× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: f5f30a0187d94e3a4e61d614c2a36d21e79e9aadb9dd3082adc4e69962d35bca
Nom du fichier : f.exe
Ratio de détection : 52 / 71
Date d'analyse : 2019-03-03 23:57:58 UTC (il y a 1 mois, 2 semaines)
Antivirus Résultat Mise à jour
Acronis suspicious 20190222
Ad-Aware Generic.Malware.dld!!.CF434E67 20190304
AhnLab-V3 Trojan/Win32.Generic.C2419435 20190303
ALYac Generic.Malware.dld!!.CF434E67 20190303
Antiy-AVL Trojan/Win32.AGeneric 20190303
Arcabit Generic.Malware.dld!!.CF434E67 20190303
Avast Win32:Malware-gen 20190303
AVG Win32:Malware-gen 20190303
Avira (no cloud) HEUR/AGEN.1033309 20190303
BitDefender Generic.Malware.dld!!.CF434E67 20190304
CAT-QuickHeal Trojan.IGENERIC 20190303
Comodo TrojWare.Win32.TrojanDownloader.Tiny.~DN@1kngc6 20190303
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.0d1b31 20190109
Cylance Unsafe 20190304
Cyren W32/Downloader-Sml!Eldorado 20190304
Emsisoft Generic.Malware.dld!!.CF434E67 (B) 20190304
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/TrojanDownloader.Small.AXW 20190303
F-Prot W32/Downloader-Sml!Eldorado 20190304
F-Secure Heuristic.HEUR/AGEN.1033309 20190303
Fortinet W32/Generic.AC.40C0CF 20190303
GData Generic.Malware.dld!!.CF434E67 20190304
Ikarus Trojan-Downloader.Win32.Small 20190303
Jiangmin Trojan.Generic.cavun 20190303
K7AntiVirus Trojan-Downloader ( 005271571 ) 20190303
K7GW Trojan-Downloader ( 005271571 ) 20190303
Kaspersky HEUR:Trojan.Win32.Generic 20190304
Malwarebytes Trojan.Downloader 20190303
MAX malware (ai score=100) 20190304
McAfee Generic.drp 20190304
McAfee-GW-Edition BehavesLike.Win32.Generic.zt 20190303
Microsoft Trojan:Win32/Tiggre!rfn 20190303
eScan Generic.Malware.dld!!.CF434E67 20190303
NANO-Antivirus Trojan.Win32.Small.ezeool 20190303
Palo Alto Networks (Known Signatures) generic.ml 20190304
Panda Trj/GdSda.A 20190303
Qihoo-360 HEUR/QVM07.1.79F5.Malware.Gen 20190304
Rising Trojan.Downloader!1.9CC0 (CLOUD) 20190303
SentinelOne (Static ML) static engine - malicious 20190203
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20190227
Symantec Infostealer.Limitail 20190303
Tencent Win32.Trojan.Generic.Wtxm 20190304
Trapmine suspicious.low.ml.score 20190301
TrendMicro Mal_DLDER 20190303
VBA32 suspected of Trojan.Downloader.gen.h 20190301
VIPRE Trojan-Downloader.Win32.Small!cobra (v) 20190303
ViRobot Trojan.Win32.Downloader.5632.MA 20190303
Webroot W32.Malware.Gen 20190304
Yandex Trojan.Agent!sOw96Qan/Oc 20190301
Zillya Downloader.Small.Win32.108412 20190302
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190304
AegisLab 20190303
Alibaba 20180921
Avast-Mobile 20190303
Babable 20180918
Baidu 20190215
Bkav 20190301
ClamAV 20190303
CMC 20190303
DrWeb 20190303
eGambit 20190304
Sophos ML 20181128
Kingsoft 20190304
Sophos AV 20190304
Symantec Mobile Insight 20190220
TACHYON 20190303
TheHacker 20190225
TotalDefense 20190303
TrendMicro-HouseCall 20190303
Trustlook 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-13 12:51:10
Entry Point 0x00001428
Number of sections 5
PE sections
PE imports
GetLastError
GetModuleHandleA
GetTempPathA
CreateProcessA
ExpandEnvironmentStringsW
CreateFileW
GetStartupInfoA
Sleep
CloseHandle
_except_handler3
__p__fmode
memset
_acmdln
_exit
_adjust_fdiv
__setusermatherr
strchr
strcmp
_snwprintf
_controlfp
exit
sprintf
__getmainargs
_initterm
__set_app_type
rand
__p__commode
_XcptFilter
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
URLDownloadToFileA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:13 13:51:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1536

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1428

InitializedDataSize
3072

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 db9ee710d1b3140e296b90c8bb02963c
SHA1 0c647ccd55fc01ef0103386abccb89ab61a68176
SHA256 f5f30a0187d94e3a4e61d614c2a36d21e79e9aadb9dd3082adc4e69962d35bca
ssdeep
96:IkihXcceVruid6E9QKgBeNJkkkk0swtPtboynfFI3CtDR:IjNM6tKgILkkkk0saP1oynf+m

authentihash 8f9d52bf9947b0a70ea1342e7f8e57a8672083c5ca3289401d5a7bb0387ab842
imphash 822d796b7d4d611b273989512298ba2a
File size 5.5 KB ( 5632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-13 15:25:15 UTC (il y a 1 an)
Last submission 2018-05-15 04:11:10 UTC (il y a 11 mois, 1 semaine)
Noms du fichier f.exe
2ae1d1ba13d45c994c2a28ec5ac5917d6ab02811
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications