× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: a0d4306f52b31a922cf1944c883effa109151cd0bcde447bb03c007eddb68299
Nom du fichier : 9af29a00841f63f160215bef5d1bdef0
Ratio de détection : 58 / 70
Date d'analyse : 2019-02-14 05:14:39 UTC (il y a 1 semaine)
Antivirus Résultat Mise à jour
Acronis suspicious 20190213
Ad-Aware Trojan.PWS.Stimilina.A 20190214
AhnLab-V3 Malware/Win32.Generic.C2622462 20190214
ALYac Trojan.Agent.CoinStealer 20190214
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20190214
Arcabit Trojan.PWS.Stimilina.A 20190213
Avast Win32:Trojan-gen 20190214
AVG Win32:Trojan-gen 20190214
Avira (no cloud) TR/Crypt.XPACK.Gen 20190214
BitDefender Trojan.PWS.Stimilina.A 20190214
Bkav W32.FakeFolderTAAC.Trojan 20190214
CAT-QuickHeal Trojan.GenericPMF.S3296391 20190213
ClamAV Win.Ransomware.Delf-6651871-0 20190213
Comodo Malware@#363lpr5fvr2tm 20190214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.0841f6 20190109
Cylance Unsafe 20190214
Cyren W32/PWS.WCVJ-7372 20190214
DrWeb Trojan.PWS.Stealer.24403 20190214
Emsisoft Trojan-Spy.Agent (A) 20190214
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/PSW.Delf.OSF 20190214
F-Prot W32/Delf.WS 20190214
F-Secure Trojan.TR/Crypt.XPACK.Gen 20190214
Fortinet W32/Delf.OSF!tr 20190214
GData Trojan.PWS.Stimilina.A 20190214
Ikarus Trojan-PSW.Delf 20190214
Sophos ML heuristic 20181128
Jiangmin Trojan.PSW.Agent.arv 20190214
K7AntiVirus Password-Stealer ( 0052f9a71 ) 20190214
K7GW Password-Stealer ( 0052f9a71 ) 20190214
Kaspersky Trojan-PSW.Win32.Coins.gbc 20190214
Malwarebytes Trojan.AzorUlt 20190214
MAX malware (ai score=100) 20190214
McAfee GenericRXGI-KI!9AF29A00841F 20190214
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20190214
Microsoft PWS:Win32/Stimilina.E!bit 20190214
eScan Trojan.PWS.Stimilina.A 20190214
NANO-Antivirus Trojan.Win32.Stealer.fflqpr 20190213
Palo Alto Networks (Known Signatures) generic.ml 20190214
Panda Trj/Genetic.gen 20190213
Qihoo-360 Win32/Trojan.IM.a22 20190214
Rising Stealer.Delf!8.415 (CLOUD) 20190214
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/PWS-CJJ 20190214
Symantec Trojan.Coinstealer 20190214
TACHYON Trojan/W32.DP-Agent.115200.W 20190214
Tencent Win32.Trojan-qqpass.Qqrob.Hxzu 20190214
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R002C0DIB18 20190214
TrendMicro-HouseCall TrojanSpy.Win32.CLIPBANKER.SMMR 20190214
VBA32 BScope.TrojanRansom.Blocker 20190213
ViRobot Trojan.Win32.S.Agent.115200.DX 20190214
Webroot W32.Trojan.Gen 20190214
Yandex Trojan.PWS.Coins! 20190213
Zillya Trojan.Coins.Win32.570 20190213
ZoneAlarm by Check Point Trojan-PSW.Win32.Coins.gbc 20190214
Zoner Trojan.Win32.74405 20190214
AegisLab 20190214
Alibaba 20180921
Avast-Mobile 20190214
Babable 20180918
Baidu 20190202
CMC 20190214
eGambit 20190214
Kingsoft 20190214
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TheHacker 20190212
TotalDefense 20190214
Trustlook 20190214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001A218
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
FreeSid
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
EnterCriticalSection
GetSystemInfo
FreeLibrary
QueryPerformanceCounter
ExitProcess
GetThreadLocale
GlobalUnlock
GetModuleFileNameA
RtlUnwind
LoadLibraryA
CopyFileW
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GlobalLock
RaiseException
WideCharToMultiByte
GetModuleHandleA
FindNextFileW
WriteFile
GetCurrentProcess
DeleteFileW
FindFirstFileW
GetCurrentThreadId
LocalFree
InitializeCriticalSection
VirtualFree
GetFileAttributesW
Sleep
GetTickCount
GetVersion
GetProcAddress
VirtualAlloc
GetCurrentProcessId
LeaveCriticalSection
CoCreateInstance
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ReleaseDC
GetSystemMetrics
CharToOemBuffA
CharNextA
MessageBoxA
GetKeyboardType
GetDC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
103424

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1a218

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9af29a00841f63f160215bef5d1bdef0
SHA1 1341131e4503e32a65d8278a1ab33d108b474e60
SHA256 a0d4306f52b31a922cf1944c883effa109151cd0bcde447bb03c007eddb68299
ssdeep
3072:YuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SgyWJmCIDlVi65:Yzx7ZApszolIo7lf/igRqDlVi6

authentihash 976d258862d690df3904489a0769a4d95cf7a743249d3f688e71927774132da5
imphash 6d1f2b41411eacafcf447fc002d8cb00
File size 112.5 KB ( 115200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2018-09-11 04:42:24 UTC (il y a 5 mois, 1 semaine)
Last submission 2018-11-07 04:12:50 UTC (il y a 3 mois, 2 semaines)
Noms du fichier p.exe
zbetcheckin_tracker_m.exe
p.exe
p.exe
9af29a00841f63f160215bef5d1bdef0
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections