× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: e688090626629f14ce10a5eba1e122ceb6bf4bb60e4a66664e337bb793bbc80e
Nom du fichier : VirusShare_a40e20ff8b991308f508239625f275d8
Ratio de détection : 54 / 64
Date d'analyse : 2017-08-28 04:35:08 UTC (il y a 9 mois, 3 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Gen:Trojan.Heur.PT.bCY@bCizyyg 20170828
AegisLab Troj.W32.Genome.flol!c 20170828
ALYac Trojan.Genome.flol 20170828
Antiy-AVL Trojan/Win32.Genome 20170828
Arcabit Trojan.Heur.PT.E55C5D 20170828
Avast Win32:Malware-gen 20170828
AVG Win32:Malware-gen 20170828
Avira (no cloud) TR/Spy.28962 20170827
AVware Trojan.Win32.Generic!BT 20170828
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9845 20170825
BitDefender Gen:Trojan.Heur.PT.bCY@bCizyyg 20170828
CAT-QuickHeal Trojandownloader.Goosta 20170826
ClamAV Win.Trojan.Agent-30572 20170828
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170828
Cyren W32/Trojan.MMGN-5157 20170828
DrWeb Trojan.Click2.56219 20170828
Emsisoft Gen:Trojan.Heur.PT.bCY@bCizyyg (B) 20170828
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Agent.QJK 20170828
F-Secure Gen:Trojan.Heur.PT.bCY@bCizyyg 20170828
Fortinet W32/Malware_fam.NB 20170828
GData Gen:Trojan.Heur.PT.bCY@bCizyyg 20170828
Ikarus Trojan.Win32.Agent 20170827
Sophos ML heuristic 20170822
Jiangmin Trojan/Genome.cuwg 20170828
K7AntiVirus Riskware ( 0040eff71 ) 20170828
K7GW Riskware ( 0040eff71 ) 20170821
Kaspersky UDS:DangerousObject.Multi.Generic 20170828
Kingsoft Win32.Troj.Genome.fl.(kcloud) 20170828
MAX malware (ai score=82) 20170828
McAfee Generic BackDoor.s 20170826
McAfee-GW-Edition BehavesLike.Win32.Chir.mm 20170828
Microsoft TrojanDownloader:Win32/Goosta.A 20170828
eScan Gen:Trojan.Heur.PT.bCY@bCizyyg 20170828
NANO-Antivirus Trojan.Win32.Agent.bhekbo 20170828
nProtect Trojan/W32.Agent.28962 20170828
Palo Alto Networks (Known Signatures) generic.ml 20170828
Panda Generic Malware 20170827
Qihoo-360 HEUR/Malware.QVM19.Gen 20170828
Rising Trojan.Generic (cloud:wiCeTqThZY) 20170828
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170828
Symantec Downloader 20170828
Tencent Win32.Trojan.Spy.Ljac 20170828
TheHacker Trojan/Agent.qjk 20170825
TrendMicro TROJ_GENOME.BWP 20170828
TrendMicro-HouseCall TROJ_GENOME.BWP 20170828
VIPRE Trojan.Win32.Generic!BT 20170828
ViRobot Trojan.Win32.S.Agent.28962 20170828
Webroot W32.Malware.Gen 20170828
Yandex Trojan.Agent!AHw2qwxXBkc 20170825
Zillya Trojan.Genome.Win32.29202 20170825
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170828
AhnLab-V3 20170828
Alibaba 20170828
CMC 20170827
Comodo 20170828
F-Prot 20170828
Malwarebytes 20170827
SUPERAntiSpyware 20170827
Symantec Mobile Insight 20170828
TotalDefense 20170827
Trustlook 20170828
VBA32 20170825
WhiteArmor 20170817
Zoner 20170828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-17 03:34:24
Entry Point 0x00008000
Number of sections 7
PE sections
Overlays
MD5 5f03159ebb91039348218e84f952ce38
File type ASCII text
Offset 17408
Size 11554
Entropy 0.00
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:03:17 04:34:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
1536

SubsystemVersion
4.0

EntryPoint
0x8000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a40e20ff8b991308f508239625f275d8
SHA1 1aa388289c21df1ce25c61796b539d0f8c0d5043
SHA256 e688090626629f14ce10a5eba1e122ceb6bf4bb60e4a66664e337bb793bbc80e
ssdeep
192:SPX5q8ZlH2kkG/bJde8q4yI7R7Xpx+v7b6GXzfcxGC4n59Iyfs7IvYHlIikaYHK:WBOk//bfhtpxnGXzfWan5BUVlIika

authentihash 453da4f41a092617e314ada4d18f8f7d292cf2a1b807cbe74b02c43b148e2163
imphash 9b821a35d20f9a8955f8d5e54b175675
File size 28.3 KB ( 28962 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-03-30 17:34:29 UTC (il y a 9 ans, 2 mois)
Last submission 2017-07-11 11:47:39 UTC (il y a 11 mois, 2 semaines)
Noms du fichier aa
HEFH.gz
WEBC2-AUSOV_sample_A40E20FF8B991308F508239625F275D8
VirusShare_a40e20ff8b991308f508239625f275d8
GH2dd.gif
WEBC2-AUSOV_sample_A40E20FF8B991308F508239625F275D8-9175532-1376710857-tmp
VirusShare_a40e20ff8b991308f508239625f275d8
t8qJ9CB_.dwg
sE4qf.dwg
j0qU9veZ.wbs
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.