× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 3b62d12a59486adf905bb1418ff38c4b73883ad834adfb7a07cd6038461b4fc3
שם קובץ: unsafediscx_v143.exe
יחס זיהוי: 25 / 67
תאריך ניתוח: 2018-09-09 14:50:59 UTC ( 1 חודש, 1 שבוע לפני )
אנטי־וירוס תוצאה עדכן
AegisLab Trojan.Win32.Generic.4!c 20180909
Avast FileRepMalware 20180909
AVG FileRepMalware 20180909
AVware Trojan.Win32.Generic!BT 20180909
CAT-QuickHeal Trojan.IGENERIC 20180909
ClamAV Win.Trojan.776160-1 20180909
Cylance Unsafe 20180909
Cyren W32/Risk.XMLF-6437 20180909
DrWeb Trojan.Siggen4.41721 20180909
F-Prot W32/MalwareF.NPVQ 20180909
Fortinet W32/Malware_fam.NB 20180909
Sophos ML heuristic 20180717
MAX malware (ai score=99) 20180909
McAfee Generic.dx!bu 20180909
McAfee-GW-Edition BehavesLike.Win32.Opanki.dc 20180909
Microsoft Trojan:Win32/Bitrep.A 20180909
NANO-Antivirus Trojan.Win32.TrjGen.duupws 20180909
Panda Trj/CI.A 20180909
Sophos AV Mal/Generic-S 20180909
Symantec Trojan.ADH 20180908
TrendMicro TROJ_GEN.R061C0PHM18 20180909
TrendMicro-HouseCall TROJ_GEN.R061C0PHM18 20180909
VIPRE Trojan.Win32.Generic!BT 20180909
ViRobot Spyware.Agent.244221 20180909
Webroot W32.Malware.Gen 20180909
Ad-Aware 20180909
AhnLab-V3 20180909
Alibaba 20180713
ALYac 20180909
Antiy-AVL 20180906
Arcabit 20180909
Avast-Mobile 20180909
Avira (no cloud) 20180909
Babable 20180907
Baidu 20180906
BitDefender 20180909
Bkav 20180906
CMC 20180908
Comodo 20180909
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
eGambit 20180909
Emsisoft 20180909
Endgame 20180730
ESET-NOD32 20180909
F-Secure 20180909
GData 20180909
Ikarus 20180909
Jiangmin 20180909
K7AntiVirus 20180909
K7GW 20180909
Kaspersky 20180909
Kingsoft 20180909
Malwarebytes 20180909
eScan 20180909
Palo Alto Networks (Known Signatures) 20180909
Qihoo-360 20180909
Rising 20180909
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180909
Tencent 20180909
TheHacker 20180907
Trustlook 20180909
VBA32 20180907
Yandex 20180908
Zillya 20180908
ZoneAlarm by Check Point 20180909
Zoner 20180908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command NSIS, NSIS
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-10-17 21:19:57
Entry Point 0x00004168
Number of sections 4
PE sections
Overlays
MD5 04f8f96c9040c2a05d9a11cd2f3bb1b6
File type data
Offset 37888
Size 206333
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateFontA
CreateBrushIndirect
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetUserDefaultLangID
ReadFile
LoadLibraryA
CreateFileMappingA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
GetProcAddress
MulDiv
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
CharPrevA
GetMessagePos
EmptyClipboard
GetWindowTextA
EndDialog
BeginPaint
DefWindowProcA
PostQuitMessage
CreatePopupMenu
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MapWindowPoints
MessageBoxA
PeekMessageA
CloseClipboard
DialogBoxParamA
GetSysColor
GetDC
SetWindowLongA
DrawTextA
SystemParametersInfoA
SetWindowTextA
wsprintfA
ShowWindow
SetClipboardData
FindWindowExA
SendMessageA
IsWindowEnabled
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
SetRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
RegisterClassA
OpenClipboard
CharNextA
GetDesktopWindow
CallWindowProcA
EndPaint
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 7
RT_BITMAP 1
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:10:17 22:19:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4168

InitializedDataSize
154112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 433241f9a1741c041f7cc4b76e0ad35d
SHA1 f208dafbaae11b8f3f9f268f1b456ca73a12f8f7
SHA256 3b62d12a59486adf905bb1418ff38c4b73883ad834adfb7a07cd6038461b4fc3
ssdeep
6144:RlNGFS0EQfHA5KFrJoivkllrK+4k5UcxOiqjThJZxN:R/Gk0EQfH3rJoi8llxBJOiYrxN

authentihash 71117cab6ea3a194ce486934f1c3d759baf54487227ef3aa632941e442b26c8e
imphash 7aa5ef58e6bcc81511f7ed6026ff8a22
קודל קובץ 238.5 ק"ב ( 244221 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2006-06-07 18:52:33 UTC ( 12 שנים, 4 חודשים לפני )
Last submission 2018-09-09 14:50:59 UTC ( 1 חודש, 1 שבוע לפני )
שמות קבצים output.1237026.txt
UnSafeDisc.exe
1266352042.unsafediscx_v143.exe
unsafediscx_v143.exe
unsafediscx_v143.exe
1237026
smona_3b62d12a59486adf905bb1418ff38c4b73883ad834adfb7a07cd6038461b4fc3.bin
unsafediscx_v143.exe
unsafediscx_v143.exe
smona131625236038006997824
f208dafbaae11b8f3f9f268f1b456ca73a12f8f7.bin
3b62d12a59486adf905bb1418ff38c4b73883ad834adfb7a07cd6038461b4fc3
file-2979419_exe
unSafeDiscX 1.43.exe
unsafediscx_v143.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EH515.

אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!