× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 2bf737f147e761586df1c421584dba350fd865cb14113eee084f9d673a61ee67
ファイル名: winlogin.exe
検出率: 42 / 55
分析日時: 2016-03-03 03:38:14 UTC (3 年, 2 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.2782956 20160303
AegisLab DangerousObject.Multi.Generic!c 20160302
Yandex Trojan.Zacom! 20160302
AhnLab-V3 Trojan/Win32.Gen 20160302
ALYac Trojan.GenericKD.2782956 20160303
Antiy-AVL Trojan/Win32.TSGeneric 20160303
Arcabit Trojan.Generic.D2A76EC 20160303
Avast Win32:Malware-gen 20160303
AVG Small.HIN 20160303
Avira (no cloud) BDS/Zacom.137728.1 20160303
AVware Trojan.Win32.Generic!BT 20160303
Baidu-International Trojan.Win32.Zacom.I 20160302
BitDefender Trojan.GenericKD.2782956 20160303
CAT-QuickHeal Trojan.Skeeyah.r5 20160302
Comodo UnclassifiedMalware 20160303
Cyren W32/Trojan.HYOO-5084 20160303
Emsisoft Trojan.GenericKD.2782956 (B) 20160229
ESET-NOD32 Win32/Zacom.I 20160303
F-Secure Trojan.GenericKD.2782956 20160303
Fortinet W32/Zacom.I!tr 20160303
GData Trojan.GenericKD.2782956 20160303
Ikarus Trojan.Win32.Zacom 20160302
Jiangmin Trojan.GenericKD.vg 20160303
K7AntiVirus Trojan ( 004cf03e1 ) 20160302
K7GW Trojan ( 004cf03e1 ) 20160303
Kaspersky UDS:DangerousObject.Multi.Generic 20160303
Malwarebytes Backdoor.Bot 20160303
McAfee RDN/Generic.grp 20160303
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.cm 20160303
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160302
eScan Trojan.GenericKD.2782956 20160303
NANO-Antivirus Trojan.Win32.Zacom.dxwsjc 20160303
nProtect Trojan.GenericKD.2782956 20160302
Panda Trj/Genetic.gen 20160302
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160302
Sophos AV Mal/Generic-S 20160303
Tencent Win32.Backdoor.Zacom.Wnch 20160303
TrendMicro BKDR_ZACOM.YP 20160302
TrendMicro-HouseCall BKDR_ZACOM.YP 20160303
VIPRE Trojan.Win32.Generic!BT 20160303
ViRobot Trojan.Win32.S.Agent.137728.LA[h] 20160303
Zillya Trojan.Zacom.Win32.5 20160302
Alibaba 20160302
Bkav 20160302
ByteHero 20160303
ClamAV 20160302
CMC 20160301
DrWeb 20160303
F-Prot 20160303
Qihoo-360 20160303
SUPERAntiSpyware 20160303
Symantec 20160302
TheHacker 20160302
VBA32 20160302
Zoner 20160302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-18 09:22:32
Entry Point 0x00003222
Number of sections 5
PE sections
PE imports
CryptDeriveKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptAcquireContextW
CryptEncrypt
CryptHashData
CryptDecrypt
CryptDestroyHash
CryptCreateHash
GetLastError
InitializeCriticalSection
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetShortPathNameW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
WaitForSingleObject
RtlUnwind
GetStdHandle
VirtualFree
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
ExpandEnvironmentStringsW
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindNextFileW
HeapAlloc
TerminateProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
IsValidCodePage
HeapCreate
CreateFileW
CreateProcessW
FindClose
InterlockedDecrement
Sleep
WriteConsoleW
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
InterlockedIncrement
SHCreateShellItem
SHGetSpecialFolderPathW
SHParseDisplayName
SetTimer
EndPaint
SendMessageW
UpdateWindow
RegisterClassExW
BeginPaint
GetMessageW
DefWindowProcW
LoadStringW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
TranslateMessage
PostQuitMessage
ShowWindow
DispatchMessageW
TranslateAcceleratorW
WinHttpConnect
WinHttpReadData
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_ACCELERATOR 1
RT_STRING 1
Number of PE resources by language
CHINESE SIMPLIFIED 20
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:08:18 10:22:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
10.0

EntryPoint
0x3222

InitializedDataSize
88576

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d20fc878662247abc875762f920d882f
SHA1 a138600bb4fcfed015bbc7bc79536999a8fa55d5
SHA256 2bf737f147e761586df1c421584dba350fd865cb14113eee084f9d673a61ee67
ssdeep
1536:5SDB4Qnu/Z0DH8iqdUipHvlh2TV/YAVTXEDz+akm0cmaRG5vXXyrBzF:8DBjnu/egdUSHHWfV0z+Om2qvXXy9zF

authentihash bc47b6102339cbb7f2e9eff4a2648b95d87c618792be9ed351913d76d629dac5
imphash 59bafce5e8991b312224c1defdb16d33
File size 134.5 KB ( 137728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-08 03:48:46 UTC (3 年, 7 ヶ月前)
Last submission 2016-04-04 16:02:56 UTC (3 年, 1 ヶ月前)
ファイル名 winlogin.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
DNS requests