× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: d2d7f0f720ac8a9aeb50d299cf360fc72e1fa8b28c81ac76b281b82a9489130b
Ime datoteke: swa.exe.bin
Omjer otkrivanja: 21 / 66
Datum analize: 2018-03-26 07:49:40 UTC (prije 1 godina, 1 mjesec) Pogledaj posljednje
Antivirus Rezultat Ažuriranje
Ad-Aware Gen:Variant.Symmi.76713 20180326
ALYac Gen:Variant.Symmi.76713 20180326
Arcabit Trojan.Symmi.D12BA9 20180326
BitDefender Gen:Variant.Symmi.76713 20180326
Bkav HW32.Packed.A642 20180326
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180326
Emsisoft Gen:Variant.Symmi.76713 (B) 20180326
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Injector.DWVA 20180326
F-Secure Gen:Variant.Symmi.76713 20180326
Fortinet W32/GenKryptik.AVUZ!tr 20180326
GData Gen:Variant.Symmi.76713 20180326
Sophos ML heuristic 20180121
MAX malware (ai score=82) 20180326
eScan Gen:Variant.Symmi.76713 20180326
Palo Alto Networks (Known Signatures) generic.ml 20180326
Qihoo-360 HEUR/QVM03.0.1133.Malware.Gen 20180326
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180325
VBA32 BScope.Trojan.Diple 20180323
AegisLab 20180326
AhnLab-V3 20180326
Alibaba 20180326
Antiy-AVL 20180326
Avast 20180326
Avast-Mobile 20180325
AVG 20180326
Avira (no cloud) 20180325
AVware 20180326
Baidu 20180326
CAT-QuickHeal 20180325
ClamAV 20180326
CMC 20180325
Comodo 20180326
Cybereason None
Cyren 20180326
DrWeb 20180326
eGambit 20180326
F-Prot 20180326
Ikarus 20180325
Jiangmin 20180326
K7AntiVirus 20180326
K7GW 20180326
Kaspersky 20180326
Kingsoft 20180326
Malwarebytes 20180326
McAfee 20180326
McAfee-GW-Edition 20180325
Microsoft 20180326
NANO-Antivirus 20180326
nProtect 20180326
Panda 20180325
Rising 20180326
Sophos AV 20180326
SUPERAntiSpyware 20180326
Symantec Mobile Insight 20180311
Tencent 20180326
TheHacker 20180326
TotalDefense 20180326
TrendMicro 20180326
TrendMicro-HouseCall 20180326
Trustlook 20180326
VIPRE 20180326
ViRobot 20180326
WhiteArmor 20180324
Yandex 20180324
Zillya 20180326
ZoneAlarm by Check Point 20180326
Zoner 20180326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
HEWLETT"PACKARD cA.

Product FILSECLab CORPORation
Original name Disrestore4.exe
Internal name Disrestore4
File version 5.03
Description avg TECHNOLogies
Comments EPSon
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-25 20:42:36
Entry Point 0x00001284
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaI4Cy
__vbaStrMove
_adj_fdivr_m64
_adj_fdiv_m16i
_adj_fprem
Ord(607)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
Ord(714)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaFreeStr
__vbaObjSetAddref
Ord(547)
_adj_fdiv_m64
Ord(574)
_CIsin
_CIsqrt
__vbaI2Var
_CIlog
Ord(524)
_allmul
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
Ord(612)
__vbaR8Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CItan
_CIexp
__vbaVarTstGt
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
__vbaFpI4
Ord(698)
Ord(563)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
462848

SubsystemVersion
4.0

Comments
EPSon

LinkerVersion
6.0

ImageVersion
5.3

FileSubtype
0

FileVersionNumber
5.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
avg TECHNOLogies

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x1284

OriginalFileName
Disrestore4.exe

MIMEType
application/octet-stream

LegalCopyright
HEWLETT"PACKARD cA.

FileVersion
5.03

TimeStamp
2018:03:25 22:42:36+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Disrestore4

ProductVersion
5.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
XAMASOFt

LegalTrademarks
DROPBox: iNC:

ProductName
FILSECLab CORPORation

ProductVersionNumber
5.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Overlay parents
File identification
MD5 397b09919a996b47e5b33ba312264ced
SHA1 96d27864dd8991f40ac06a58ddad80a057e40bd3
SHA256 d2d7f0f720ac8a9aeb50d299cf360fc72e1fa8b28c81ac76b281b82a9489130b
ssdeep
12288:bP0rFUGMxEjun+Ycdb2ixsw0/XYqFp0+Iihq61Gb6XeAziwigrX6AjVEEVB6uPd:bMrF9MxEjun+h2P3/PFEi11Gb6XeAzim

authentihash a4b77e14670025db27c447120b49f77b6ca98a89e9529786a70c7774aa14b26f
imphash c0aa8271022ae9b26032418f5cf840c3
File size 480.0 KB ( 491520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-26 07:49:40 UTC (prije 1 godina, 1 mjesec)
Last submission 2018-05-25 21:20:00 UTC (prije 12 mjeseci)
Imena datoteka Disrestore4
swa.exe
swa.exe.bin
Disrestore4.exe
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.