× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: aea44a6c63cb0be4d9bef229019307619782f23e8fd1d943a19be36b956670d4
Nom du fichier : 5.exe
Ratio de détection : 50 / 69
Date d'analyse : 2019-01-21 15:35:53 UTC (il y a 1 jour, 5 heures)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.Agent.DNDB 20190121
AegisLab Trojan.Win32.Inject.4!c 20190121
AhnLab-V3 Malware/Gen.Generic.C2920226 20190121
ALYac Trojan.Agent.Injector.Gen 20190121
Antiy-AVL Trojan/Win32.Inject 20190121
Arcabit Trojan.Agent.DNDB 20190121
Avast Win32:Trojan-gen 20190121
AVG Win32:Trojan-gen 20190121
Avira (no cloud) TR/Dropper.Gen 20190121
BitDefender Trojan.Agent.DNDB 20190121
CAT-QuickHeal Trojan.Inject 20190121
Comodo Malware@#24usv2gbli10t 20190121
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.b4bffd 20190109
Cylance Unsafe 20190121
Cyren W32/Trojan.DFUD-8497 20190121
DrWeb Trojan.Inject3.12059 20190121
Emsisoft Trojan.Agent.DNDB (B) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOMU 20190121
F-Secure Trojan.Agent.DNDB 20190121
Fortinet W32/GenKryptik.CWDZ!tr 20190121
GData Trojan.Agent.DNDB 20190121
Ikarus Trojan-Spy.Win32.TrickBot 20190121
Sophos ML heuristic 20181128
Jiangmin Trojan.Inject.aqrm 20190121
K7AntiVirus Trojan ( 005454ef1 ) 20190121
K7GW Trojan ( 005454ef1 ) 20190121
Kaspersky Trojan.Win32.Inject.alctw 20190121
Malwarebytes Trojan.TrickBot 20190121
McAfee RDN/Generic.dx 20190121
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190121
Microsoft Trojan:Win32/MereTam.A 20190121
eScan Trojan.Agent.DNDB 20190121
NANO-Antivirus Trojan.Win32.Inject3.flzgnx 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Panda Trj/CI.A 20190121
Qihoo-360 Win32/Trojan.Multi.daf 20190121
Rising Dropper.Generic!8.35E (TFE:dGZlOgXCSfncepWA/w) 20190121
Sophos AV Mal/Generic-S 20190121
Symantec Trojan.Gen.2 20190121
Tencent Win32.Trojan.Inject.Glm 20190121
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TROJ_FRS.VSN0BA19 20190121
TrendMicro-HouseCall TROJ_FRS.VSN0BA19 20190121
VBA32 BScope.TrojanBanker.Trickster 20190121
ViRobot Trojan.Win32.Trickbot.271687 20190121
Webroot W32.Trojan.Trickbot 20190121
Yandex Trojan.Inject!iNhDn1L+b40 20190120
ZoneAlarm by Check Point Trojan.Win32.Inject.alctw 20190121
Acronis 20190119
Alibaba 20180921
Avast-Mobile 20190121
Babable 20180918
Baidu 20190121
Bkav 20190121
ClamAV 20190121
CMC 20190121
eGambit 20190121
F-Prot 20190121
Kingsoft 20190121
MAX 20190121
SentinelOne (Static ML) 20190118
SUPERAntiSpyware 20190116
TACHYON 20190121
TheHacker 20190118
Trustlook 20190121
Zillya 20190118
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-10 07:27:36
Entry Point 0x000012A0
Number of sections 8
PE sections
Overlays
MD5 6f754e9600e6a9bbca524a7be1734c61
File type data
Offset 256000
Size 15687
Entropy 4.06
PE imports
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLastError
VirtualProtect
DeleteFileA
SetUnhandledExceptionFilter
TlsGetValue
ExitProcess
CreateFileA
GetProcAddress
VirtualQuery
LeaveCriticalSection
_cexit
__p__fmode
__p__environ
fwrite
signal
free
_onexit
atexit
abort
_setmode
vfprintf
__getmainargs
calloc
_iob
memcpy
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:10 08:27:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
87040

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit, No debug

EntryPoint
0x12a0

InitializedDataSize
254976

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
5632

File identification
MD5 03e205b51c568c2b98a83024f993af0e
SHA1 218c50ab4bffd4c0d8cd2fffacdaccd35e728fcc
SHA256 aea44a6c63cb0be4d9bef229019307619782f23e8fd1d943a19be36b956670d4
ssdeep
6144:QsndQKnNVBpww8mZxy7ehQ/O3PcLKe4t2H5ZG+PnMFqa:RdQKPAn2IehQ/K4Krt2HrJnLa

authentihash 8583e1fee9a4093721df5c502dd215b16ebd1570e27a13bdb3091b582303c21d
imphash 44cae5993938d8d16fb7ba6e1157c716
File size 265.3 KB ( 271687 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-10 10:27:22 UTC (il y a 1 semaine, 5 jours)
Last submission 2019-01-10 10:27:22 UTC (il y a 1 semaine, 5 jours)
Noms du fichier 5.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs