× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: c3c7ac559fbe09f2d51f10ba374c0a7b3265a85fce45b63e4ca6ca9124611ca0
Nom du fichier : 5a5c00ae.exe
Ratio de détection : 40 / 50
Date d'analyse : 2014-01-29 13:57:20 UTC (il y a 4 ans, 8 mois) Voir les derniers
Antivirus Résultat Mise à jour
Ad-Aware Trojan.Generic.8596489 20140129
AhnLab-V3 Spyware/Win32.Zbot 20140129
AntiVir Worm/Dorkbot.A.2913 20140129
Antiy-AVL Backdoor/Win32.Ruskill.gen 20140129
Avast AutoIt:MalOb-BB [Trj] 20140129
AVG Generic7_c.IQW 20140129
Baidu-International Backdoor.Win32.Ruskill.AH 20140129
BitDefender Trojan.Generic.8596489 20140129
CMC Trojan.Win32.Generic!O 20140122
Commtouch W32/Trojan.HPIF-7964 20140129
Comodo TrojWare.Win32.Trojan.Agent.Gen 20140129
DrWeb BackDoor.IRC.NgrBot.42 20140129
Emsisoft Trojan.Generic.8596489 (B) 20140129
ESET-NOD32 a variant of Win32/Injector.Autoit.EA 20140129
F-Secure Trojan.Generic.8596489 20140129
Fortinet W32/Autoit.DV!tr 20140129
GData Trojan.Generic.8596489 20140129
Ikarus Backdoor.Win32.Ruskill 20140129
Jiangmin Trojan/Generic.auocz 20140129
K7AntiVirus Riskware ( 0040f0fb1 ) 20140128
K7GW Riskware ( 0040f0fb1 ) 20140128
Kaspersky Backdoor.Win32.Ruskill.prd 20140129
Kingsoft Win32.Hack.Ruskill.p.(kcloud) 20130829
McAfee GenericTRA-BZ!6D5B7F92F3DF 20140129
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140129
Microsoft Worm:Win32/Dorkbot.A 20140129
eScan Trojan.Generic.8596489 20140129
NANO-Antivirus Trojan.Win32.Ruskill.beqiks 20140129
Norman Injector.FKSE 20140129
nProtect Trojan/W32.Agent.365321 20140129
Panda Trj/Autoit.gen 20140129
Qihoo-360 Win32/Backdoor.4df 20140127
Sophos AV Mal/SpyEye-AD 20140129
SUPERAntiSpyware Worm.Dorkbot 20140129
TotalDefense Win32/Dorkbot.YLUHDcB 20140129
TrendMicro TROJ_SPNR.02B713 20140129
TrendMicro-HouseCall TROJ_SPNR.02B713 20140129
VBA32 Backdoor.Ruskill 20140129
VIPRE Trojan.Win32.Generic.pak!cobra 20140129
ViRobot Backdoor.Win32.A.Ruskill.365321 20140129
Yandex 20140128
Bkav 20140125
ByteHero 20140127
CAT-QuickHeal 20140129
ClamAV 20140129
F-Prot 20140129
Malwarebytes 20140129
Rising 20140129
Symantec 20140129
TheHacker 20140128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Securitas

File version 4.5.23.0
Description Secures the Internet Traffic
Comments Windows NT Security Corp.
Packers identified
F-PROT AutoIt, UPX_LZMA, UTF-8
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000CAE90
Number of sections 3
PE sections
Overlays
MD5 f3b40484f0814a6a842566b1a5ad57bf
File type data
Offset 355328
Size 9993
Entropy 7.98
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_STRING 7
RT_ICON 5
RT_GROUP_ICON 4
RT_RCDATA 2
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 19
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Windows NT Security Corp.

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
4.5.23.0

UninitializedDataSize
483328

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0xcae90

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.5.23.0

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Secures the Internet Traffic

OSVersion
5.0

FileOS
Win32

LegalCopyright
Securitas

MachineType
Intel 386 or later, and compatibles

CodeSize
348160

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 6d5b7f92f3df25bdd3551a1a7518bc98
SHA1 643a15eb8c59e300ea41a6ac651b80deedeb1c6d
SHA256 c3c7ac559fbe09f2d51f10ba374c0a7b3265a85fce45b63e4ca6ca9124611ca0
ssdeep
6144:1DzyaqNqoJCyrsWNQb2L0tnZrfopr+nV2r10xpZ5X/7btoYuEUv8yV8HCAeXUxoR:eCIswQKL0lZznV2r10xTh7vKv8yKHCZ5

authentihash feff1058f42931efade432dcd1c9a9db9d627119290d8f167feef1d0ec037787
imphash 890e522b31701e079a367b89393329e6
File size 356.8 KB ( 365321 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe usb-autorun upx overlay

VirusTotal metadata
First submission 2013-01-13 04:23:04 UTC (il y a 5 ans, 9 mois)
Last submission 2014-01-29 13:57:20 UTC (il y a 4 ans, 8 mois)
Noms du fichier 6d5b7f92f3df25bdd3551a1a751
5a5c00ae.exe
6d5b7f92f3df25bdd3551a1a7518bc98
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.