noms du fichier TienIchMayTinh.Com_____IDM Trial Reset.exe
idm_trial_reset.exe
IDM_Trial_Reset_Generic_v3.exe
1idm_trial_reset.exe
idm_trial_reset.exe
IDMreset2.exe
idm_trial_reset-00.exe
Ptech.exe
IDM.exe
tmp_11051-idm_trial_reset-1007392103.exe
wewawaweaw.exe
idm_trial_reset.exe
idm_trial_reset.exe
idm_trial_reset.exe
IDM Trial Reset Tool.exe
idm-daiviet.exe
idm_trial_reset.exe
u26i.exe
idm_trial_reset.exe
IDM.exe
4 idm_trial_reset.exe
filename
AB BRHM (IDM).exe
reset.exe
idm_trial_reset.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08JH05GT16.

Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications