× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 5707e31b8f071a78d94938bd53bb1099956648333a39dff97f38c63601f903b2
Nom du fichier : 8888.exe
Ratio de détection : 48 / 54
Date d'analyse : 2016-01-12 07:46:51 UTC (il y a 3 ans, 4 mois) Voir les derniers
Antivirus Résultat Mise à jour
Ad-Aware Win32.Ramnit 20160112
Yandex Win32.Ramnit.Gen.3 20160111
AhnLab-V3 Win32/Ramnit.B 20160112
ALYac Win32.Ramnit 20160112
Antiy-AVL Trojan/Win32.MicroFake.rz 20160112
Arcabit Win32.Ramnit 20160112
Avast Win32:Nitol-A [Trj] 20160112
AVG Win32/Ramnit.A 20160112
AVware Virus.Win32.Ramnit.a (v) 20160111
Baidu-International Virus.Win32.Nimnul.$a 20160111
BitDefender Win32.Ramnit 20160112
Bkav W32.RammitNNA.PE 20160111
CAT-QuickHeal W32.Ramnit.A 20160111
ClamAV W32.Ramnit-1 20160111
Comodo Virus.Win32.Virut.CE 20160112
Cyren W32/Ramnit.B 20160112
DrWeb Trojan.DownLoader18.16955 20160112
Emsisoft Win32.Ramnit (B) 20160112
ESET-NOD32 Win32/Ramnit.A 20160112
F-Prot W32/Ramnit.B 20160111
F-Secure Win32.Ramnit 20160112
Fortinet W32/Ramnit.C 20160111
GData Win32.Ramnit 20160112
Ikarus Trojan.Win32.MicroFake 20160112
Jiangmin Win32/PatchFile.et 20160112
K7AntiVirus Trojan ( 0040f8a91 ) 20160111
K7GW Trojan ( 0040f8a91 ) 20160112
Kaspersky Virus.Win32.Nimnul.a 20160112
Malwarebytes Trojan.Dropper 20160112
McAfee W32/Ramnit.a 20160112
McAfee-GW-Edition BehavesLike.Win32.BrowseFox.cc 20160112
Microsoft Virus:Win32/Ramnit.A 20160112
eScan Win32.Ramnit 20160112
NANO-Antivirus Virus.Win32.Nimnul.bpchjo 20160112
nProtect Win32.Ramnit 20160112
Panda W32/Cosmu.gen 20160111
Qihoo-360 Virus.Win32.Ramnit.B 20160112
Rising PE:Virus.Virut!1.A08B [F] 20160112
Sophos AV Mal/Nitol-C 20160112
Symantec W32.Ramnit!inf 20160111
Tencent Win32.Virus.Nimnul.Dzjb 20160112
TrendMicro PE_RAMNIT.H 20160112
TrendMicro-HouseCall PE_RAMNIT.H 20160112
VBA32 Virus.Win32.Nimnul.a 20160111
VIPRE Virus.Win32.Ramnit.a (v) 20160112
ViRobot Win32.Ramnit.E[h] 20160112
Zillya Virus.Nimnul.Win32.1 20160112
Zoner Win32.Ramnit.A 20160112
AegisLab 20160112
Alibaba 20160112
ByteHero 20160112
CMC 20160111
SUPERAntiSpyware 20160112
TheHacker 20160107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Product Microsoft? Windows? Operating System
Original name EhStorAuthn.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Enhanced Storage Password Authentication Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-04 13:35:59
Entry Point 0x00016000
Number of sections 6
PE sections
PE imports
CloseServiceHandle
RegOpenKeyA
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegQueryValueExA
LockServiceDatabase
RegSetValueExA
StartServiceA
ChangeServiceConfig2A
RegOpenKeyExA
OpenSCManagerA
UnlockServiceDatabase
RegisterServiceCtrlHandlerA
GetLastError
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
BeginUpdateResourceA
CopyFileA
GetTickCount
GetModuleFileNameA
EndUpdateResourceA
LoadLibraryA
WinExec
UpdateResourceA
GetStartupInfoA
SizeofResource
GetFileSize
lstrcatA
LockResource
GetProcAddress
GetTempPathA
CreateThread
GetModuleHandleA
GetSystemDefaultUILanguage
ReadFile
WriteFile
GetCurrentProcess
EnumResourceNamesA
CloseHandle
GetComputerNameA
ExitThread
MoveFileExA
MoveFileA
LoadResource
lstrcpyA
GlobalAlloc
Sleep
CreateFileA
FindResourceA
GetCurrentProcessId
strncmp
rand
_acmdln
_ftol
memset
strcat
__dllonexit
fprintf
printf
strlen
_except_handler3
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
__setusermatherr
_local_unwind2
__p__commode
localtime
__CxxFrameHandler
srand
_exit
_adjust_fdiv
??3@YAXPAX@Z
free
sprintf
atoi
__getmainargs
memcpy
strstr
strcpy
__p__fmode
time
_initterm
_controlfp
__set_app_type
_iob
wsprintfA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
setsockopt
WSASocketA
htonl
socket
__WSAFDIsSet
WSAIoctl
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
select
sendto
htons
recv
WSAGetLastError
connect
GetIfTable
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
20992

EntryPoint
0x16000

OriginalFileName
EhStorAuthn.exe

MIMEType
application/octet-stream

LegalCopyright
? Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:12:04 14:35:59+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600.16385

FileDescription
Windows Enhanced Storage Password Authentication Program

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
27648

ProductName
Microsoft? Windows? Operating System

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

PE resource-wise parents
Compressed bundles
File identification
MD5 f037b001ddbdbd2a388892b29eb761bf
SHA1 ae930f45832a2b09406fef951627bd82d9cb235c
SHA256 5707e31b8f071a78d94938bd53bb1099956648333a39dff97f38c63601f903b2
ssdeep
3072:eUF+MA1kcKH6wWT5rsN9uplcYK4/C/lMqrujo2o/BqOk0YRIbetn/:eUF+b12HQlc34uMqCjhT5iQ/

authentihash 6f3fb77a79074941ef81475b6327f4e81f37ea240b8dbdbfe347e97f700ce9c2
imphash e92a2a81d3769d07c0bc17b8fd4b3758
File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-12 07:46:51 UTC (il y a 3 ans, 4 mois)
Last submission 2016-07-30 16:57:04 UTC (il y a 2 ans, 9 mois)
Noms du fichier 8888.exe
EhStorAuthn.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Copied files
Moved files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
DNS requests
TCP connections
UDP communications