× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 6b15aa3f3d6bb1c308974fc87bd38ceb2ee337fd3495ebe6c6e7157a85e914cb
Nom du fichier : lst.libr
Ratio de détection : 21 / 54
Date d'analyse : 2016-12-24 15:16:48 UTC (il y a 11 mois, 3 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Gen:Variant.Zusy.214925 20161224
Arcabit Trojan.Zusy.D3478D 20161224
AVG GenericX.629 20161224
AVware LooksLike.Win32.Crowti.b (v) 20161224
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20161207
BitDefender Gen:Variant.Zusy.214925 20161224
Bkav W32.FamVT.RazyNHmA.Trojan 20161224
Cyren W32/S-e2e07e9d!Eldorado 20161224
DrWeb Trojan.Inject1.56622 20161224
Emsisoft Gen:Variant.Zusy.214925 (B) 20161224
ESET-NOD32 a variant of Win32/Kryptik.FMCM 20161224
F-Prot W32/S-e2e07e9d!Eldorado 20161224
F-Secure Gen:Variant.Zusy.214925 20161224
Fortinet W32/Kryptik.FLYM!tr 20161224
GData Gen:Variant.Zusy.214925 20161224
Sophos ML worm.win32.dorkbot.i 20161216
Malwarebytes Backdoor.Andromeda 20161224
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20161224
Rising Malware.Generic!FlIfvwFFQPQ@5 (thunder) 20161224
Symantec Heur.AdvML.B 20161224
VIPRE LooksLike.Win32.Crowti.b (v) 20161224
AegisLab 20161224
AhnLab-V3 20161224
Alibaba 20161223
ALYac 20161224
Antiy-AVL 20161224
Avast 20161224
Avira (no cloud) 20161224
CAT-QuickHeal 20161224
ClamAV 20161224
CMC 20161224
Comodo 20161224
CrowdStrike Falcon (ML) 20161024
Ikarus 20161224
Jiangmin 20161224
K7AntiVirus 20161224
K7GW 20161224
Kaspersky 20161224
Kingsoft 20161224
McAfee 20161224
McAfee-GW-Edition 20161224
Microsoft 20161224
NANO-Antivirus 20161224
nProtect 20161224
Panda 20161224
Sophos AV 20161224
SUPERAntiSpyware 20161223
Tencent 20161224
TheHacker 20161222
TrendMicro 20161224
TrendMicro-HouseCall 20161224
Trustlook 20161224
VBA32 20161223
ViRobot 20161224
WhiteArmor 20161221
Yandex 20161223
Zillya 20161223
Zoner 20161224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-23 10:12:40
Entry Point 0x00007440
Number of sections 4
PE sections
PE imports
CreateToolbarEx
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
ImageList_Add
AddFontResourceA
GetCharABCWidthsFloatW
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetPixel
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
EndDoc
PtInRegion
DeleteObject
BitBlt
CreateDIBSection
GetObjectA
CreateFontA
ExtTextOutW
MoveToEx
GetStockObject
CreateDIBitmap
ExtTextOutA
GetDIBits
SelectClipRgn
CreateCompatibleDC
EndPage
CreateRectRgn
RemoveFontResourceA
GetTextExtentPoint32W
GetTextExtentPoint32A
AbortDoc
GetTextColor
CreateSolidBrush
ExtCreatePen
SelectObject
GetBkColor
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
TlsGetValue
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
VirtualQuery
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
GetCurrentThreadId
FindFirstFileW
IsValidLocale
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_STRING 7
RT_ACCELERATOR 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
SPANISH PARAGUAY 1
FRENCH LUXEMBOURG 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:23 11:12:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
272896

SubsystemVersion
5.0

EntryPoint
0x7440

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 916a5120e359e57ad5ab8a15b0a6274f
SHA1 e4944c0816015a5833156c1df2e32246c15c4f32
SHA256 6b15aa3f3d6bb1c308974fc87bd38ceb2ee337fd3495ebe6c6e7157a85e914cb
ssdeep
6144:cwrUJhFkYh6y45QK+uBk4Ug6z/LygQKJ8WECKgTF:cwrUj7SQHcko6zWrKSvgp

authentihash c0959e58f996e9550d6f50900836ff7674e0d55971d14d43331c8885cdd87349
imphash 04f003ba65a80a82f3fa93aa6690cd08
File size 304.0 KB ( 311296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-24 15:16:48 UTC (il y a 11 mois, 3 semaines)
Last submission 2016-12-24 15:16:48 UTC (il y a 11 mois, 3 semaines)
Noms du fichier lst.libr
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications