× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd
ファイル名: myguy.exe
検出率: 60 / 68
分析日時: 2017-11-24 04:14:47 UTC (2 週間, 3 日前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.5497350 20171124
AegisLab Troj.W32.Nakoctb!c 20171124
AhnLab-V3 HEUR/Ranpix.Gen 20171124
ALYac Trojan.Ransom.Petya 20171124
Antiy-AVL Trojan[Banker]/Win32.NeutrinoPOS 20171124
Arcabit Trojan.Generic.D53E206 20171124
Avast Win32:Malware-gen 20171124
AVG Win32:Malware-gen 20171124
Avira (no cloud) TR/Crypt.Xpack.byovx 20171124
AVware Trojan.Win32.Generic!BT 20171124
BitDefender Trojan.GenericKD.5497350 20171124
Bkav W32.LuspitoLTX.Trojan 20171123
CAT-QuickHeal Ransom.Gen.A4 20171123
ClamAV Win.Packed.Lokibot-6331386-0 20171124
CMC Trojan-Downloader.Win32.Gamarue.2!O 20171123
Comodo TrojWare.Win32.Ransom.Petya.~A 20171124
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171124
Cyren W32/Trojan.DYMU-1604 20171124
DrWeb Trojan.Siggen7.21438 20171124
Emsisoft Trojan.GenericKD.5497350 (B) 20171124
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/PSW.Fareit.L 20171124
F-Prot W32/Trojan3.ZZR 20171124
F-Secure Trojan.GenericKD.5497350 20171124
Fortinet W32/Injector.DPNT!tr 20171124
GData Win32.Trojan-Spy.Emotet.AB 20171124
Ikarus Trojan.Win32.Krypt 20171123
Sophos ML heuristic 20170914
Jiangmin Trojan.Banker.NeutrinoPOS.k 20171124
K7AntiVirus Trojan ( 00510c321 ) 20171123
K7GW Trojan ( 00510c321 ) 20171124
Kaspersky Trojan.Win32.Agentb.imac 20171124
Malwarebytes Trojan.MalPack 20171124
MAX malware (ai score=100) 20171124
McAfee RDN/PWS-Banker 20171124
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20171124
Microsoft PWS:Win32/Primarypass.A 20171124
eScan Trojan.GenericKD.5497350 20171124
NANO-Antivirus Trojan.Win32.Spora.erosfa 20171124
Palo Alto Networks (Known Signatures) generic.ml 20171124
Panda Trj/Agent.HRK 20171123
Qihoo-360 Win32/Trojan.PSW.Zbot.B 20171124
Rising Stealer.Fareit!8.170 (KTSE) 20171124
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Troj/Petya-BH 20171124
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20171123
Symantec Infostealer.Lokibot 20171124
Tencent Suspicious.Heuristic.Gen.b.0 20171124
TrendMicro BKDR_TRICKBOT.SM 20171124
TrendMicro-HouseCall BKDR_TRICKBOT.SM 20171124
VBA32 TrojanBanker.NeutrinoPOS 20171123
VIPRE Trojan.Win32.Generic!BT 20171124
ViRobot Trojan.Win32.Agent.258560.K 20171124
Webroot W32.Infostealer.Zeus 20171124
Yandex Trojan.naKocTb! 20171120
Zillya Trojan.Kryptik.Win32.1213855 20171123
ZoneAlarm by Check Point Trojan.Win32.Agentb.imac 20171124
Zoner Trojan.Emotet 20171124
Alibaba 20171124
Avast-Mobile 20171123
Baidu 20171123
eGambit 20171124
Kingsoft 20171124
nProtect 20171124
Symantec Mobile Insight 20171123
TheHacker 20171121
TotalDefense 20171123
Trustlook 20171124
WhiteArmor 20171104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Nifo cofejapopoxa reselohehubohe gazuwa nawe vovawata jiciyu vene dopevoxomevewi

File version 17, 5, 4, 10
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-26 15:49:11
Entry Point 0x00001513
Number of sections 4
PE sections
PE imports
HeapSize
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetLastError
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetAtomNameA
GetProcessIoCounters
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
EncodePointer
GetCurrentThread
RaiseException
GetFileSizeEx
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
DecodePointer
IsProcessorFeaturePresent
SetProcessAffinityMask
GetThreadTimes
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
GetOEMCP
IsDebuggerPresent
TerminateProcess
GetProcessHandleCount
IsValidCodePage
HeapCreate
FatalAppExitA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
SetConsoleCtrlHandler
SetLastError
InterlockedIncrement
AlphaBlend
ShowScrollBar
LoadImageW
LoadImageA
SetPropW
Number of PE resources by type
RT_BITMAP 4
RT_ICON 4
RT_STRING 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
17.5.4.10

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
202240

EntryPoint
0x1513

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
17, 5, 4, 10

TimeStamp
2017:06:26 16:49:11+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
17, 5, 4, 10

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Nifo cofejapopoxa reselohehubohe gazuwa nawe vovawata jiciyu vene dopevoxomevewi

MachineType
Intel 386 or later, and compatibles

CodeSize
79360

FileSubtype
0

ProductVersionNumber
17.5.4.10

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 a1d5895f85751dfe67d19cccb51b051a
SHA1 9288fb8e96d419586fc8c595dd95353d48e8a060
SHA256 17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd
ssdeep
3072:vOAZ69/F3xyBPn6UhTBNK8UbCk155CqC/S0KHBq0crpGR4+y92fTX6JNsJoPy:vOJ/FhgJhd9fk1PC/lbrpGR09e6JNsk

authentihash 77ef10dc5f0918adb9deb3ba7269161635a67b077e810a2a32b8449d5c9c4eb0
imphash ec7f48d0a7e4eb9d813d996817fbbdf3
File size 269.5 KB ( 275968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-27 07:58:07 UTC (5 ヶ月, 2 週間前)
Last submission 2017-11-13 07:27:33 UTC (4 週間前)
ファイル名 17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd_ransomware.dll
bad.exe
myguy.exe
17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd.exe
myguy.exe
localfile~
myguy.exe
myguy.exe
myguy.exe
BCA9D6.exe
32C181.exe
myguy.exe.bin
malware (4)
9288fb8e96d419586fc8c595dd95353d48e8a060
17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd_17dacedb6f0379a6_34567.exe
myguy.vxe
21867.exe
17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd.bin
17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd.exe
Advanced heuristic and reputation engines
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications