× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 6ec8dc9923caf45ca744ecba579a2c8cbb9d79aa4f14e0d993809a248c9f84ec
Nom du fichier : DIALER.EXE
Ratio de détection : 36 / 68
Date d'analyse : 2018-10-01 05:49:43 UTC (il y a 3 mois, 3 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.GenericKD.40529801 20181001
ALYac Trojan.GenericKD.40529801 20181001
Antiy-AVL RiskWare[Downloader]/Win32.Snojan 20181001
Arcabit Trojan.Generic.D26A6F89 20181001
Avast Win32:Malware-gen 20181001
AVG Win32:Malware-gen 20181001
Avira (no cloud) TR/Spy.Agent.drydk 20180930
BitDefender Trojan.GenericKD.40529801 20181001
Cylance Unsafe 20181001
Cyren W32/Trojan.GKOM-8167 20181001
Emsisoft Trojan.GenericKD.40529801 (B) 20181001
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 MSIL/Spy.Agent.AES 20181001
F-Secure Trojan.GenericKD.40529801 20181001
Fortinet W32/Downeks.CED!tr 20181001
GData Trojan.GenericKD.40529801 20181001
Ikarus Trojan.MSIL.Spy 20180930
Sophos ML heuristic 20180717
K7AntiVirus Spyware ( 004bf53c1 ) 20181001
K7GW Spyware ( 004bf53c1 ) 20181001
Kaspersky Trojan-Spy.MSIL.Downeks.ced 20181001
Malwarebytes Backdoor.Quasar 20181001
MAX malware (ai score=99) 20181001
McAfee Artemis!F259548C0611 20181001
McAfee-GW-Edition Artemis!Trojan 20181001
Microsoft Backdoor:Win32/Xiclog.A 20181001
eScan Trojan.GenericKD.40529801 20181001
NANO-Antivirus Trojan.Win32.Downeks.filzvt 20181001
Panda Trj/CI.A 20180930
Qihoo-360 Win32/Trojan.Spy.2c2 20181001
Rising Backdoor.Xiclog!8.E79B (CLOUD) 20181001
Sophos AV Mal/Generic-S 20181001
Symantec ML.Attribute.HighConfidence 20180930
Tencent Msil.Trojan-spy.Downeks.Eawn 20181001
TrendMicro TROJ_GEN.R002C0DIR18 20181001
TrendMicro-HouseCall TROJ_GEN.R002C0DIR18 20181001
AegisLab 20181001
AhnLab-V3 20181001
Alibaba 20180921
Avast-Mobile 20180928
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20180928
CAT-QuickHeal 20180930
ClamAV 20181001
CMC 20181001
Comodo 20181001
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
DrWeb 20181001
eGambit 20181001
F-Prot 20181001
Jiangmin 20181001
Kingsoft 20181001
Palo Alto Networks (Known Signatures) 20181001
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20181001
TheHacker 20181001
Trustlook 20181001
VBA32 20180928
VIPRE 20181001
ViRobot 20181001
Webroot 20181001
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DIALER.EXE
Internal name DIALER.EXE
File version 10.0.17134.1 (WinBuild.160101.0800)
Description Microsoft Windows Phone Dialer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-20 23:15:36
Entry Point 0x0000287A
Number of sections 6
PE sections
Overlays
MD5 d43b7aba04b188abe038cfb3365749ab
File type data
Offset 25088
Size 5290580
Entropy 7.53
PE imports
GetLastError
HeapFree
GetModuleFileNameW
SetEvent
HeapAlloc
GetCurrentProcess
OpenFileMappingW
OpenProcess
GetCommandLineW
ExitProcess
MapViewOfFile
GetCommandLineA
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetFileSizeEx
SetEnvironmentVariableW
GetModuleHandleA
CloseHandle
DuplicateHandle
GetModuleHandleW
IsWow64Process
LoadLibraryW
UnmapViewOfFile
CreateFileW
VirtualFree
GetTickCount
VirtualAlloc
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
NEUTRAL 1
PE resources
ExifTool file metadata
PackagerVersion
18.4.1080

VmVersion
18.4.1281.0

SubsystemVersion
5.1

InitializedDataSize
12288

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
10.0.17134.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

Packager
Turbo Studio 18

OriginalFileName
DIALER.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.0.17134.1 (WinBuild.160101.0800)

TimeStamp
2018:09:21 00:15:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DIALER.EXE

ProductVersion
10.0.17134.1

FileDescription
Microsoft Windows Phone Dialer

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

FileSubtype
0

ProductVersionNumber
10.0.17134.1

EntryPoint
0x287a

ObjectFileType
Executable application

Execution parents
File identification
MD5 f259548c0611b69bdfe41ac36d493384
SHA1 6d37b4bc0ad8307058a3de0cb136ada3b17fcd23
SHA256 6ec8dc9923caf45ca744ecba579a2c8cbb9d79aa4f14e0d993809a248c9f84ec
ssdeep
98304:7piA1FgOmK6wcGgTl96cImOkve5TQYayLhDE2Fm+HIJekyzyNjk:N790w1ATIKeT7lIOm+HrLz7

authentihash 7da945a338f5d9fd1e90a8509010a6e2bb992d95367808d38b0a31b6a242f9a0
imphash 2a23b322f4a5d4d7ef2a2b48495acd72
File size 5.1 MB ( 5315668 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (49.2%)
Windows ActiveX control (28.4%)
Win32 Executable MS Visual C++ (generic) (7.6%)
Win64 Executable (generic) (6.7%)
Windows screen saver (3.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-27 04:26:21 UTC (il y a 3 mois, 3 semaines)
Last submission 2018-09-27 04:26:21 UTC (il y a 3 mois, 3 semaines)
Noms du fichier DIALER.EXE
ifsutilityydll.exe
output.114150584.txt
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.