× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: aec5edea7f7b0a038f32ecb7d6be0cc2cf68115445159fa5109a4fa45c5721e2
Ratio de détection : 16 / 64
Date d'analyse : 2017-08-30 18:13:43 UTC (il y a 1 an, 8 mois) Voir les derniers
Antivirus Résultat Mise à jour
AegisLab Filerepmalware.Gen!c 20170830
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20170830
Avast FileRepMalware 20170830
AVG FileRepMalware 20170830
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170830
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20170804
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FHBI!tr 20170830
Kaspersky UDS:DangerousObject.Multi.Generic 20170830
McAfee Artemis!A1E55977297B 20170830
McAfee-GW-Edition Artemis 20170830
Palo Alto Networks (Known Signatures) generic.ml 20170830
Rising Malware.Heuristic!ET#91% (rdm+) 20170830
SentinelOne (Static ML) static engine - malicious 20170806
Symantec Trojan.Smoaler 20170830
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170830
Ad-Aware 20170830
Alibaba 20170830
ALYac 20170830
Antiy-AVL 20170830
Arcabit 20170830
Avira (no cloud) 20170830
AVware 20170830
BitDefender 20170830
Bkav 20170830
CAT-QuickHeal 20170830
ClamAV 20170830
CMC 20170828
Comodo 20170830
Cylance 20170830
Cyren 20170830
DrWeb 20170830
Emsisoft 20170830
ESET-NOD32 20170830
F-Prot 20170830
F-Secure 20170830
GData 20170830
Ikarus 20170830
Sophos ML 20170822
Jiangmin 20170830
K7AntiVirus 20170830
K7GW 20170828
Kingsoft 20170830
Malwarebytes 20170830
MAX 20170830
Microsoft 20170830
eScan 20170830
NANO-Antivirus 20170830
nProtect 20170830
Panda 20170830
Qihoo-360 20170830
Sophos AV 20170830
SUPERAntiSpyware 20170830
Symantec Mobile Insight 20170830
Tencent 20170830
TheHacker 20170828
TrendMicro 20170830
TrendMicro-HouseCall 20170830
Trustlook 20170830
VBA32 20170830
VIPRE 20170830
ViRobot 20170830
Webroot 20170830
WhiteArmor 20170829
Yandex 20170829
Zillya 20170829
Zoner 20170830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c). All rights reserved. SpaceX

Product Refferal
Original name Refferal.exe
Internal name Refferal
File version 2.5.42.2
Description Laptps Icann
Comments Laptps Icann
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-30 14:36:15
Entry Point 0x00008792
Number of sections 4
PE sections
PE imports
ImpersonateLoggedOnUser
CreateToolbarEx
GetSaveFileNameA
SetWindowExtEx
GetPixel
GetTextMetricsA
CreateICA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetShortPathNameW
LoadResource
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
lstrlenW
GetStdHandle
GetACP
DeleteCriticalSection
GetCurrentProcess
LocalFree
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
FreeEnvironmentStringsW
LockResource
GetWindowsDirectoryA
lstrcpynW
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
GetCPInfo
GetCommandLineA
GetProcAddress
GetStartupInfoW
SetStdHandle
SetConsoleTitleW
RaiseException
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
lstrcmpW
HeapReAlloc
GetStringTypeW
GetModuleHandleW
QueryDosDeviceA
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
GetLogicalDriveStringsW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
FindResourceA
ExitProcess
WriteConsoleW
InterlockedIncrement
Ord(75)
SysFreeString
SysAllocString
RpcEpResolveBinding
RpcEpUnregister
SetupDiGetClassDevsA
SHGetFolderPathW
SHQueryRecycleBinA
SHEmptyRecycleBinA
StrChrW
SetFocus
ReleaseDC
OemKeyScan
CreatePopupMenu
CheckMenuItem
GetMenu
EndPaint
EndDialog
BeginPaint
GetClipboardData
SendMessageA
GetDialogBaseUnits
GetDlgItem
SetWindowLongA
MessageBoxW
GetDC
InsertMenuItemA
DrawThemeText
IsThemeBackgroundPartiallyTransparent
DrawThemeIcon
DrawThemeParentBackground
DrawThemeBackground
WSASocketA
WSASendTo
closesocket
WSAHtons
inet_addr
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
WriteClassStg
CoInitializeSecurity
CreateBindCtx
StgCreateDocfile
MkParseDisplayName
CoSetProxyBlanket
PdhBrowseCountersA
Number of PE resources by type
RT_ICON 7
RT_RCDATA 6
MDATA 3
RT_MENU 3
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 23
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
(c). All rights reserved. SpaceX

SubsystemVersion
5.1

Comments
Laptps Icann

Languages
English

InitializedDataSize
151552

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.5.42.2

LanguageCode
Danish

FileFlagsMask
0x003f

FileDescription
Laptps Icann

CharacterSet
Unicode

LinkerVersion
10.0

PrivateBuild
2.5.42.2

EntryPoint
0x8792

OriginalFileName
Refferal.exe

MIMEType
application/octet-stream

LegalCopyright
(c). All rights reserved. SpaceX

FileVersion
2.5.42.2

TimeStamp
2017:08:30 15:36:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Refferal

ProductVersion
2.5.42.2

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SpaceX

CodeSize
89088

ProductName
Refferal

ProductVersionNumber
2.5.42.2

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
2.5.42.2

Compressed bundles
File identification
MD5 a1e55977297b267c510db4228bcc6daf
SHA1 0b772e44e9511e67906341bc4d96f436874dbb82
SHA256 aec5edea7f7b0a038f32ecb7d6be0cc2cf68115445159fa5109a4fa45c5721e2
ssdeep
3072:S28j3Iul6jyGrYN6jC/HtCDzhWi/M+Nx6UtbCfREhjRn/:6IusBE6jC/uFW27yUtbAREr

authentihash b16acf9e6350f9ad4ea291270a047f0087c5fd76ffbfd1a635af6b3b217c47f8
imphash f60e28978fa34a563b44b6c14469acb8
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-30 15:16:29 UTC (il y a 1 an, 8 mois)
Last submission 2017-09-02 14:28:57 UTC (il y a 1 an, 8 mois)
Noms du fichier aec5edea7f7b0a038f32ecb7d6be0cc2cf68115445159fa5109a4fa45c5721e2.bin
Refferal
1166c48a921f74d6bf811e9f5c041d49f225ee50
a1e55977297b267c510db4228bcc6daf.exe
r37.exe
Refferal.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
UDP communications