× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 383bac53581569075a6bde7f7f0421cffa8ccfba52902939c8ae5f49363b9f1e
שם קובץ: 383bac53581569075a6bde7f7f0421cffa8ccfba52902939c8ae5f49363b9f1e
יחס זיהוי: 25 / 66
תאריך ניתוח: 2018-09-19 13:46:51 UTC ( 8 חודשים, 1 שבוע לפני ) הצג אחרון
אנטי־וירוס תוצאה עדכן
Ad-Aware Gen:Variant.Graftor.513424 20180917
ALYac Gen:Variant.Graftor.513424 20180919
Arcabit Trojan.Graftor.D7D590 20180919
Avira (no cloud) TR/Crypt.ZPACK.Gen 20180919
BitDefender Gen:Variant.Graftor.513424 20180919
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.3e37d6 20180225
Cylance Unsafe 20180919
DrWeb Trojan.Gozi.322 20180919
Emsisoft Gen:Variant.Graftor.513424 (B) 20180919
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Spy.Ursnif.BP 20180919
F-Secure Gen:Variant.Graftor.513424 20180919
GData Gen:Variant.Graftor.513424 20180919
Ikarus Trojan-Banker.UrSnif 20180919
Sophos ML heuristic 20180717
MAX malware (ai score=80) 20180919
eScan Gen:Variant.Graftor.513424 20180919
NANO-Antivirus Trojan.Win32.Ursnif.fgvopa 20180919
Panda Trj/GdSda.A 20180919
Qihoo-360 HEUR/QVM20.1.F8B1.Malware.Gen 20180919
Rising Spyware.Ursnif!8.1DEF (TFE:dGZlOgJ57WkB0gHNvg) 20180919
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180919
VBA32 Trojan.Gozi 20180919
AegisLab 20180919
AhnLab-V3 20180919
Antiy-AVL 20180919
Avast 20180919
Avast-Mobile 20180919
AVG 20180919
AVware 20180919
Babable 20180918
Baidu 20180914
Bkav 20180919
CAT-QuickHeal 20180918
ClamAV 20180919
CMC 20180919
Comodo 20180919
Cyren 20180919
eGambit 20180919
F-Prot 20180919
Fortinet 20180919
Jiangmin 20180919
K7AntiVirus 20180919
K7GW 20180919
Kaspersky 20180919
Kingsoft 20180919
Malwarebytes 20180919
McAfee 20180919
McAfee-GW-Edition 20180919
Palo Alto Networks (Known Signatures) 20180919
Sophos AV 20180919
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180919
Tencent 20180919
TheHacker 20180918
TrendMicro 20180919
TrendMicro-HouseCall 20180919
Trustlook 20180919
VIPRE 20180919
ViRobot 20180919
Webroot 20180919
Yandex 20180919
Zillya 20180919
ZoneAlarm by Check Point 20180919
Zoner 20180918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-26 10:54:19
Entry Point 0x000013A2
Number of sections 5
PE sections
Overlays
MD5 d7c50b15adc662b417cf20192a4176a9
File type ASCII text
Offset 46080
Size 249856
Entropy 0.00
PE imports
SetEvent
GetLastError
HeapFree
GetModuleHandleA
HeapCreate
WaitForSingleObject
VirtualFree
CreateEventA
HeapDestroy
HeapAlloc
CloseHandle
GetTickCount
VirtualProtect
ExitProcess
GetProcAddress
VirtualAlloc
LoadLibraryA
memset
RtlUnwind
memcpy
NtQueryVirtualMemory
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:26 11:54:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x13a2

InitializedDataSize
2560

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1bf6b6158016c49b7a4063518a31bf46
SHA1 9e6445b3e37d687cce0319dc31253bb4582e3f71
SHA256 383bac53581569075a6bde7f7f0421cffa8ccfba52902939c8ae5f49363b9f1e
ssdeep
768:mW0r19Gc06rIW6CeBN25dAAA3pR+Oi9y2mmFFqeMzG+y:mW0r19Q6MWma5dAAA3pR+OiM2zceMz

authentihash 72423e610a864ae3b972218f0ee574b7ba1ed534e5a366c09c1df733d2d7bc7b
imphash ca51365a4940ce14db29ef80a417bc53
קודל קובץ 289.0 ק"ב ( 295936 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-19 13:46:51 UTC ( 8 חודשים, 1 שבוע לפני )
Last submission 2018-09-19 13:46:51 UTC ( 8 חודשים, 1 שבוע לפני )
אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs