× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 1a04c73a5a218d9bfcb072507f1c4bc318708ed1cda9f2fdd3341f499c9efc4a
Nome del file: boot .exe
Rapporto rilevamento: 49 / 56
Data analisi: 2017-01-16 18:52:11 UTC ( 2 anni, 2 mesi fa )
Antivirus Risultato Aggiornamento
Ad-Aware Gen:Trojan.Heur.xq0@s19cfekib 20170116
AegisLab Troj.Dropper.W32.VB.mBrT 20170116
AhnLab-V3 Worm/Win32.AutoRun.R49416 20170116
Antiy-AVL Worm/Win32.VB 20170116
Arcabit Trojan.Heur.EEBCE6 20170116
Avast Win32:Virtu-F 20170116
AVG Worm/VB.CFHR 20170116
Avira (no cloud) TR/Dropper.Gen 20170116
AVware Trojan.Win32.Generic.pak!cobra 20170116
Baidu Win32.Trojan.VB.je 20170116
BitDefender Gen:Trojan.Heur.xq0@s19cfekib 20170116
CAT-QuickHeal Trojan.Comisproc.A3 20170116
ClamAV Win.Trojan.Agent-1344924 20170116
Comodo Worm.Win32.Agent.VBC 20170116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.LOQB-2066 20170116
DrWeb Trojan.Siggen3.12086 20170116
Emsisoft Gen:Trojan.Heur.xq0@s19cfekib (B) 20170116
ESET-NOD32 Win32/VB.PEU 20170116
F-Prot W32/Trojan2.OHGU 20170116
F-Secure Gen:Trojan.Heur.xq0@s19cfekib 20170116
Fortinet W32/VB.PEU!tr 20170116
GData Gen:Trojan.Heur.xq0@s19cfekib 20170116
Ikarus Trojan.Win32.Rimecud 20170116
Sophos ML virus.win32.virut.bn 20170111
Jiangmin Win32/Virut.bv 20170116
K7AntiVirus Trojan ( 000a30721 ) 20170116
K7GW Trojan ( 000a30721 ) 20170116
Kaspersky Worm.Win32.WBNA.roc 20170116
Malwarebytes Worm.Agent 20170116
McAfee GenericRXAC-OW!4AFD697482DC 20170108
McAfee-GW-Edition BehavesLike.Win32.Vilsel.fz 20170116
Microsoft Trojan:Win32/Comisproc!gmb 20170116
eScan Gen:Trojan.Heur.xq0@s19cfekib 20170116
NANO-Antivirus Trojan.Win32.VB2.covjzk 20170116
Panda Generic Malware 20170116
Qihoo-360 Win32/Worm.d5f 20170116
Rising Malware.Heuristic!ET#99% (rdm+) 20170116
Sophos AV Troj/Agent-APXD 20170116
SUPERAntiSpyware Trojan.Agent/Gen-Comisproc 20170116
Symantec ML.Relationship.MediumConfidence [Trojan Horse] 20170116
Tencent Win32.Virus.Virut.Phhd 20170116
TrendMicro TROJ_GEN.R047C0CGI16 20170116
VBA32 Worm.WBNA 20170116
VIPRE Trojan.Win32.Generic.pak!cobra 20170116
ViRobot Worm.Win32.A.VB.402944[h] 20170116
Yandex Trojan.VB!mBVz18278ps 20170116
Zillya Trojan.VB.Win32.100792 20170116
Zoner Trojan.Agentwdcr 20170116
Alibaba 20170116
ALYac 20170116
CMC 20170116
Kingsoft 20170116
nProtect 20170116
TheHacker 20170116
TrendMicro-HouseCall 20170116
Trustlook 20170116
WhiteArmor 20170116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product xcv
Original name essai.exe
Internal name essai
File version 15.05.0088
Description Dossier de fichiers
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-05-23 07:58:11
Entry Point 0x000012AF
Number of sections 4
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(617)
_adj_fpatan
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
__vbaAryUnlock
__vbaNextEachVar
_adj_fprem
__vbaFreeObjList
__vbaObjVar
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaForEachVar
__vbaVarSetVar
Ord(576)
__vbaLateMemCall
EVENT_SINK_QueryInterface
Ord(600)
__vbaExceptHandler
__vbaFreeVarList
Ord(645)
__vbaFPException
_adj_fdivr_m16i
EVENT_SINK_Release
__vbaExitProc
Ord(100)
__vbaVarAdd
__vbaFreeVar
_adj_fdiv_r
__vbaVarLateMemCallLd
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaStrVarVal
_CIcos
__vbaVarTstEq
_adj_fptan
_CItan
__vbaObjSet
__vbaI4Var
Ord(716)
__vbaVarMove
_CIatan
Ord(608)
__vbaNew2
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
15.5

FileSubtype
0

FileVersionNumber
15.5.0.88

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x12af

OriginalFileName
essai.exe

MIMEType
application/octet-stream

FileVersion
15.05.0088

TimeStamp
2000:05:23 08:58:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
essai

ProductVersion
15.05.0088

FileDescription
Dossier de fichiers

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
36864

ProductName
xcv

ProductVersionNumber
15.5.0.88

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4afd697482dc1bd54b9c16e61f4e99c2
SHA1 a6a04fe33b7de51f68f2d61ae14d6be4fcd428bd
SHA256 1a04c73a5a218d9bfcb072507f1c4bc318708ed1cda9f2fdd3341f499c9efc4a
ssdeep
1536:DV6MTt3fuJej6jObcVl2c1NOs+BbIX88ln/1UaeGySw/SCqfgJK:DMs3fGBj/Vx1Nyjk/1jeGySK8IJK

authentihash 25221ec29b937ebc8c0204246c8776ff736e085c6bf8ea68610fb1828981dad0
imphash 30e5df4fdb501cc0bf738d65c89185b6
File size 380.0 KB ( 389120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-18 08:26:18 UTC ( 2 anni, 8 mesi fa )
Last submission 2017-01-16 18:52:11 UTC ( 2 anni, 2 mesi fa )
Nomi dei files essai
essai.exe
boot .exe
Thermal_Subsystem .exe
3Ddrive .exe
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.