× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: e688090626629f14ce10a5eba1e122ceb6bf4bb60e4a66664e337bb793bbc80e
Nom du fichier : WEBC2-AUSOV_sample_A40E20FF8B991308F508239625F275D8
Ratio de détection : 50 / 66
Date d'analyse : 2018-11-10 08:10:42 UTC (il y a 1 semaine, 3 jours)
Antivirus Résultat Mise à jour
Ad-Aware Gen:Trojan.Heur.PT.bCY@bCizyyg 20181110
AegisLab Trojan.Multi.Generic.4!c 20181110
ALYac Trojan.Genome.flol 20181110
Antiy-AVL Trojan/Win32.Genome 20181110
Arcabit Trojan.Heur.PT.E55C5D 20181110
Avast Win32:Malware-gen 20181110
AVG Win32:Malware-gen 20181110
Avira (no cloud) HEUR/AGEN.1019484 20181110
BitDefender Gen:Trojan.Heur.PT.bCY@bCizyyg 20181110
ClamAV Win.Trojan.Agent-30572 20181110
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.f8b991 20180225
Cyren W32/Trojan.MMGN-5157 20181110
DrWeb Trojan.Click2.56219 20181110
Emsisoft Gen:Trojan.Heur.PT.bCY@bCizyyg (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Agent.QJK 20181110
F-Secure Gen:Trojan.Heur.PT.bCY@bCizyyg 20181110
Fortinet W32/Malware_fam.NB 20181110
GData Gen:Trojan.Heur.PT.bCY@bCizyyg 20181110
Ikarus Trojan.Win32.Agent 20181109
Sophos ML heuristic 20181108
Jiangmin Trojan/Genome.cuwg 20181110
K7AntiVirus Riskware ( 0040eff71 ) 20181110
K7GW Riskware ( 0040eff71 ) 20181109
Kaspersky UDS:DangerousObject.Multi.Generic 20181110
Kingsoft Win32.Troj.Genome.fl.(kcloud) 20181110
MAX malware (ai score=100) 20181110
McAfee Generic BackDoor.s 20181110
McAfee-GW-Edition BehavesLike.Win32.Miuref.mm 20181110
Microsoft TrojanDownloader:Win32/Goosta.A 20181110
eScan Gen:Trojan.Heur.PT.bCY@bCizyyg 20181110
NANO-Antivirus Trojan.Win32.Agent.bhekbo 20181110
Palo Alto Networks (Known Signatures) generic.ml 20181110
Panda Generic Malware 20181109
Qihoo-360 HEUR/Malware.QVM19.Gen 20181110
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181110
Symantec Downloader 20181109
Tencent Win32.Trojan.Genome.Ljac 20181110
TheHacker Trojan/Agent.qjk 20181108
TrendMicro TROJ_GENOME.BWP 20181110
TrendMicro-HouseCall TROJ_GENOME.BWP 20181110
VBA32 BScope.Trojan.Click 20181109
VIPRE Trojan.Win32.Generic!BT 20181110
ViRobot Trojan.Win32.S.Agent.28962 20181109
Webroot W32.Malware.Gen 20181110
Yandex Trojan.Agent!AHw2qwxXBkc 20181109
Zillya Trojan.Genome.Win32.29202 20181109
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181110
AhnLab-V3 20181109
Alibaba 20180921
Avast-Mobile 20181110
Babable 20180918
Baidu 20181109
Bkav 20181110
CAT-QuickHeal 20181108
CMC 20181110
Cylance 20181110
F-Prot 20181110
Malwarebytes 20181110
Rising 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
TotalDefense 20181110
Trustlook 20181110
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-17 03:34:24
Entry Point 0x00008000
Number of sections 7
PE sections
Overlays
MD5 5f03159ebb91039348218e84f952ce38
File type ASCII text
Offset 17408
Size 11554
Entropy 0.00
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:03:17 04:34:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
1536

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x8000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a40e20ff8b991308f508239625f275d8
SHA1 1aa388289c21df1ce25c61796b539d0f8c0d5043
SHA256 e688090626629f14ce10a5eba1e122ceb6bf4bb60e4a66664e337bb793bbc80e
ssdeep
192:SPX5q8ZlH2kkG/bJde8q4yI7R7Xpx+v7b6GXzfcxGC4n59Iyfs7IvYHlIikaYHK:WBOk//bfhtpxnGXzfWan5BUVlIika

authentihash 453da4f41a092617e314ada4d18f8f7d292cf2a1b807cbe74b02c43b148e2163
imphash 9b821a35d20f9a8955f8d5e54b175675
File size 28.3 KB ( 28962 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-03-30 17:34:29 UTC (il y a 9 ans, 7 mois)
Last submission 2018-11-10 08:10:42 UTC (il y a 1 semaine, 3 jours)
Noms du fichier aa
HEFH.gz
WEBC2-AUSOV_sample_A40E20FF8B991308F508239625F275D8
VirusShare_a40e20ff8b991308f508239625f275d8
GH2dd.gif
WEBC2-AUSOV_sample_A40E20FF8B991308F508239625F275D8
VirusShare_a40e20ff8b991308f508239625f275d8
j0qU9veZ.wbs
t8qJ9CB_.dwg
sE4qf.dwg
WEBC2-AUSOV_sample_A40E20FF8B991308F508239625F275D8-9175532-1376710857-tmp
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.