× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 63093527bfff9429b0275a96cc219a8b1e260991337f8b4609d19396950cfde3
ファイル名: Prone.exe
検出率: 51 / 57
分析日時: 2016-05-21 18:35:57 UTC (1 年, 5 ヶ月前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Gen:Variant.Symmi.19085 20160521
AegisLab Backdoor.W32.Azbreg.ucc!c 20160521
AhnLab-V3 Backdoor/Win32.Androm 20160521
ALYac Gen:Variant.Symmi.19085 20160521
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20160521
Arcabit Trojan.Symmi.D4A8D 20160521
Avast Win32:Dropper-gen [Drp] 20160521
AVG SHeur4.BGXH 20160521
Avira (no cloud) TR/Crypt.XPACK.Gen8 20160521
AVware Trojan.Win32.Zbocheman.fb (v) 20160521
Baidu-International Backdoor.Win32.Azbreg.ucc 20160521
BitDefender Gen:Variant.Symmi.19085 20160521
Bkav W32.TaskmanAzbreg.Trojan 20160521
CMC Backdoor.Win32.Azbreg!O 20160520
Comodo TrojWare.Win32.Kryptik.AZFP 20160521
Cyren W32/S-cbe40052!Eldorado 20160521
DrWeb BackDoor.Ddoser.131 20160521
Emsisoft Gen:Variant.Symmi.19085 (B) 20160521
ESET-NOD32 Win32/AutoRun.KS 20160521
F-Prot W32/S-cbe40052!Eldorado 20160521
F-Secure Gen:Variant.Symmi.19085 20160521
Fortinet W32/Kryptik.AX!tr 20160521
GData Gen:Variant.Symmi.19085 20160521
Ikarus Trojan.Win32.Paramis 20160521
Jiangmin Trojan/Generic.bapnv 20160521
K7AntiVirus Backdoor ( 0040f3f31 ) 20160521
K7GW Backdoor ( 0040f3f31 ) 20160521
Kaspersky Backdoor.Win32.Azbreg.ucc 20160521
Malwarebytes Trojan.Agent.RSRVGen 20160521
McAfee Artemis!B4A6BC4097EC 20160521
McAfee-GW-Edition BehavesLike.Win32.Expiro.qc 20160521
Microsoft Worm:Win32/Hamweq.A 20160520
eScan Gen:Variant.Symmi.19085 20160521
NANO-Antivirus Trojan.Win32.XPACK.crbaay 20160521
nProtect Trojan/W32.Agent.59904.AAB 20160520
Panda Trj/Dtcontx.D 20160521
Qihoo-360 Malware.Radar01.Gen 20160521
Rising Malware.Generic!NJD0O0i7G1O@4 (Thunder) 20160521
Sophos AV Troj/Agent-ABIP 20160521
SUPERAntiSpyware Trojan.Agent/Gen-Vermer 20160521
Symantec W32.SillyFDC 20160521
Tencent Win32.Backdoor.Azbreg.Pfsw 20160521
TheHacker Posible_Worm32 20160520
TotalDefense Win32/Tnega.ASBA 20160521
TrendMicro TROJ_IRCBRUTE.JK 20160521
TrendMicro-HouseCall TROJ_IRCBRUTE.JK 20160521
VBA32 BScope.Trojan.MTA.2507 20160520
VIPRE Trojan.Win32.Zbocheman.fb (v) 20160521
ViRobot Backdoor.Win32.S.Androm.59904[h] 20160521
Yandex Backdoor.Azbreg!PbKszRs3FE4 20160520
Zillya Backdoor.Azbreg.Win32.2598 20160521
Alibaba 20160520
Baidu 20160520
CAT-QuickHeal 20160521
ClamAV 20160521
Kingsoft 20160521
Zoner 20160521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Aspen 1999 2006

Original name Prone.exe
File version 2, 4, 2
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-16 05:55:25
Entry Point 0x0010F1D0
Number of sections 3
PE sections
PE imports
GetCurrentHwProfileW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
RT_DIALOG 15
RT_DLGINCLUDE 15
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
SPANISH PUERTO RICO 39
PE resources
ExifTool file metadata
Tag2NTMOgqFRfxdJe1XB
u8SeXhnBRfT6

FileTypeExtension
exe

HfdkRN5gQIUwObKMm54B
WmaCIi7ULVErou4flyn

ProductVersionNumber
2.4.0.0

UninitializedDataSize
1073152

YvTrKuGrX4kCVkaFKH
OrhPHDYTqkiyQIEwdv

d1W3pGtJimmtd4aR
MMLgbMeO7S2CEiG8RSu

InitializedDataSize
28672

ImageVersion
0.0

FileVersionNumber
2.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

OSVersion
4.0

CharacterSet
Unicode

Tag8Hbl55wWEww4x
dxNwOKGN8pK

LinkerVersion
5.0

Subsystem
Windows GUI

OriginalFileName
Prone.exe

MIMEType
application/octet-stream

pEv1AouPbkOJi
1f6nL2chKdq1

FileVersion
2, 4, 2

Tag25WOQXvDCr6Ah
CpLc5BbAsF

TimeStamp
2004:12:16 06:55:25+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2 4 4239

SubsystemVersion
4.0

DKtaoudvEFO
T1n3BKwEQtrViVXBjmf

FileOS
Windows NT 32-bit

LegalCopyright
Aspen 1999 2006

MachineType
Intel 386 or later, and compatibles

CompanyName
F^i?

CodeSize
36864

NTpjnGGQuFu
Q1qXhTuqhX8jvf

FileSubtype
0

I5RXc2cQFQipSO5bhpK
VeQlIrogCnElsLjyBa

EntryPoint
0x10f1d0

ObjectFileType
Executable application

byLJWjWlymd5amlo
ApJgFJiLSJIDLIp

FQEneMW65Kh
5doqSMnJTHmgsU6YaRV

File identification
MD5 b4a6bc4097ec2300bdd3aabbf2569e8b
SHA1 f686dbf32c9d5ba46d04a9c5bf1e2edb7c7ebe2f
SHA256 63093527bfff9429b0275a96cc219a8b1e260991337f8b4609d19396950cfde3
ssdeep
768:y5xTaPhym9k7KCFAQIxV0FZp/O4ggiVN4dUQWGY4hcEyTFEqGkALy49cOLc:xPQznFAQIxyDp2txN4uGTYKfLy46y

authentihash 45efbc350e9d8f551c2b7b631f19bad3efb41632bff3a13c08c250de2a57f7bc
imphash 14e30e78fec35b0a1ac1c20049c6530e
File size 58.5 KB ( 59904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-04-22 14:52:30 UTC (4 年, 6 ヶ月前)
Last submission 2016-05-21 18:35:57 UTC (1 年, 5 ヶ月前)
ファイル名 b4a6bc4097ec2300bdd3aabbf2569e8b
aa
Prone.exe
6R4uoh8CS.xdp
b4a6bc4097ec2300bdd3aabbf2569e8b.f686dbf32c9d5ba46d04a9c5bf1e2edb7c7ebe2f
t3.exe
B2622.exe
hostsn.exe
0p3AmU.msi
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications