× Sütik letiltva! Az oldal helyes működéséhez engedélyezni kell a sütiket.
SHA256: ae51b5fc006a2c4075175c50593f993a0c7ad310691f95ad86ce6d985a7f3ff6
Fájl neve: ae51b5fc006a2c4075175c50593f993a0c7ad310691f95ad86ce6d985a7f3ff6
Észlelési arány: 13 / 65
Elemzés ideje: 2019-03-19 02:47:14 UTC ( 2 hónap ezelőtt ) Legfrissebb megtekintése
Vírusirtó Eredmény Utolsó frissítés
Acronis suspicious 20190318
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GMRW 20190319
Sophos ML heuristic 20190313
Malwarebytes Trojan.Emotet 20190319
Microsoft Trojan:Win32/Fuerboos.A!cl 20190319
Qihoo-360 HEUR/QVM20.1.F041.Malware.Gen 20190319
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazrTv2FzTlUzEH9E+Cu+xO8Y) 20190319
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190319
Trapmine malicious.moderate.ml.score 20190301
VBA32 BScope.Malware-Cryptor.Emotet 20190318
Ad-Aware 20190319
AegisLab 20190318
AhnLab-V3 20190319
Alibaba 20190306
Antiy-AVL 20190319
Arcabit 20190319
Avast 20190319
Avast-Mobile 20190318
AVG 20190319
Avira (no cloud) 20190318
Babable 20180918
Baidu 20190318
BitDefender 20190319
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190318
CMC 20190318
Comodo 20190319
Cybereason 20190109
Cyren 20190319
DrWeb 20190319
eGambit 20190319
Emsisoft 20190319
F-Prot 20190319
F-Secure 20190319
Fortinet 20190319
GData 20190319
Ikarus 20190318
Jiangmin 20190319
K7AntiVirus 20190318
K7GW 20190315
Kaspersky 20190319
Kingsoft 20190319
MAX 20190319
McAfee 20190319
McAfee-GW-Edition 20190318
eScan 20190319
NANO-Antivirus 20190319
Palo Alto Networks (Known Signatures) 20190319
Panda 20190318
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
Tencent 20190319
TheHacker 20190315
TotalDefense 20190318
TrendMicro-HouseCall 20190319
Trustlook 20190319
ViRobot 20190318
Yandex 20190318
Zillya 20190318
ZoneAlarm by Check Point 20190319
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2016 Igor Pavlov

Product 7-Zip
Original name 7zg.exe
Internal name 7zg
File version 16.04
Description 7-Zip GUI
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:09 PM 3/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-19 02:38:46
Entry Point 0x000016C0
Number of sections 4
PE sections
Overlays
MD5 f9a75d997bb7174194bac0540c09177d
File type data
Offset 223744
Size 3336
Entropy 7.33
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImmGetIMEFileNameW
ImmGetDefaultIMEWnd
ImmGetProperty
ImmGetDescriptionW
ImmAssociateContext
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
lstrlenW
FileTimeToSystemTime
GetFileAttributesA
SetEvent
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
SetFileAttributesA
GetTempPathA
lstrcmpiA
GetCPInfo
GetOverlappedResult
InterlockedExchange
WriteFile
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
ConnectNamedPipe
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
SetLastError
GetSystemTime
ReadConsoleInputA
GetModuleFileNameW
GlobalFindAtomA
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
CreateThread
SetEnvironmentVariableW
DisconnectNamedPipe
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCommState
SearchPathA
SetEndOfFile
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
WriteConsoleInputA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
GetFileSize
GlobalDeleteAtom
WaitForMultipleObjects
GetCommProperties
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
GetSystemInfo
GetProcessHeap
GetTimeFormatW
lstrcpyW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetTimeFormatA
GetTempFileNameA
FindNextFileA
DuplicateHandle
FindFirstFileExW
GetProcAddress
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
FlushConsoleInputBuffer
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetModuleHandleW
HeapReAlloc
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
RemoveDirectoryA
GetShortPathNameA
VirtualFree
SetupComm
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
CompareStringA
TlsFree
GetModuleHandleA
ReadFile
FindNextFileW
lstrcpynA
PeekConsoleInputA
GetACP
GlobalLock
CopyFileA
GetCurrentThreadId
FreeResource
SetStdHandle
CreateProcessA
TlsGetValue
IsValidCodePage
OpenEventW
VirtualQuery
CreateProcessW
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
Shell_NotifyIconW
GetWindowThreadProcessId
SendMessageTimeoutA
MessageBoxW
LoadStringA
GetTopWindow
CharNextExA
LoadStringW
MessageBoxA
SetForegroundWindow
Number of PE resources by type
RT_STRING 29
RT_DIALOG 9
RT_ICON 3
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 44
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7-Zip GUI

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
99328

EntryPoint
0x16c0

OriginalFileName
7zg.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2016 Igor Pavlov

FileVersion
16.04

TimeStamp
2019:03:19 03:38:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zg

ProductVersion
16.04

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
123392

ProductName
7-Zip

ProductVersionNumber
16.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7f4c85d723cd5b5520745e45a80a2c58
SHA1 316b687801a4746c8bc951281f5448c8a790f071
SHA256 ae51b5fc006a2c4075175c50593f993a0c7ad310691f95ad86ce6d985a7f3ff6
ssdeep
3072:aX8Hk2GgrQCz+VGUbqPM902yHydVik3zLYb8q1ZFBq:aX8E29z+VGUQM9UHQH3zSte

authentihash 4195a62104feb6525012e5d8b76d54a4a421a3ede1c8e4c82b91620dc6b27df4
imphash 1daf4e9c441314e988721debd9e5a88a
Fájl méret 221.8 KB ( 227080 bytes )
Fájl típus Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-19 02:47:14 UTC ( 2 hónap ezelőtt )
Last submission 2019-03-19 23:29:26 UTC ( 2 hónap ezelőtt )
Fájl nevek 7zg
emotet_e1_ae51b5fc006a2c4075175c50593f993a0c7ad310691f95ad86ce6d985a7f3ff6_2019-03-19__025002.exe_
7zg.exe
Nincsenek hozzászólások. Még egy VirusTotal felhasználó sem írt bejegyzést ehhez, legyél te az első!

Hozzászólás írása...

?
Hozzászólás elküldése

Nem vagy bejelentkezve. Csak regisztrált felhasználók írhatnak hozzászólást, jelentkezz be és oszd meg a véleményed!

Nincsenek szavazatok. Még senki nem szavazott, legyél te az első!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections