× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 4da19b5e0a9d243de814e8c81ddfe2cee631cfd06e822f2b2aae0f124dacf1b3
ファイル名: aephaeci
検出率: 28 / 52
分析日時: 2014-05-20 15:49:18 UTC (4 年, 11 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.1686570 20140520
Yandex TrojanSpy.Zbot!5W+YnWjoZJU 20140520
AhnLab-V3 Dropper/Win32.Necurs 20140520
AntiVir TR/Spy.ZBot.aau.236 20140520
Avast Win32:Malware-gen 20140520
AVG Zbot.IYR 20140520
Baidu-International Trojan.Win32.Zbot.BAAU 20140520
BitDefender Trojan.GenericKD.1686570 20140520
Bkav HW32.CDB.18cf 20140520
DrWeb Trojan.Packed.26776 20140520
Emsisoft Trojan.Win32.Zbot (A) 20140520
ESET-NOD32 Win32/Spy.Zbot.AAU 20140520
F-Secure Trojan.GenericKD.1686570 20140520
GData Trojan.GenericKD.1686570 20140520
Ikarus Trojan-Spy.Zbot 20140520
K7AntiVirus Spyware ( 00404d661 ) 20140520
K7GW Spyware ( 00404d661 ) 20140520
Malwarebytes Trojan.Spy.Zbot 20140520
McAfee Artemis!A989B3EDCC6C 20140520
McAfee-GW-Edition Artemis!A989B3EDCC6C 20140519
eScan Trojan.GenericKD.1686570 20140520
Norman Suspicious_Gen4.GIRON 20140520
Qihoo-360 Win32/Trojan.Multi.daf 20140520
Sophos AV Troj/Necurs-CD 20140520
Symantec Trojan.Zbot 20140520
TrendMicro TSPY_ZBOT.YUYAH 20140520
TrendMicro-HouseCall TSPY_ZBOT.YUYAH 20140520
VIPRE Win32.Malware!Drop 20140520
AegisLab 20140520
Antiy-AVL 20140520
ByteHero 20140520
CAT-QuickHeal 20140520
ClamAV 20140520
CMC 20140520
Commtouch 20140520
Comodo 20140520
F-Prot 20140520
Fortinet 20140520
Jiangmin 20140520
Kaspersky 20140520
Kingsoft 20140520
Microsoft 20140520
NANO-Antivirus 20140520
nProtect 20140520
Panda 20140520
Rising 20140520
SUPERAntiSpyware 20140520
Tencent 20140515
TheHacker 20140520
TotalDefense 20140520
VBA32 20140520
ViRobot 20140520
Zillya 20140519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2007, Truenorthlogic

Product Clotheease
Internal name Clotheease
File version 3.2.418.499
Description Clotheease
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-19 08:32:38
Entry Point 0x0000BE05
Number of sections 5
PE sections
PE imports
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
MapWindowPoints
GetMessagePos
GetParent
ReleaseDC
SetPropA
SetMenuItemBitmaps
RegisterWindowMessageA
GetCapture
GetMenuState
RemovePropA
DestroyMenu
PostQuitMessage
DefWindowProcA
SetWindowTextA
IsWindowEnabled
GetPropA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
UnhookWindowsHookEx
PostMessageA
GrayStringA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetDC
GetKeyState
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
CheckMenuItem
GetMenu
UnregisterClassA
GetLastActivePopup
PtInRect
GetForegroundWindow
GetWindowPlacement
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextExA
WinHelpA
IsIconic
RegisterClassA
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
SetWindowsHookExA
ClientToScreen
GetTopWindow
GetClassInfoExA
GetSubMenu
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
GetMenuItemCount
SetForegroundWindow
ModifyMenuA
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_ICON 3
BIN 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
CodeSize
154624

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.418.499

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Clotheease

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1129472

EntryPoint
0xbe05

MIMEType
application/octet-stream

LegalCopyright
2007, Truenorthlogic

FileVersion
3.2.418.499

TimeStamp
2014:05:19 10:32:38+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Clotheease

ProductVersion
3.2.418.499

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Truenorthlogic

LegalTrademarks
Clotheease

ProductName
Clotheease

ProductVersionNumber
3.2.418.499

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
PCAP parents
File identification
MD5 a989b3edcc6c043bf63d361be6afead8
SHA1 cc000da49b8a1da66aeaa6d838603bbf965cd3f4
SHA256 4da19b5e0a9d243de814e8c81ddfe2cee631cfd06e822f2b2aae0f124dacf1b3
ssdeep
12288:gmfnu6ehzgOLqZRaC0d9ktLAaJY0CjreGQav:gMu6eh8najALJk6av

authentihash b646bc2c599c743f701c8d88e072ef8833733d53114ffb60febdd6eda1400a12
imphash 1cc7ab7c140a4680ef1f408c8660191d
File size 627.5 KB ( 642560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-19 11:40:59 UTC (4 年, 11 ヶ月前)
Last submission 2019-03-14 17:34:13 UTC (1 ヶ月前)
ファイル名 jaipualo
aephaeci.exe
bhg4458hgff
file-7083424_
a989b3edcc6c043bf63d361be6afead8
jahpaebu
aephaeci[1].dr
maojeero
a989b3edcc6c043bf63d361be6afead8.exe
27298930
oopheigu
ixeethoa
iekahree.exe
Clotheease
iekahree
output.117338387.txt
dahkiuca
aephaeci[1]
aephaeci
jaipualo.exe
aivainin
008492538
aephaeci.EXE
output.27298930.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications