× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: cb7936c00e747b6bd538dfa67f79a9f14094681b66fb07aee26780bb41f0fd0d
Ime datoteke: 565.exe
Omjer otkrivanja: 4 / 57
Datum analize: 2016-12-11 10:01:04 UTC (prije 2 godine, 5 mjeseci) Pogledaj posljednje
Antivirus Rezultat Ažuriranje
CrowdStrike Falcon (ML) malicious_confidence_66% (D) 20161024
Emsisoft Trojan-Ransom.Win32.Crysis (A) 20161211
Sophos ML virus.win32.sality.at 20161202
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161211
Ad-Aware 20161211
AegisLab 20161211
AhnLab-V3 20161210
Alibaba 20161211
ALYac 20161211
Antiy-AVL 20161211
Arcabit 20161211
Avast 20161211
AVG 20161211
Avira (no cloud) 20161211
AVware 20161211
Baidu 20161207
BitDefender 20161211
Bkav 20161210
CAT-QuickHeal 20161210
ClamAV 20161211
CMC 20161211
Comodo 20161211
Cyren 20161211
DrWeb 20161211
ESET-NOD32 20161211
F-Prot 20161211
F-Secure 20161211
Fortinet 20161211
GData 20161211
Ikarus 20161211
Jiangmin 20161210
K7AntiVirus 20161211
K7GW 20161211
Kaspersky 20161211
Kingsoft 20161211
Malwarebytes 20161211
McAfee 20161211
McAfee-GW-Edition 20161211
Microsoft 20161211
eScan 20161211
NANO-Antivirus 20161211
nProtect 20161211
Panda 20161211
Rising 20161211
Sophos AV 20161211
SUPERAntiSpyware 20161211
Symantec 20161211
Tencent 20161211
TheHacker 20161130
TotalDefense 20161211
TrendMicro 20161211
TrendMicro-HouseCall 20161211
Trustlook 20161211
VBA32 20161209
VIPRE 20161211
ViRobot 20161211
WhiteArmor 20161207
Yandex 20161210
Zillya 20161210
Zoner 20161211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Just Great Software © 2015 Company

Product Writeback
Original name Writeback.exe
Internal name Writeback
File version 3.7.93.4
Description Ani Untar Wol Resistors Walk L2tp
Comments Ani Untar Wol Resistors Walk L2tp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-08 16:20:04
Entry Point 0x00006C62
Number of sections 4
PE sections
PE imports
ImpersonateAnonymousToken
LookupPrivilegeValueW
OpenProcessToken
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetOpenFileNameA
CommDlgExtendedError
GetObjectA
LineTo
SetROP2
DeleteDC
SelectObject
MoveToEx
CreatePen
CreateSolidBrush
GetDIBits
SetBkMode
SetBkColor
CreateCompatibleDC
GetTcpTable
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
FileTimeToSystemTime
GetConsoleCP
GetOEMCP
LCMapStringA
TlsSetValue
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetUserDefaultLangID
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
SetHandleCount
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
EnumTimeFormatsA
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
FindResourceExW
InterlockedIncrement
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetDriveTypeA
TerminateProcess
RtlUnwind
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
LoadResource
WriteFile
VirtualQuery
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
GetFileAttributesExA
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
WriteConsoleW
GetTimeFormatA
WNetGetUserW
OleLoadPicture
VariantInit
glLoadIdentity
glMatrixMode
RpcStringFreeA
UuidToStringA
UuidFromStringA
DragQueryFileA
GetForegroundWindow
GetParent
UpdateWindow
SetLayeredWindowAttributes
BeginPaint
DefWindowProcA
RegisterWindowMessageA
DefMDIChildProcA
SetWindowPos
EnumDisplaySettingsExA
SetScrollRange
EndPaint
SetCapture
MessageBoxA
SetWindowLongA
GetLayeredWindowAttributes
GetDC
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
DefFrameProcA
GetClientRect
GetDlgItem
IsWindow
ClientToScreen
SetRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
LoadCursorA
LoadIconA
ChangeDisplaySettingsExA
SendMessageA
GetMenuState
LoadImageA
GetClassNameA
GetWindowTextA
CreateUrlCacheEntryA
CreateUrlCacheGroup
WSAStartup
WSCEnumProtocols
recv
accept
WSASetBlockingHook
CreateBindCtx
MkParseDisplayName
CoUninitialize
CoInitialize
CoCreateInstance
PdhBrowseCountersA
Number of PE resources by type
RT_DIALOG 9
RT_ACCELERATOR 9
RT_STRING 8
RT_HTML 6
RT_ICON 6
UNICODEDATA 5
BIN 4
Struct(240) 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 52
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Just Great Software 2015 Company

SubsystemVersion
5.0

Comments
Ani Untar Wol Resistors Walk L2tp

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Writeback

FileVersionNumber
3.7.93.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
253440

PrivateBuild
3.7.93.4

FileTypeExtension
exe

OriginalFileName
Writeback.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.7.93.4

TimeStamp
2016:12:08 17:20:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Writeback

ProductVersion
3.7.93.4

FileDescription
Ani Untar Wol Resistors Walk L2tp

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Just Great Software 2015 Company

MachineType
Intel 386 or later, and compatibles

CompanyName
Just Great Software

CodeSize
82944

FileSubtype
0

ProductVersionNumber
3.7.93.4

EntryPoint
0x6c62

ObjectFileType
Executable application

File identification
MD5 69baf50fa58fb1952494f807e6940db5
SHA1 5085a8b55ce1d9bb45a9786c99782e0c29350042
SHA256 cb7936c00e747b6bd538dfa67f79a9f14094681b66fb07aee26780bb41f0fd0d
ssdeep
3072:IWeUIX8GRHRYp4VJzwoV85qrFxCej0nHfhrEgikb9hxLUjKHFrfE8suV+M6MbM8b:E8o8WzvbxEewAkbhhj0JYnsLi

authentihash 49a3cf070b793c51a4d997df67993ed7ca2ac1eeff0478e2cadd8f9a1f5e2e13
imphash c1351b4ef32674ebb653228cdb4df636
File size 329.5 KB ( 337408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-11 10:01:04 UTC (prije 2 godine, 5 mjeseci)
Last submission 2017-04-12 00:57:19 UTC (prije 2 godine, 1 mjesec)
Imena datoteka 565.exe
Writeback
565.exe
565.exe
565.exe
565.exe
565.exe
565.exe
565.exe
Writeback.exe
565.exe
565.exe
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs