× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 69ded14a0d53cebfed8309cea164a77eb8cf9257a42079a943433fcf652efa69
Nom du fichier : 1dftrh6y5et4wef.exe
Ratio de détection : 2 / 47
Date d'analyse : 2013-09-04 02:47:37 UTC (il y a 4 ans, 9 mois) Voir les derniers
Antivirus Résultat Mise à jour
Malwarebytes Trojan.Agent.ED 20130903
Rising Suspicious 20130903
Yandex 20130903
AhnLab-V3 20130903
AntiVir 20130904
Antiy-AVL 20130903
Avast 20130904
AVG 20130904
Baidu-International 20130903
BitDefender 20130904
ByteHero 20130903
CAT-QuickHeal 20130903
ClamAV 20130903
Commtouch 20130904
Comodo 20130904
DrWeb 20130904
Emsisoft 20130904
ESET-NOD32 20130904
F-Prot 20130904
F-Secure 20130904
Fortinet 20130904
GData 20130904
Ikarus 20130904
Jiangmin 20130903
K7AntiVirus 20130903
K7GW 20130903
Kaspersky 20130904
Kingsoft 20130829
McAfee 20130904
McAfee-GW-Edition 20130903
Microsoft 20130903
eScan 20130904
NANO-Antivirus 20130903
Norman 20130903
nProtect 20130903
Panda 20130903
PCTools 20130903
Sophos AV 20130904
SUPERAntiSpyware 20130904
Symantec 20130904
TheHacker 20130903
TotalDefense 20130903
TrendMicro 20130904
TrendMicro-HouseCall 20130904
VBA32 20130903
VIPRE 20130904
ViRobot 20130904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-03 12:56:02
Entry Point 0x0000334C
Number of sections 7
PE sections
PE imports
GetTokenInformation
RegReplaceKeyA
RegLoadKeyA
RegCloseKey
DeregisterEventSource
AccessCheck
BackupEventLogA
RegOverridePredefKey
OpenEventLogW
RegSaveKeyA
ReportEventA
OpenMutexA
GetLastError
GetStartupInfoA
LocalLock
GetModuleFileNameA
ReleaseMutex
GetCurrentProcessId
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentVariableA
GetComputerNameA
GetHandleInformation
GetProcAddress
VirtualAlloc
GetCurrentThreadId
PulseEvent
__p__fmode
fread
fprintf
fopen
_except_handler3
fputc
fwrite
fseek
fsetpos
fputs
ftell
exit
_XcptFilter
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
_fullpath
__p__commode
free
__getmainargs
_initterm
_fsopen
_flushall
fscanf
freopen
_exit
__set_app_type
CompleteAuthToken
DeleteSecurityContext
ApplyControlToken
DecryptMessage
VerifySignature
ExportSecurityContext
MakeSignature
FreeCredentialsHandle
GetThemeFont
GetThemeMetric
GetThemeMargins
GetThemeBool
GetFileTitleA
ReplaceTextA
GetOpenFileNameW
GetFileTitleW
ChooseColorW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameA
FindTextW
ReplaceTextW
PrintDlgW
ChooseFontA
RegisterMediaTypeClass
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Struct(125) 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
97280

EntryPoint
0x334c

MIMEType
application/octet-stream

FileVersion
3,8,3,4

TimeStamp
2013:09:03 13:56:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nx.rc

FileDescription
rey

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
fgjk

CodeSize
9728

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 1684947fed73c0e3c2264a990b0ae88a
SHA1 21cc0454528563a2417e7a5b9e92a0d0e9a72038
SHA256 69ded14a0d53cebfed8309cea164a77eb8cf9257a42079a943433fcf652efa69
ssdeep
768:xShehX0BdGyurSDFWDym9Y4qX3ezrgzB/ifJ3:xVl02yuGhAz9Y4qX3XzB/c

authentihash fae6c0b496a8797897a46b73016efd4eda23edce6ccb86ea20f8790ca58efb2a
imphash 950c941575f118341e89fd997ceadec7
File size 42.5 KB ( 43520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-09-04 02:47:37 UTC (il y a 4 ans, 9 mois)
Last submission 2017-05-29 06:13:26 UTC (il y a 1 an)
Noms du fichier 1dftrh6y5et4weafwafwafwaf.exe.bin
1dftrh6y5et4wef.exe
1684947fed73c0e3c2264a990b0ae88a_TitanAntivirus2013
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests