× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: d82803e98e8db57c28b7ff88ec9d01ab06299196f07645b9e32e6bcc4dcd6019
Nome del file: wds.exe.AESddos.Win32.mmd
Rapporto rilevamento: 43 / 56
Data analisi: 2016-04-18 09:46:07 UTC ( 3 anni, 1 mese fa )
Antivirus Risultato Aggiornamento
Ad-Aware Gen:Variant.Zusy.146473 20160418
AhnLab-V3 Backdoor/Win32.Zegost 20160418
ALYac Gen:Variant.Zusy.146473 20160418
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160418
Arcabit Trojan.Zusy.D23C29 20160418
Avast Win32:MrBlack-D [Trj] 20160418
AVG Generic36.WYR 20160418
Avira (no cloud) BDS/Backdoor.Gen2 20160418
AVware Trojan.Win32.Generic!SB.0 20160418
Baidu Win32.Trojan.ServStart.aj 20160418
BitDefender Gen:Variant.Zusy.146473 20160418
Bkav W32.RansomwareTQB.Trojan 20160415
CAT-QuickHeal Trojan.ServStart.A 20160418
Cyren W32/Heuristic-131!Eldorado 20160418
DrWeb Trojan.Mrblack.3 20160418
Emsisoft Gen:Variant.Zusy.146473 (B) 20160418
ESET-NOD32 Win32/ServStart.IO 20160418
F-Prot W32/Heuristic-131!Eldorado 20160418
F-Secure Gen:Variant.Zusy.146473 20160418
Fortinet W32/StartServ.VIK!tr 20160418
GData Gen:Variant.Zusy.146473 20160418
Ikarus Trojan.Win32.ServStart 20160417
Jiangmin Trojan/Generic.bamdh 20160418
K7AntiVirus Trojan ( 004ae7bf1 ) 20160418
K7GW Trojan ( 004ae7bf1 ) 20160418
Kaspersky Trojan.Win32.StartServ.vik 20160418
Kingsoft Win32.Troj.Undef.(kcloud) 20160418
Malwarebytes Trojan.Agent.PDD 20160418
Microsoft Trojan:Win32/ServStart!rfn 20160418
eScan Gen:Variant.Zusy.146473 20160418
NANO-Antivirus Trojan.Win32.Heuristic131.dcnfpc 20160418
nProtect Trojan/W32.Agent.196709 20160415
Panda Trj/Genetic.gen 20160417
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160418
SUPERAntiSpyware Trojan.Agent/Gen-Jaik 20160418
Symantec SMG.Heur!cg1 20160418
TheHacker Trojan/ServStart.io 20160417
TrendMicro TROJ_SERVSTART_EH06002B.UVPN 20160418
TrendMicro-HouseCall TROJ_SERVSTART_EH06002B.UVPN 20160418
VBA32 Trojan.StartServ 20160418
VIPRE Trojan.Win32.Generic!SB.0 20160418
Yandex Backdoor.Agent!W+qsqWX+TeU 20160416
Zillya Trojan.StartServ.Win32.135 20160417
AegisLab 20160418
Alibaba 20160418
Baidu-International 20160418
ClamAV 20160418
CMC 20160415
Comodo 20160418
McAfee 20160417
McAfee-GW-Edition 20160418
Rising 20160418
Sophos AV 20160418
Tencent 20160418
ViRobot 20160418
Zoner 20160418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-18 05:48:33
Entry Point 0x0000DFB0
Number of sections 3
PE sections
Overlays
MD5 e8ba2ddc4890214ef119228878fcffe1
File type data
Offset 196608
Size 101
Entropy 4.82
PE imports
CloseServiceHandle
RegOpenKeyA
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegQueryValueExA
RegSetValueExA
StartServiceA
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
OpenProcess
GetSystemInfo
lstrlenA
GetFileAttributesA
WaitForSingleObject
GetOEMCP
LCMapStringA
CopyFileA
GetTickCount
IsBadWritePtr
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
HeapSize
RtlUnwind
LoadLibraryA
GetShortPathNameA
GetACP
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetFileType
SetThreadPriority
lstrcatA
SetFilePointer
DuplicateHandle
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
GetLocalTime
FreeEnvironmentStringsW
ExitThread
GetProcAddress
GetCurrentThread
SetFileAttributesA
CreateMutexA
CompareStringW
RaiseException
CreateThread
GetStringTypeA
GetModuleHandleA
CreatePipe
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
SetStdHandle
GetCommandLineA
TerminateProcess
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
SetPriorityClass
GetExitCodeProcess
GlobalMemoryStatus
ResumeThread
CreateProcessA
GetTimeZoneInformation
WideCharToMultiByte
SetHandleCount
GetEnvironmentVariableA
HeapCreate
WriteFile
VirtualFree
HeapDestroy
Sleep
IsBadReadPtr
SetConsoleCtrlHandler
IsBadCodePtr
ExitProcess
GetVersion
VirtualAlloc
CompareStringA
wsprintfA
__WSAFDIsSet
WSASocketA
gethostname
socket
setsockopt
closesocket
ntohl
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
WSAGetLastError
select
sendto
inet_ntoa
htons
recv
WSAIoctl
connect
GetFileTitleA
GetIfTable
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:18 06:48:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
94208

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
9609216

SubsystemVersion
4.0

EntryPoint
0xdfb0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 772294ffcc3d6883a603bc5f3b1c91d6
SHA1 cf6cf1b9f69f274fff0ef493a0cee8a2599dd569
SHA256 d82803e98e8db57c28b7ff88ec9d01ab06299196f07645b9e32e6bcc4dcd6019
ssdeep
3072:2POKWROAEATTiczEJToGGhKW9o+SALvH/n2w52YGLqY:2POKWRPTDEJMhKJaf2uyLqY

authentihash 9a004d7417d7829f71661c41c1d497b974c7a3f6826a728eea79f5f8e1bb4142
imphash 3ad350f14c2e450686dbd3fbcbe807a6
File size 192.1 KB ( 196709 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-18 09:46:07 UTC ( 3 anni, 1 mese fa )
Last submission 2016-04-18 09:46:07 UTC ( 3 anni, 1 mese fa )
Nomi dei files wds.exe.AESddos.Win32.mmd
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Copied files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
TCP connections