× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 612f594a21124c8c77551711c3a3491460ff32bd5e3cb91f954bbaa2a034bd72
Nom du fichier : oCN-NFO.EXe
Ratio de détection : 4 / 68
Date d'analyse : 2018-08-31 07:43:17 UTC (il y a 8 mois, 3 semaines)
Antivirus Résultat Mise à jour
Cylance Unsafe 20180831
Ikarus Backdoor.Win32.NetDevil 20180830
Microsoft PUA:Win32/Keygen 20180831
SentinelOne (Static ML) static engine - malicious 20180830
Ad-Aware 20180831
AegisLab 20180831
AhnLab-V3 20180831
Alibaba 20180713
ALYac 20180831
Antiy-AVL 20180831
Arcabit 20180831
Avast 20180831
Avast-Mobile 20180831
AVG 20180831
Avira (no cloud) 20180831
AVware 20180823
Babable 20180822
Baidu 20180830
BitDefender 20180831
Bkav 20180831
CAT-QuickHeal 20180830
ClamAV 20180831
CMC 20180831
Comodo 20180831
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180831
DrWeb 20180831
eGambit 20180831
Emsisoft 20180831
Endgame 20180730
ESET-NOD32 20180831
F-Prot 20180831
F-Secure 20180831
Fortinet 20180831
GData 20180831
Sophos ML 20180717
Jiangmin 20180831
K7AntiVirus 20180829
K7GW 20180831
Kaspersky 20180831
Kingsoft 20180831
Malwarebytes 20180831
MAX 20180831
McAfee 20180831
McAfee-GW-Edition 20180831
eScan 20180831
NANO-Antivirus 20180831
Palo Alto Networks (Known Signatures) 20180831
Panda 20180830
Qihoo-360 20180831
Rising 20180831
Sophos AV 20180831
SUPERAntiSpyware 20180831
Symantec 20180831
Symantec Mobile Insight 20180829
TACHYON 20180831
Tencent 20180831
TheHacker 20180829
TotalDefense 20180831
TrendMicro 20180831
TrendMicro-HouseCall 20180831
Trustlook 20180831
VBA32 20180830
VIPRE 20180831
ViRobot 20180831
Webroot 20180831
Yandex 20180830
Zillya 20180830
ZoneAlarm by Check Point 20180831
Zoner 20180830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00097CE0
Number of sections 3
PE sections
Overlays
MD5 9148244c7dc4387f540ec2bb34f1e758
File type ASCII text
Offset 237568
Size 8
Entropy 3.00
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
IsEqualGUID
VariantClear
timeGetTime
Number of PE resources by type
RT_BITMAP 21
RT_STRING 12
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
DOS_FONT 1
RT_ICON 1
DLLS 1
MUSIC 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 50
POLISH DEFAULT 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
229376

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
8192

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x97ce0

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
389120

Compressed bundles
File identification
MD5 fd1f5da2e520f10b4a8ad632e1155e4c
SHA1 2b8d0786e9fb9dc87a0dceefe45112ce509eac37
SHA256 612f594a21124c8c77551711c3a3491460ff32bd5e3cb91f954bbaa2a034bd72
ssdeep
6144:1hVmOAAy7NW0fhHL8H6UGHbmZfvXuA6fDYion232L2axU:1hVmOAhNWMhHZHbmZH+AqYio23U2aG

authentihash cb1a39fe655066caf29cf1e212addec7a0feecdf66cca308124639800e48701f
imphash dd69b5dbf2cea28aced8e528e18f418d
File size 232.0 KB ( 237576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (47.6%)
DOS Borland compiled Executable (generic) (17.9%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Win16/32 Executable Delphi generic (3.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-05-22 13:45:55 UTC (il y a 7 ans)
Last submission 2018-08-31 07:43:17 UTC (il y a 8 mois, 3 semaines)
Noms du fichier fd1f5da2e520f10b4a8ad632e1155e4c
4TIt0.exe
aa
fd1f5da2e520f10b4a8ad632e1155e4c.exe
virussign.com_fd1f5da2e520f10b4a8ad632e1155e4c.vxe
oCN-NFO.EXe
03406
oCN-NFO.EXe
G7E4Ag2H_.gif
test.txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Runtime DLLs