× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 15d5456daef1838d2b2e2b89636ba147debbf4232c98faf48c0d51ef27bcede7
Nome del file: Hotfixer.exe
Rapporto rilevamento: 2 / 53
Data analisi: 2014-07-14 19:12:41 UTC ( 4 anni, 3 mesi fa ) Leggli gli ultimi
Antivirus Risultato Aggiornamento
CMC Trojan.Win32.Generic!O 20140714
Qihoo-360 Malware.QVM11.Gen 20140714
Ad-Aware 20140714
AegisLab 20140714
Yandex 20140714
AhnLab-V3 20140714
AntiVir 20140714
Antiy-AVL 20140714
Avast 20140714
AVG 20140714
Baidu-International 20140714
BitDefender 20140714
Bkav 20140714
ByteHero 20140714
CAT-QuickHeal 20140714
ClamAV 20140714
Commtouch 20140714
Comodo 20140714
DrWeb 20140714
Emsisoft 20140714
ESET-NOD32 20140714
F-Prot 20140714
F-Secure 20140714
Fortinet 20140714
GData 20140714
Ikarus 20140714
Jiangmin 20140714
K7AntiVirus 20140714
K7GW 20140714
Kaspersky 20140714
Kingsoft 20140714
Malwarebytes 20140714
McAfee 20140714
Microsoft 20140714
eScan 20140714
NANO-Antivirus 20140714
Norman 20140714
nProtect 20140714
Panda 20140714
Rising 20140713
Sophos AV 20140714
SUPERAntiSpyware 20140714
Symantec 20140714
Tencent 20140714
TheHacker 20140714
TotalDefense 20140714
TrendMicro 20140714
TrendMicro-HouseCall 20140714
VBA32 20140714
VIPRE 20140714
ViRobot 20140714
Zillya 20140714
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © OldMan 2014

File version 3.0.1.0
Description Office 2007-2010-2013 Hotfix Integration Utility
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x00117690
Number of sections 3
PE sections
Overlays
MD5 54b52b0fac82322632b99e7e171646e7
File type data
Offset 622592
Size 312600
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_RCDATA 18
RT_ICON 11
RT_STRING 7
RT_BITMAP 5
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ITALIAN 24
ENGLISH UK 23
ENGLISH US 2
PE resources
ExifTool file metadata
Nomefileoriginale
Hotfixer.exe

UninitializedDataSize
688128

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.0.1.0

LanguageCode
Italian

FileFlagsMask
0x0000

FileDescription
Office 2007-2010-2013 Hotfix Integration Utility

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x117690

Nomedelprodotto
Hotfixer

MIMEType
application/octet-stream

LegalCopyright
Copyright OldMan 2014

Societ
TN1Ware oldmantn1@gmail.com

FileVersion
3.0.1.0

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

Piattaforma
XP/Vista/Win7

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
454656

Versionedelprodotto
3.0.1.0

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 a27182252a061f7df3a6ba041cf93239
SHA1 ea31503798c932f4c4470eab587abfbe7f136ffc
SHA256 15d5456daef1838d2b2e2b89636ba147debbf4232c98faf48c0d51ef27bcede7
ssdeep
24576:xthEVaPqLRNQaFI+QdeoRCWqpBJ/zbUhbIZz3pju:pEVUc/QMIzeHZHtbUhY7Zu

authentihash 25fc09bed5c52b48c8cbccbbd35b69d3aa91f9fca0b491343b56c07c0667b08c
imphash 890e522b31701e079a367b89393329e6
File size 913.3 KB ( 935192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2014-07-14 19:12:41 UTC ( 4 anni, 3 mesi fa )
Last submission 2015-12-20 09:31:50 UTC ( 2 anni, 10 mesi fa )
Nomi dei files Hotfixer.exe
15d5456daef1838d2b2e2b89636ba147debbf4232c98faf48c0d51ef27bcede7.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.