× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 9e26442b44a9a1e1ba7596ddb2dc2c30a79f6f0485e3da0634bef6973c1b8f10
Nome del file: a11109.exe
Rapporto rilevamento: 12 / 55
Data analisi: 2017-01-24 04:11:00 UTC ( 2 anni, 3 mesi fa ) Leggli gli ultimi
Antivirus Risultato Aggiornamento
Ad-Aware Trojan.GenericKD.4223961 20170124
AegisLab Uds.Dangerousobject.Multi!c 20170124
BitDefender Trojan.GenericKD.4223961 20170124
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML virus.win32.sality.at 20170111
Kaspersky Trojan-Ransom.Win32.Locky.xen 20170124
eScan Trojan.GenericKD.4223961 20170124
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170124
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20170124
Tencent Win32.Trojan.Raasj.Auto 20170124
TrendMicro Ransom_LOCKY.OSIRIS 20170124
TrendMicro-HouseCall Ransom_LOCKY.OSIRIS 20170124
AhnLab-V3 20170123
Alibaba 20170122
ALYac 20170124
Antiy-AVL 20170124
Arcabit 20170124
Avast 20170124
AVG 20170124
Avira (no cloud) 20170123
AVware 20170124
Baidu 20170123
CAT-QuickHeal 20170123
ClamAV 20170124
CMC 20170123
Comodo 20170124
Cyren 20170124
DrWeb 20170124
Emsisoft 20170124
ESET-NOD32 20170124
F-Prot 20170124
F-Secure 20170124
Fortinet 20170124
GData 20170124
Ikarus 20170123
Jiangmin 20170124
K7AntiVirus 20170123
K7GW 20170124
Kingsoft 20170124
Malwarebytes 20170124
McAfee 20170124
McAfee-GW-Edition 20170124
Microsoft 20170124
NANO-Antivirus 20170124
nProtect 20170124
Panda 20170123
Sophos AV 20170124
SUPERAntiSpyware 20170124
Symantec 20170123
TheHacker 20170123
Trustlook 20170124
VBA32 20170123
VIPRE 20170124
ViRobot 20170124
WhiteArmor 20170123
Yandex 20170123
Zillya 20170124
Zoner 20170124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2006-2014 (c) pdfforge GmbH

Product Mckinneys Untenable
Original name Mckinneys Untenable.exe
Internal name Mckinneys Untenable
File version 2.4.6.9
Description Concept Review Options
Comments Concept Review Options
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-23 03:13:53
Entry Point 0x0000AC53
Number of sections 4
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
OpenProcessToken
GetUserNameW
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
CryptEncrypt
CryptHashData
ImageList_DrawEx
Ord(16)
ImageList_GetIconSize
GetOpenFileNameA
CertVerifyValidityNesting
CertVerifyCTLUsage
CertVerifyCertificateChainPolicy
CertVerifyTimeValidity
CertVerifyRevocation
CertVerifySubjectCertificateContext
ExcludeClipRect
CreateRectRgn
DeleteDC
CreateDCA
CreateHalftonePalette
CreatePen
GetStockObject
ExtTextOutA
CreateSolidBrush
Rectangle
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
LoadResource
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
CreateFileMappingW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
SafeArrayAccessData
SafeArrayUnaccessData
OleCreatePictureIndirect
VariantInit
OleLoadPicturePath
GetDeviceDriverFileNameA
QueryWorkingSet
EnumProcesses
GetDeviceDriverBaseNameA
InitializeProcessForWsWatch
EnumDeviceDrivers
GetWsChanges
UuidEqual
UuidIsNil
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
Shell_NotifyIconW
StrToIntA
SHCreateStreamOnFileA
PathStripToRootA
GetCursorPos
UpdateWindow
KillTimer
GetIconInfo
FindWindowA
ShowWindow
GetSystemMetrics
IsWindow
DispatchMessageA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
AppendMenuW
GetWindowTextLengthA
TranslateMessage
GetWindow
GetDC
EndDeferWindowPos
ReleaseDC
CreatePopupMenu
GetMenu
wsprintfA
EnumDisplayDevicesA
BeginDeferWindowPos
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
RegisterRawInputDevices
SetMenuDefaultItem
IsIconic
ClientToScreen
InvalidateRect
GetSubMenu
FindWindowExA
SetTimer
LoadIconA
TrackPopupMenu
GetMessageA
GetMenuItemInfoA
GetDesktopWindow
LoadImageA
GetSystemMenu
SetForegroundWindow
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetOpenA
InternetConnectA
HttpQueryInfoA
mciSendCommandA
EnumPrintersA
WSAStartup
WTSRegisterSessionNotification
OpenColorProfileA
CoUnmarshalInterface
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
GetHGlobalFromStream
StringFromGUID2
CoMarshalInterface
Number of PE resources by type
RT_STRING 12
RT_CURSOR 10
RT_DIALOG 9
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 35
PE resources
Debug information
ExifTool file metadata
CodeSize
274944

SubsystemVersion
5.0

Comments
Concept Review Options

Languages
English

InitializedDataSize
133120

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.6.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Concept Review Options

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
2.4.6.9

EntryPoint
0xac53

OriginalFileName
Mckinneys Untenable.exe

MIMEType
application/octet-stream

LegalCopyright
2006-2014 (c) pdfforge GmbH

FileVersion
2.4.6.9

TimeStamp
2017:01:23 04:13:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mckinneys Untenable

ProductVersion
2.4.6.9

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
pdfforge GmbH

LegalTrademarks
2006-2014 (c) pdfforge GmbH

ProductName
Mckinneys Untenable

ProductVersionNumber
2.4.6.9

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1a3fc82cbc86180b77887d052c73fca5
SHA1 64dafa99b2ee3c7ec7e173453b75fc422912fc2d
SHA256 9e26442b44a9a1e1ba7596ddb2dc2c30a79f6f0485e3da0634bef6973c1b8f10
ssdeep
6144:C9xnZvgyUta5O0Bu9xR75hEFHWjOWlPmJMmNdqzZl/U:CxnZvgpabsP7rEFHvMmaaCl/U

authentihash e1d8cd38ac47366363759cd80ee7306ae4e4af6784f1e2a61669423f1e253192
imphash 8a90a33155059e6b6de4bd070612829a
File size 399.5 KB ( 409088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-23 23:18:02 UTC ( 2 anni, 3 mesi fa )
Last submission 2017-09-26 13:32:31 UTC ( 1 anno, 7 mesi fa )
Nomi dei files 79465b82ef.png
Mckinneys Untenable.exe
1.bin
9e26442b44a9a1e1ba7596ddb2dc2c30a79f6f0485e3da0634bef6973c1b8f10.exe
2.png
a11109.exe
Mckinneys Untenable
a1.exe
Advanced heuristic and reputation engines
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications