× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: ea1f481ca5e66f909beaf3de64b1ed61eda98e3f80575b59e8501d5c93626d80
Nom du fichier : Scan_301_30012014_001.exe
Ratio de détection : 8 / 49
Date d'analyse : 2014-01-30 12:56:16 UTC (il y a 4 ans, 11 mois) Voir les derniers
Antivirus Résultat Mise à jour
Commtouch W32/Trojan.RTVI-3821 20140130
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20140130
McAfee Artemis!968779B34F06 20140130
McAfee-GW-Edition Artemis!968779B34F06 20140130
Norman Upatre.BD 20140130
Rising PE:Malware.FakePDF@CV!1.9C28 20140130
Symantec Suspicious.Cloud.5 20140130
TrendMicro-HouseCall TROJ_GEN.F0D1H00AU14 20140130
Ad-Aware 20140130
Yandex 20140130
AhnLab-V3 20140130
AntiVir 20140130
Antiy-AVL 20140130
Avast 20140130
AVG 20140130
Baidu-International 20140130
BitDefender 20140130
Bkav 20140125
ByteHero 20140121
CAT-QuickHeal 20140130
ClamAV 20140130
CMC 20140122
Comodo 20140130
DrWeb 20140130
Emsisoft 20140130
F-Prot 20140130
F-Secure 20140130
Fortinet 20140130
GData 20140130
Ikarus 20140130
Jiangmin 20140130
K7AntiVirus 20140129
K7GW 20140130
Kaspersky 20140130
Kingsoft 20130829
Malwarebytes 20140130
Microsoft 20140130
eScan 20140130
NANO-Antivirus 20140130
nProtect 20140130
Panda 20140130
Qihoo-360 20140122
Sophos AV 20140130
SUPERAntiSpyware 20140130
TheHacker 20140128
TotalDefense 20140130
TrendMicro 20140130
VBA32 20140130
VIPRE 20140130
ViRobot 20140130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-29 05:32:49
Entry Point 0x00001CD4
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetStockObject
HeapCreate
CreateFileW
HeapDestroy
ExitProcess
CreateFileA
HeapAlloc
GetMessageA
CreateWindowExA
SendMessageW
UpdateWindow
DispatchMessageA
EnableWindow
IsZoomed
SendMessageA
GetFocus
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:01:29 06:32:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1cd4

InitializedDataSize
13824

SubsystemVersion
5.1

ImageVersion
2.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 968779b34f063af0492c50dd4b6c8f30
SHA1 1b1c43943b542169a9a2e311e0c5bdcad269711d
SHA256 ea1f481ca5e66f909beaf3de64b1ed61eda98e3f80575b59e8501d5c93626d80
ssdeep
192:uMtTRw9DFjvJ7Eh/f+cbmYb8Wg5UqrUwkunhn2MJGEyog1MM4APTK7Yy:u2T+/jvJ7+gFrJk04OMcYy

authentihash 1f717af7293cb75170802d7398d63a63498707dc5789890ada9b9254b22017a8
imphash b271bce6a1e17ebf9ac5fcd3deb5ff90
File size 17.5 KB ( 17920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-30 10:19:48 UTC (il y a 4 ans, 11 mois)
Last submission 2018-10-09 15:44:37 UTC (il y a 3 mois, 1 semaine)
Noms du fichier 968779b34f063af0492c50dd4b6c8f30.exe
Scan_301_30012014_001.exe
Cas_01302014_exe
Scan_301_30012014_001.exe
968779b34f063af0492c50dd4b6c8f30
Scan_301_30012014_001.EXE
WL-01c24fc4790de3d50d25e7692f5723a2-0
Scan_301_30012014_001_2.exe
1b7b0aa57d94abe4ae34323454a02e1e021f21f6
007649346
Avis.de.Paiement.exe
file-6536392_exe
c-d29d6-1649-1391077201
Scan_301_30012014_001.exe.vir
Cas_01302014.exe
Advanced heuristic and reputation engines
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections