× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: fd328053bd22dc9b50fc4a41fea91c00f9bedeb8fabd0cd40163710d32678241
Nom du fichier : 6518.exe
Ratio de détection : 51 / 57
Date d'analyse : 2016-05-26 11:58:09 UTC (il y a 2 ans, 12 mois) Voir les derniers
Antivirus Résultat Mise à jour
Ad-Aware Gen:Variant.Symmi.26142 20160526
AegisLab Backdoor.W32.Androm.agpe!c 20160526
AhnLab-V3 Trojan/Win32.PornoAsset 20160525
ALYac Gen:Variant.Symmi.26142 20160526
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160526
Arcabit Trojan.Symmi.D661E 20160526
Avast Win32:Downloader-UBM [Trj] 20160526
AVG Win32/Cryptor 20160526
Avira (no cloud) BDS/Androm.agpe 20160526
AVware Trojan.Win32.Generic!BT 20160526
Baidu Win32.Trojan.WisdomEyes.151026.9950.9994 20160526
Baidu-International Trojan.Win32.Injector.67 20160526
BitDefender Gen:Variant.Symmi.26142 20160526
Bkav W32.TaskmangLTSL.Trojan 20160526
CAT-QuickHeal Trojan.Lethic.B5 20160526
ClamAV Win.Trojan.Agent-1208032 20160526
Comodo Heur.Suspicious 20160526
Cyren W32/S-688e2cac!Eldorado 20160526
DrWeb BackDoor.IRC.NgrBot.42 20160526
Emsisoft Gen:Variant.Symmi.26142 (B) 20160526
ESET-NOD32 Win32/Dorkbot.B 20160526
F-Prot W32/S-688e2cac!Eldorado 20160526
F-Secure Gen:Variant.Symmi.26142 20160526
Fortinet W32/Injector.AJDD!tr 20160526
GData Gen:Variant.Symmi.26142 20160526
Ikarus Trojan.Win32.Loktrom 20160526
Jiangmin Backdoor/Androm.adc 20160526
K7AntiVirus Trojan ( 001d712b1 ) 20160526
K7GW Trojan ( 001d712b1 ) 20160526
Kaspersky HEUR:Trojan.Win32.Generic 20160526
Malwarebytes Trojan.Injector.RRE 20160526
McAfee W32/IRCBot.gen.a 20160526
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160526
Microsoft Worm:Win32/Dorkbot.I 20160526
eScan Gen:Variant.Symmi.26142 20160526
NANO-Antivirus Trojan.Win32.NgrBot.cqirlw 20160526
nProtect Backdoor/W32.Androm.120832.B 20160526
Panda Trj/CI.A 20160525
Qihoo-360 Win32/Backdoor.97c 20160526
Rising Trjoan.Generic-rfaYso8e3JG (Cloud) 20160526
Sophos AV Mal/EncPk-AKA 20160526
SUPERAntiSpyware Trojan.Agent/Gen-Androm 20160526
Symantec Trojan.Zbot!gen57 20160526
Tencent Win32.Backdoor.Androm.Wtxm 20160526
TrendMicro TROJ_SPNR.11H113 20160526
TrendMicro-HouseCall TROJ_SPNR.11H113 20160526
VBA32 Backdoor.Androm 20160525
VIPRE Trojan.Win32.Generic!BT 20160526
ViRobot Spyware.PornoAsset.120832[h] 20160526
Yandex Worm.Dorkbot!lswzes7996o 20160525
Zillya Worm.Dorkbot.Win32.994 20160526
Alibaba 20160526
CMC 20160523
Kingsoft 20160526
TheHacker 20160526
TotalDefense 20160526
Zoner 20160526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2006 Underground InformatioN Center

Product PE Tools v1.5
Original name PETools.exe
Internal name PE Tools v1.5 RC7
File version 1.5.800.2006 RC7
Description PE Tools - Nice PE Editor !!!
Comments For Win9x/ME/2000/2003/XP/Vista
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-29 01:59:16
Entry Point 0x000019F8
Number of sections 5
PE sections
PE imports
LogonUserA
ClusterRegQueryValue
OfflineClusterResource
EvictClusterNodeEx
GetClusterResourceNetworkName
GetClusterQuorumResource
RemoveClusterResourceNode
GetClusterNetInterfaceKey
ClusterRegCreateKey
ClusterNodeCloseEnum
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetConsoleMode
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
SetHandleCount
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
WideCharToMultiByte
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_FONT 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
SPANISH PUERTO RICO 1
PE resources
ExifTool file metadata
Author
NEOx <neox@pisem.net>

CodeSize
22016

SubsystemVersion
5.0

Comments
For Win9x/ME/2000/2003/XP/Vista

InitializedDataSize
97792

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.800.2005

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PE Tools - Nice PE Editor !!!

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

Credits
NiFi, Dr.Golova, SOLDIER, Corbio, Rook, SUnteXx, V.Vilman, JFX, dum0h, .Cryorb, Volodya, spEctoRius, cyberbob, FEUERRADER, .::D.e.M.o.N.i.X::., dyn!o, Bad_guy, Aster!x, lepton, Hellsp@wN, Jupiter, GPcH, Ms-Rem, BiT-H@ck, SLV, sanniassin, Smokii, DrDead..

SpecialBuild
Visit http://www.uinc.ru/ or http://neox.pisem.net/ for updates.

PrivateBuild
Public version

EntryPoint
0x19f8

OriginalFileName
PETools.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999-2006 Underground InformatioN Center

FileVersion
1.5.800.2006 RC7

TimeStamp
2013:07:29 03:59:16+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
PE Tools v1.5 RC7

ProductVersion
1.5.800.2006 RC7

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Underground InformatioN Center

LegalTrademarks
PE Tools v1.5 RC7

ProductName
PE Tools v1.5

ProductVersionNumber
1.5.800.2005

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dd7e6e237d5cd3bd228a2fde33a0ae5e
SHA1 a8d735a02d49093986527e9c06e53e0dee8276f4
SHA256 fd328053bd22dc9b50fc4a41fea91c00f9bedeb8fabd0cd40163710d32678241
ssdeep
1536:RY2TPAEIptlSeblF3icxzJomvPqphMt+q5Rf0bOZ8sbIiBBmV8QU5NBtOjO:FLSSeblF3rzJHvi/09as388QU5vtO

authentihash ccb33de175639642fa42f291531d182f2acb502cfa5adb3adab1e592210d7ca1
imphash a9dd2eb9d6b217b437c3f2b1faf43796
File size 118.0 KB ( 120832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-07-29 03:46:04 UTC (il y a 5 ans, 10 mois)
Last submission 2013-08-03 00:01:15 UTC (il y a 5 ans, 9 mois)
Noms du fichier 6518.exe
PETools.exe
PE Tools v1.5 RC7
2193.exe
plluuWUVvYlAtbP.exe
a8d735a02d49093986527e9c06e53e0dee8276f4
file-5780917_malware
a67b.exe
6518.exe
Behaviour characterization
Zemana
dll-injection

Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications