× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 8212407c3508959f5da4a22cd0bc02762e16586d2a7b9e2e5a0c0d939306ec2d
שם קובץ: install_spartanu3.exe
יחס זיהוי: 0 / 57
תאריך ניתוח: 2017-02-02 16:26:38 UTC ( 3 חודשים, 2 שבועות לפני ) הצג אחרון
אנטי־וירוס תוצאה עדכן
Ad-Aware 20170202
AegisLab 20170202
AhnLab-V3 20170202
Alibaba 20170122
ALYac 20170202
Antiy-AVL 20170202
Arcabit 20170202
Avast 20170202
AVG 20170202
Avira (no cloud) 20170202
AVware 20170202
Baidu 20170125
BitDefender 20170202
Bkav 20170123
CAT-QuickHeal 20170202
ClamAV 20170202
CMC 20170202
Comodo 20170202
CrowdStrike Falcon (ML) 20170130
Cyren 20170202
DrWeb 20170202
Emsisoft 20170202
ESET-NOD32 20170202
F-Prot 20170202
F-Secure 20170202
Fortinet 20170202
GData 20170202
Ikarus 20170202
Invincea 20170111
Jiangmin 20170202
K7AntiVirus 20170202
K7GW 20170202
Kaspersky 20170202
Kingsoft 20170202
Malwarebytes 20170202
McAfee 20170202
McAfee-GW-Edition 20170201
Microsoft 20170202
eScan 20170202
NANO-Antivirus 20170202
nProtect 20170202
Panda 20170202
Qihoo-360 20170202
Rising 20170202
Sophos 20170202
SUPERAntiSpyware 20170202
Symantec 20170202
Tencent 20170202
TheHacker 20170129
TotalDefense 20170202
TrendMicro 20170202
TrendMicro-HouseCall 20170202
Trustlook 20170202
VBA32 20170202
VIPRE 20170202
ViRobot 20170202
WhiteArmor 20170202
Yandex 20170201
Zillya 20170201
Zoner 20170202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 16.1.1.0
Packers identified
F-PROT UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-10 07:11:20
Entry Point 0x0001BE36
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
Ord(17)
_TrackMouseEvent
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
GetRgnBox
SaveDC
SetTextAlign
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetViewportOrgEx
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
DeleteObject
GetObjectW
BitBlt
SetTextColor
RectVisible
ExtTextOutW
CreateBitmap
Escape
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
GetBkColor
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
GetMapMode
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
SelectObject
GetViewportExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
InterlockedDecrement
GetFullPathNameW
GetCurrentThread
SetLastError
GlobalFindAtomW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
EnumResourceLanguagesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
LoadLibraryExW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
lstrcmpiW
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
CreateFileMappingW
CompareStringW
lstrcpyW
GlobalReAlloc
VerLanguageNameW
CompareStringA
FindFirstFileW
lstrcmpW
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
HeapCreate
FindResourceExW
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
SysStringByteLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
VariantInit
SysFreeString
SysAllocStringByteLen
OleLoadPicture
SHGetSpecialFolderPathW
SHGetFileInfoW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
SetSystemCursor
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
RegisterClassW
GetWindowPlacement
DestroyWindow
EnableMenuItem
DrawFocusRect
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
DrawIcon
GetComboBoxInfo
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
SetForegroundWindow
GetClientRect
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetCapture
ScreenToClient
MessageBeep
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
GetDC
FrameRect
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
RemovePropW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetFileTitleW
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
StgOpenStorageOnILockBytes
CoCreateInstance
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_STRING 27
RT_CURSOR 16
RT_GROUP_CURSOR 15
Struct(255) 7
RT_BITMAP 7
RT_ICON 6
RT_DIALOG 2
BIN 1
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 67
GERMAN 3
FRENCH 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
SPANISH MODERN 3
ITALIAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

CustomBuild
1.0

InitializedDataSize
6516736

ImageVersion
0.0

FileVersionNumber
16.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

PrivateBuild
1.0.0.10

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
16.1.1.0

TimeStamp
2006:04:10 08:11:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
16.1.1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
233472

FileSubtype
0

ProductVersionNumber
16.1.1.0

Warning
Possibly corrupt Version resource

EntryPoint
0x1be36

ObjectFileType
Executable application

File identification
MD5 be93067bf2b8942e3ef8b9267abeaa67
SHA1 8cefc59e3ecc93715c995be2686fb5b032e8a676
SHA256 8212407c3508959f5da4a22cd0bc02762e16586d2a7b9e2e5a0c0d939306ec2d
ssdeep
196608:vxFgsAlt3Ujy0v8tBdlCOVDsF3YA0bN2DakOInIa5M:bg/3Um9WKDAoA0Z851nI0M

authentihash 0099876a097248652c90abebea8aec307db765ce0a7beea0ca752f51233d09cb
imphash 1d49cd30071ffbb7ed4f870a9a26e643
קודל קובץ 6.4 מ"ב ( 6754304 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (34.8%)
Win32 Executable MS Visual C++ (generic) (25.2%)
Win64 Executable (generic) (22.3%)
Windows screen saver (10.6%)
Win32 Executable (generic) (3.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-02 16:26:38 UTC ( 3 חודשים, 2 שבועות לפני )
Last submission 2017-04-15 06:50:20 UTC ( 1 חודש, 1 שבוע לפני )
שמות קבצים 8212407C3508959F5DA4A22CD0BC02762E16586D2A7B9E2E5A0C0D939306EC2D.exe
install_spartanu3.exe
install_spartanu3.exe
Behaviour characterization
Zemana
dll-injection

אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications