× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: ad981cabbeec907a67ead051a2d7fd658dca1e7c22546a75acddec3d3adc133f
Nome del file: phone.jpg
Rapporto rilevamento: 8 / 62
Data analisi: 2017-05-10 14:31:53 UTC ( 2 anni fa ) Leggli gli ultimi
Antivirus Risultato Aggiornamento
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170503
Bkav HW32.Packed.7EB8 20170510
CrowdStrike Falcon (ML) malicious_confidence_91% (D) 20170130
Endgame malicious (moderate confidence) 20170503
Sophos ML generic.a 20170413
Palo Alto Networks (Known Signatures) generic.ml 20170510
Qihoo-360 HEUR/QVM03.0.0CE5.Malware.Gen 20170510
Symantec ML.Attribute.HighConfidence 20170510
Ad-Aware 20170510
AegisLab 20170510
AhnLab-V3 20170510
Alibaba 20170510
ALYac 20170510
Antiy-AVL 20170510
Arcabit 20170510
Avast 20170510
AVG 20170510
Avira (no cloud) 20170510
AVware 20170508
BitDefender 20170510
CAT-QuickHeal 20170510
ClamAV 20170510
CMC 20170510
Comodo 20170510
Cyren 20170510
DrWeb 20170510
Emsisoft 20170510
ESET-NOD32 20170510
F-Prot 20170510
F-Secure 20170510
Fortinet 20170510
GData 20170510
Ikarus 20170510
Jiangmin 20170510
K7AntiVirus 20170510
K7GW 20170510
Kaspersky 20170510
Kingsoft 20170510
Malwarebytes 20170510
McAfee 20170510
McAfee-GW-Edition 20170510
Microsoft 20170510
eScan 20170510
NANO-Antivirus 20170510
nProtect 20170510
Panda 20170510
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170510
SUPERAntiSpyware 20170510
Symantec Mobile Insight 20170510
Tencent 20170510
TheHacker 20170508
TotalDefense 20170510
TrendMicro 20170510
TrendMicro-HouseCall 20170510
VBA32 20170510
VIPRE 20170510
ViRobot 20170510
Webroot 20170510
WhiteArmor 20170502
Yandex 20170510
Zillya 20170505
ZoneAlarm by Check Point 20170510
Zoner 20170510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

Product Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
Original name Retfrdiggrelsen.exe
Internal name Retfrdiggrelsen
File version 1.00
Description Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
Comments Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-10 13:37:07
Entry Point 0x0000131C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaPrintObj
__vbaCyI4
__vbaEnd
__vbaStrCmp
__vbaVarDup
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
Ord(681)
Ord(677)
__vbaCyStr
__vbaCyAdd
__vbaStrCopy
__vbaVarAnd
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrToUnicode
_adj_fdivr_m16i
EVENT_SINK_Release
__vbaI4Cy
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaVarAdd
__vbaFreeVar
__vbaBoolVarNull
_adj_fprem1
_CItan
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_allmul
__vbaAryLock
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaFreeStrList
Ord(581)
Ord(539)
__vbaI4Var
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
__vbaStrI4
_adj_fdivr_m32
__vbaStrCat
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

SubsystemVersion
4.0

Comments
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

InitializedDataSize
20480

ImageVersion
1.0

ProductName
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Retfrdiggrelsen.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2017:05:10 14:37:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Retfrdiggrelsen

ProductVersion
1.0

FileDescription
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

OSVersion
4.0

FileOS
Win32

LegalCopyright
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

MachineType
Intel 386 or later, and compatibles

CompanyName
Popstar

CodeSize
4956160

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x131c

ObjectFileType
Executable application

File identification
MD5 31d3e957315fde8db2f70a0606daca8e
SHA1 afd08f53e10b2edcf70ee4716e458dc728488922
SHA256 ad981cabbeec907a67ead051a2d7fd658dca1e7c22546a75acddec3d3adc133f
ssdeep
98304:HC0kRT0+PX//ZxfjsCms4wsBurf6U9UTlkbJAJi9nTiUX/WE7WWCesLn:HCrZ3ZxfACms4w2CiU9RJAwU7esL

authentihash a78b4e4ddf78a4c134856e0fa4a0eed245e5094e36ab3ec801d48323aeeb252c
imphash b49015638df03e4dd8545c092289ebd5
File size 4.7 MB ( 4968448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-10 14:31:53 UTC ( 2 anni fa )
Last submission 2017-10-24 17:56:26 UTC ( 1 anno, 7 mesi fa )
Nomi dei files D3S30L.html
phone.jpg
aa
Retfrdiggrelsen.exe
VirusShare_31d3e957315fde8db2f70a0606daca8e
d4d3306410339b110871c5edbd162752b99450db
3620.exe.3244.dr
ad981cabbeec907a67ead051a2d7fd658dca1e7c22546a75acddec3d3adc133f
virusshare_31d3e957315fde8db2f70a0606daca8e
Retfrdiggrelsen
VirusShare_31d3e957315fde8db2f70a0606daca8e
Behaviour characterization
Zemana
dll-injection

Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications