× Sütik letiltva! Az oldal helyes működéséhez engedélyezni kell a sütiket.
SHA256: d47af0b778ea5d64653d5fb86674add37d99f652eeaf529fc3ede3f84897a873
Fájl neve: upd1b798e3b.exe
Észlelési arány: 17 / 67
Elemzés ideje: 2017-11-11 00:02:56 UTC ( 1 év, 6 hónap ezelőtt ) Legfrissebb megtekintése
Vírusirtó Eredmény Utolsó frissítés
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171111
eGambit Unsafe.AI_Score_100% 20171111
ESET-NOD32 a variant of Win32/GenKryptik.BDKM 20171110
Fortinet W32/GenKryptik.BCFY!tr 20171111
GData Win32.Backdoor.Zeus.GEBTN6 20171111
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171110
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20171110
Palo Alto Networks (Known Signatures) generic.ml 20171111
Qihoo-360 HEUR/QVM19.1.1A2C.Malware.Gen 20171111
SentinelOne (Static ML) static engine - malicious 20171019
Symantec Packed.Generic.493 20171110
Tencent Suspicious.Heuristic.Gen.b.0 20171111
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171110
Ad-Aware 20171110
AegisLab 20171110
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171111
Arcabit 20171110
Avast 20171110
Avast-Mobile 20171110
AVG 20171110
Avira (no cloud) 20171110
AVware 20171110
BitDefender 20171110
Bkav 20171110
CAT-QuickHeal 20171110
ClamAV 20171110
CMC 20171109
Comodo 20171111
Cybereason 20171030
Cyren 20171111
DrWeb 20171110
Emsisoft 20171110
F-Prot 20171111
F-Secure 20171111
Ikarus 20171110
Jiangmin 20171110
K7AntiVirus 20171110
K7GW 20171111
Kingsoft 20171111
Malwarebytes 20171110
MAX 20171110
McAfee 20171110
Microsoft 20171110
eScan 20171110
NANO-Antivirus 20171110
nProtect 20171110
Panda 20171110
Rising 20171110
Sophos AV 20171110
SUPERAntiSpyware 20171110
Symantec Mobile Insight 20171110
TheHacker 20171102
TotalDefense 20171110
TrendMicro 20171110
TrendMicro-HouseCall 20171110
Trustlook 20171111
VBA32 20171110
VIPRE 20171110
ViRobot 20171110
Webroot 20171111
Yandex 20171110
Zillya 20171110
Zoner 20171110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-30 07:42:56
Entry Point 0x00004879
Number of sections 4
PE sections
PE imports
GetEnvironmentStringsA
CreateJobObjectW
GetTickCount
GetVolumePathNameA
LoadLibraryA
GetShortPathNameA
UpdateResourceA
GetConsoleTitleW
GetDateFormatW
ReadProcessMemory
GetCommandLineA
CopyFileExW
GetPrivateProfileStringW
CreateMutexA
CreateDirectoryA
CreateSemaphoreA
lstrcmpA
GetExitCodeThread
GetTempPathW
CompareStringA
SetLocalTime
GetProcAddress
GetBinaryTypeA
GetProfileIntW
WriteConsoleA
SetCurrentDirectoryW
OpenEventW
CreateFileW
GetNumberFormatW
CreateProcessW
GetPrivateProfileSectionA
GetCurrentThreadId
SleepEx
OpenJobObjectA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
InsertMenuA
wsprintfA
LoadCursorA
CreateDesktopW
LoadMenuW
PeekMessageA
GetMessageW
DialogBoxParamA
IsCharLowerW
GetPropA
PostMessageW
GetClassLongA
CharToOemA
Number of PE resources by type
Struct(28) 7
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:30 08:42:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4879

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0ce7844bab92f189374dfb47db9e5ead
SHA1 f1be19463db83a39c1b3e87de03cde513ba3ec33
SHA256 d47af0b778ea5d64653d5fb86674add37d99f652eeaf529fc3ede3f84897a873
ssdeep
3072:hO7bOlD+T8Z1BXB69pD6izGF53Tr4Rp6ui6ammhAvG:g76lW01BR6b853f4mt6amm

authentihash 3f3d4b53eb1dd4af6332b5ee9a3057fa6a31ee616631a0896fd1153d427690f0
imphash 06eca415b20ec74176e526fea6869897
Fájl méret 148.0 KB ( 151552 bytes )
Fájl típus Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (58.9%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-10 18:37:09 UTC ( 1 év, 6 hónap ezelőtt )
Last submission 2018-05-03 07:13:09 UTC ( 1 év ezelőtt )
Fájl nevek upd1b798e3b.exe
Nincsenek hozzászólások. Még egy VirusTotal felhasználó sem írt bejegyzést ehhez, legyél te az első!

Hozzászólás írása...

?
Hozzászólás elküldése

Nem vagy bejelentkezve. Csak regisztrált felhasználók írhatnak hozzászólást, jelentkezz be és oszd meg a véleményed!

Nincsenek szavazatok. Még senki nem szavazott, legyél te az első!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications