× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 91748e7861b9d0b28ea9362d0ab1cb92b857ad9b9bd0a0d88e889bbeea6d950f
Nom du fichier : ~tmf6182678479879110755.tmp
Ratio de détection : 5 / 44
Date d'analyse : 2013-08-18 10:13:37 UTC (il y a 5 ans, 2 mois) Voir les derniers
Antivirus Résultat Mise à jour
ESET-NOD32 a variant of Win32/Injector.ALDZ 20130818
Fortinet W32/Injector.AKBS!tr 20130818
Malwarebytes Backdoor.Bot 20130817
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20130817
eScan Gen:Variant.Symmi.28423 20130818
Yandex 20130817
AhnLab-V3 20130817
AntiVir 20130818
Antiy-AVL 20130818
Avast 20130818
AVG 20130818
BitDefender 20130818
ByteHero 20130817
CAT-QuickHeal 20130817
ClamAV 20130818
Commtouch 20130818
Comodo 20130818
DrWeb 20130818
Emsisoft 20130818
F-Prot 20130818
F-Secure 20130818
GData 20130818
Ikarus 20130818
Jiangmin 20130818
K7AntiVirus 20130817
K7GW 20130816
Kaspersky 20130818
Kingsoft 20130723
McAfee 20130818
Microsoft 20130818
NANO-Antivirus 20130818
Norman 20130818
nProtect 20130816
Panda 20130818
PCTools 20130818
Rising 20130816
Sophos AV 20130818
SUPERAntiSpyware 20130818
Symantec 20130818
TheHacker 20130818
TotalDefense 20130816
TrendMicro 20130818
TrendMicro-HouseCall 20130818
VBA32 20130816
VIPRE 20130818
ViRobot 20130817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product @Lui l@
Original name CC.exe
Internal name CC
File version 33.00.0167
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-17 16:54:01
Entry Point 0x0000141C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaFpUI1
EVENT_SINK_Release
__vbaRedim
__vbaVarDup
Ord(695)
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
__vbaR8ErrVar
Ord(594)
__vbaR4Var
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaFreeObjList
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
_CIsin
Ord(618)
__vbaExitProc
Ord(100)
__vbaAryLock
__vbaFreeVar
Ord(556)
__vbaFreeStr
EVENT_SINK_AddRef
__vbaObjSetAddref
_adj_fdiv_r
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
__vbaVarMul
_allmul
__vbaStrVarVal
_CIcos
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(593)
__vbaObjSet
__vbaVarMove
__vbaUI1Var
_CIatan
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVar2Vec
__vbaFreeStrList
Ord(557)
_adj_fdiv_m16i
Number of PE resources by type
RT_BITMAP 3
RT_ICON 2
H 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 5
BELARUSIAN DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
28672

UninitializedDataSize
0

InitializedDataSize
102400

ImageVersion
33.0

ProductName
@Lui l@

FileVersionNumber
33.0.0.167

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
CC.exe

MIMEType
application/octet-stream

FileVersion
33.00.0167

TimeStamp
2013:08:17 17:54:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CC

ProductVersion
33.00.0167

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitcoin project

LegalTrademarks
ssaaaaaaaaaa

FileSubtype
0

ProductVersionNumber
33.0.0.167

EntryPoint
0x141c

ObjectFileType
Executable application

File identification
MD5 5d6d892cdc7d580839d0947fa983775c
SHA1 b9f16ec65d081fa951d136082b15e5cabe099bc5
SHA256 91748e7861b9d0b28ea9362d0ab1cb92b857ad9b9bd0a0d88e889bbeea6d950f
ssdeep
1536:iVSZ6C3T4HTF6amC9adGemeykWG/dadqMtQlKcpfzhTdmAriuUJA:i+Jm6al9QGeSGFaVtQlHpfzPjUJA

authentihash 54a897962226dd1b96c564f67283a107476bf54f550ad46968b1daac96a78e99
imphash 245432e1c097b48e8d7dab34da45c718
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-18 10:13:37 UTC (il y a 5 ans, 2 mois)
Last submission 2017-12-06 18:23:14 UTC (il y a 10 mois, 2 semaines)
Noms du fichier CC
malekal_5d6d892cdc7d580839d0947fa983775c
~tmf6182678479879110755.tmp
~tmf6182678479879110755.exe
CC.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.