× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: 845fa5d04b3d1108d3daa657b5144bf3e865260c51849069f609fa2beb0d4f42
Ime datoteke: B2599.exe
Omjer otkrivanja: 49 / 53
Datum analize: 2014-05-16 10:40:02 UTC (prije 3 godine, 1 mjesec)
Antivirus Rezultat Ažuriranje
Ad-Aware Trojan.Generic.KD.914347 20140516
Yandex Trojan.Injector!XWZZ9oRWCPQ 20140515
AhnLab-V3 Trojan/Win32.HmBlocker 20140515
AntiVir TR/Dropper.Gen 20140516
Antiy-AVL Worm[Net]/Win32.Kolab 20140516
Avast Win32:Malware-gen 20140516
AVG Dropper.Generic7.COFM 20140516
Baidu-International Trojan.Win32.Agent.42 20140516
BitDefender Trojan.Generic.KD.914347 20140516
Bkav W32.FaimageLTW.Trojan 20140515
CAT-QuickHeal Trojan.Ircbrute.SU5 20140516
ClamAV Win.Trojan.Agent-687108 20140516
Commtouch W32/Trojan.WLUI-7811 20140516
Comodo TrojWare.Win32.Injector.BGJ 20140516
DrWeb BackDoor.Gurl.2 20140516
Emsisoft Trojan.Generic.KD.914347 (B) 20140516
ESET-NOD32 Win32/Injector.AEJX 20140516
F-Prot W32/Trojan2.NWBR 20140516
F-Secure Trojan.Generic.KD.914347 20140516
Fortinet W32/Injector.AEJX!tr 20140516
GData Trojan.Generic.KD.914347 20140516
Ikarus Trojan.Win32.Ircbrute 20140516
Jiangmin Backdoor/Azbreg.bqi 20140516
K7AntiVirus Trojan ( 0040f5791 ) 20140516
K7GW Trojan ( 0040f5791 ) 20140515
Kaspersky HEUR:Trojan.Win32.Generic 20140516
Kingsoft Win32.Troj.Undef.(kcloud) 20140516
Malwarebytes Worm.Autorun 20140516
McAfee Dropper-FED!E0381EAF6CED 20140516
McAfee-GW-Edition Dropper-FED!E0381EAF6CED 20140516
Microsoft Trojan:Win32/Lethic.B 20140516
eScan Trojan.Generic.KD.914347 20140516
NANO-Antivirus Trojan.Win32.Gurl.brorzr 20140516
Norman Ircbrute.GX 20140516
nProtect Trojan.Generic.KD.914347 20140516
Panda Trj/OCJ.E 20140516
Qihoo-360 Win32/Trojan.29e 20140516
Sophos Troj/Agent-AAXV 20140516
SUPERAntiSpyware Trojan.Agent/Gen-IRCBot 20140516
Symantec Packed.Generic.326 20140516
Tencent Win32.Trojan.Generic.Agkm 20140516
TheHacker Trojan/Injector.aejx 20140515
TotalDefense Win32/Tnega.ASAY 20140516
TrendMicro TROJ_INJECTOR.KL 20140516
TrendMicro-HouseCall TROJ_INJECTOR.KL 20140516
VBA32 BScope.Backdoor.IRCBot.2122 20140514
VIPRE Trojan.Win32.Agent.aaxv (v) 20140516
ViRobot Worm.Win32.Net-Kolab.68231 20140516
Zillya Trojan.HmBlocker.Win32.3851 20140516
AegisLab 20140516
ByteHero 20140516
CMC 20140512
Rising 20140507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-10-28 19:00:30
Entry Point 0x0000160F
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
AddAtomA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
DrawAnimatedRects
FlashWindowEx
Number of PE resources by type
Struct(202) 1
Struct(211) 1
Number of PE resources by language
GERMAN NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:10:28 20:00:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileAccessDate
2014:05:16 11:39:45+01:00

EntryPoint
0x160f

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:16 11:39:45+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e0381eaf6ceda15e58c70b19d9c2c80a
SHA1 e28fd30185f9b44d406d4779803e9fb6e8740602
SHA256 845fa5d04b3d1108d3daa657b5144bf3e865260c51849069f609fa2beb0d4f42
ssdeep
768:HCbJTWdEDgbvXF3lQF2ksfjnhoSotfmhARirQzX5ODBp:HCbJTYEDclI2vftoSefmhXEENp

imphash b41f22486d4aa79695588232cb2c7b00
File size 57.2 KB ( 58539 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (56.7%)
Win32 Executable MS Visual C++ (generic) (29.1%)
Win32 Dynamic Link Library (generic) (6.1%)
Win32 Executable (generic) (4.2%)
Generic Win/DOS Executable (1.8%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-19 10:19:26 UTC (prije 4 godine, 2 mjeseci)
Last submission 2014-05-16 10:40:02 UTC (prije 3 godine, 1 mjesec)
Imena datoteka B2599.exe
e0381eaf6ceda15e58c70b19d9c2c80a
aa
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs