× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 63093527bfff9429b0275a96cc219a8b1e260991337f8b4609d19396950cfde3
ファイル名: Prone.exe
検出率: 58 / 68
分析日時: 2017-11-01 02:02:25 UTC (5 ヶ月, 3 週間前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Gen:Variant.Symmi.19085 20171101
AegisLab Backdoor.W32.Azbreg.ucc!c 20171101
AhnLab-V3 Backdoor/Win32.Androm.C166457 20171031
ALYac Gen:Variant.Symmi.19085 20171101
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20171101
Arcabit Trojan.Symmi.D4A8D 20171101
Avast Win32:Dropper-gen [Drp] 20171101
AVG Win32:Dropper-gen [Drp] 20171101
Avira (no cloud) TR/Crypt.XPACK.Gen8 20171031
AVware Trojan.Win32.Zbocheman.fb (v) 20171101
BitDefender Gen:Variant.Symmi.19085 20171101
Bkav W32.TaskmanAzbreg.Trojan 20171031
CAT-QuickHeal Worm.HamweqBot 20171031
CMC Backdoor.Win32.Azbreg!O 20171031
Comodo TrojWare.Win32.Kryptik.AZFP 20171101
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171101
Cyren W32/S-cbe40052!Eldorado 20171101
DrWeb BackDoor.Ddoser.131 20171101
eGambit Unsafe.AI_Score_99% 20171101
Emsisoft Gen:Variant.Symmi.19085 (B) 20171101
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/AutoRun.KS 20171101
F-Prot W32/S-cbe40052!Eldorado 20171101
F-Secure Gen:Variant.Symmi.19085 20171101
Fortinet W32/Kryptik.AX!tr 20171101
GData Gen:Variant.Symmi.19085 20171101
Ikarus Trojan.Crypt 20171031
Sophos ML heuristic 20170914
Jiangmin Trojan/Generic.bapnv 20171101
K7AntiVirus Backdoor ( 0040f3f31 ) 20171031
K7GW Backdoor ( 0040f3f31 ) 20171101
Kaspersky Backdoor.Win32.Azbreg.ucc 20171101
Malwarebytes Trojan.Agent.RSRVGen 20171101
MAX malware (ai score=87) 20171101
McAfee Artemis!B4A6BC4097EC 20171031
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.qc 20171101
Microsoft Worm:Win32/Hamweq 20171101
eScan Gen:Variant.Symmi.19085 20171101
NANO-Antivirus Trojan.Win32.Crypted.crbaay 20171031
Palo Alto Networks (Known Signatures) generic.ml 20171101
Panda Trj/Dtcontx.D 20171031
Qihoo-360 Malware.Radar01.Gen 20171101
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Troj/Agent-ABIP 20171031
SUPERAntiSpyware Trojan.Agent/Gen-Vermer 20171101
Symantec W32.SillyFDC 20171101
Tencent Win32.Backdoor.Azbreg.Pfsw 20171101
TheHacker Posible_Worm32 20171031
TotalDefense Win32/Tnega.ASBA 20171031
TrendMicro TROJ_IRCBRUTE.JK 20171031
TrendMicro-HouseCall TROJ_IRCBRUTE.JK 20171031
VBA32 BScope.Trojan.MTA.2507 20171031
VIPRE Trojan.Win32.Zbocheman.fb (v) 20171101
Webroot W32.Rimecud.Gen 20171101
Yandex Backdoor.Azbreg!PbKszRs3FE4 20171031
Zillya Backdoor.Azbreg.Win32.2598 20171031
ZoneAlarm by Check Point Backdoor.Win32.Azbreg.ucc 20171101
Alibaba 20170911
Avast-Mobile 20171031
Baidu 20171031
ClamAV 20171031
CrowdStrike Falcon (ML) 20171016
Kingsoft 20171101
nProtect 20171101
Rising 20171101
Symantec Mobile Insight 20171101
Trustlook 20171101
ViRobot 20171031
WhiteArmor 20171024
Zoner 20171101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Aspen 1999 2006

Original name Prone.exe
File version 2, 4, 2
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-16 05:55:25
Entry Point 0x0010F1D0
Number of sections 3
PE sections
PE imports
GetCurrentHwProfileW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
RT_DLGINCLUDE 15
RT_DIALOG 15
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SPANISH PUERTO RICO 39
PE resources
ExifTool file metadata
Tag2NTMOgqFRfxdJe1XB
u8SeXhnBRfT6

HfdkRN5gQIUwObKMm54B
WmaCIi7ULVErou4flyn

SubsystemVersion
4.0

Tag8Hbl55wWEww4x
dxNwOKGN8pK

d1W3pGtJimmtd4aR
MMLgbMeO7S2CEiG8RSu

LinkerVersion
5.0

ImageVersion
0.0

FileVersionNumber
2.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

DKtaoudvEFO
T1n3BKwEQtrViVXBjmf

LegalCopyright
Aspen 1999 2006

CharacterSet
Unicode

YvTrKuGrX4kCVkaFKH
OrhPHDYTqkiyQIEwdv

InitializedDataSize
28672

I5RXc2cQFQipSO5bhpK
VeQlIrogCnElsLjyBa

EntryPoint
0x10f1d0

OriginalFileName
Prone.exe

MIMEType
application/octet-stream

pEv1AouPbkOJi
1f6nL2chKdq1

FileVersion
2, 4, 2

Tag25WOQXvDCr6Ah
CpLc5BbAsF

TimeStamp
2004:12:16 06:55:25+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2 4 4239

UninitializedDataSize
1073152

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
F^i?

CodeSize
36864

NTpjnGGQuFu
Q1qXhTuqhX8jvf

FileSubtype
0

ProductVersionNumber
2.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

byLJWjWlymd5amlo
ApJgFJiLSJIDLIp

FQEneMW65Kh
5doqSMnJTHmgsU6YaRV

File identification
MD5 b4a6bc4097ec2300bdd3aabbf2569e8b
SHA1 f686dbf32c9d5ba46d04a9c5bf1e2edb7c7ebe2f
SHA256 63093527bfff9429b0275a96cc219a8b1e260991337f8b4609d19396950cfde3
ssdeep
768:y5xTaPhym9k7KCFAQIxV0FZp/O4ggiVN4dUQWGY4hcEyTFEqGkALy49cOLc:xPQznFAQIxyDp2txN4uGTYKfLy46y

authentihash 45efbc350e9d8f551c2b7b631f19bad3efb41632bff3a13c08c250de2a57f7bc
imphash 14e30e78fec35b0a1ac1c20049c6530e
File size 58.5 KB ( 59904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-04-22 14:52:30 UTC (4 年, 12 ヶ月前)
Last submission 2016-05-21 18:35:57 UTC (1 年, 11 ヶ月前)
ファイル名 b4a6bc4097ec2300bdd3aabbf2569e8b
aa
Prone.exe
6R4uoh8CS.xdp
b4a6bc4097ec2300bdd3aabbf2569e8b.f686dbf32c9d5ba46d04a9c5bf1e2edb7c7ebe2f
t3.exe
B2622.exe
hostsn.exe
0p3AmU.msi
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications