× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 6f062fdc7da4de176acc18c72b65fce88ee407f80c84a0b15565cf2a9ef82c72
ファイル名: yet_another_cleaner_sk_0.exe
検出率: 12 / 57
分析日時: 2015-03-26 12:32:55 UTC (3 年, 12 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Yandex Riskware.Agent! 20150325
AhnLab-V3 PUP/Win32.Generic 20150326
Antiy-AVL Trojan/Win32.TSGeneric 20150326
AVware Trojan.Win32.Generic!BT 20150326
Comodo ApplicUnwnt.Win32.ELEX.A 20150326
DrWeb Adware.Mutabaha.174 20150326
ESET-NOD32 a variant of Win32/ELEX.CC potentially unwanted 20150326
K7AntiVirus Trojan ( 004b79df1 ) 20150326
K7GW Trojan ( 004b79df1 ) 20150326
Malwarebytes PUP.Optional.ELEX 20150326
McAfee Artemis!B7620A17C717 20150326
VIPRE Trojan.Win32.Generic!BT 20150326
Ad-Aware 20150326
AegisLab 20150326
Alibaba 20150326
ALYac 20150326
Avast 20150326
AVG 20150326
Avira (no cloud) 20150326
Baidu-International 20150326
BitDefender 20150326
Bkav 20150326
ByteHero 20150326
CAT-QuickHeal 20150326
ClamAV 20150326
CMC 20150325
Cyren 20150326
Emsisoft 20150326
F-Prot 20150326
F-Secure 20150326
Fortinet 20150326
GData 20150326
Ikarus 20150326
Jiangmin 20150325
Kaspersky 20150326
Kingsoft 20150326
McAfee-GW-Edition 20150326
Microsoft 20150326
eScan 20150326
NANO-Antivirus 20150326
Norman 20150326
nProtect 20150326
Panda 20150326
Qihoo-360 20150326
Rising 20150326
Sophos AV 20150326
SUPERAntiSpyware 20150326
Symantec 20150326
Tencent 20150326
TheHacker 20150324
TotalDefense 20150326
TrendMicro 20150326
TrendMicro-HouseCall 20150326
VBA32 20150326
ViRobot 20150326
Zillya 20150325
Zoner 20150326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Product Setup
Original name Setup.exe
Internal name Setup.exe
File version 1.0.154.23394
Description Setup
Comments Setup
Signature verification Signed file, verified signature
Signing date 7:01 AM 3/11/2015
Signers
[+] Elex do Brasil Participações Ltda
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 6/23/2014
Valid to 12:59 AM 6/21/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7FAE729F759B831ECA82A7904F189318CAA959F5
Serial number 5C 69 50 D0 A0 5A 1C D6 31 64 D1 E1 EB 1F FB 8A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-11 06:01:16
Entry Point 0x000093B8
Number of sections 5
PE sections
Overlays
MD5 bf1dc2b15f7150d86393eb3eb0a1f344
File type data
Offset 862208
Size 6480
Entropy 7.33
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
OutputDebugStringW
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
SetLastError
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
FindFirstFileW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
GetConsoleCP
CreateEventW
LoadLibraryExW
GetModuleHandleExW
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
FindClose
InterlockedDecrement
Sleep
GetFileType
SetFileAttributesW
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SleepEx
WriteConsoleW
LeaveCriticalSection
PathCombineW
PathAppendW
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_MANIFEST 1
MTTYPE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
FileDescription
Setup

Comments
Setup

InitializedDataSize
792576

ImageVersion
0.0

ProductName
Setup

FileVersionNumber
1.0.154.23394

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.154.23394

TimeStamp
2015:03:11 07:01:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

SubsystemVersion
5.1

ProductVersion
1.0.154.23394

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2011-2015 Elex do Brasil Participa es Ltda

MachineType
Intel 386 or later, and compatibles

CodeSize
85504

FileSubtype
0

ProductVersionNumber
1.0.154.23394

EntryPoint
0x93b8

ObjectFileType
Executable application

File identification
MD5 b7620a17c7172d5bdcc77362ac84a4b2
SHA1 cac08d0b91c299d78a083e0ddb05eae9e3c61e5f
SHA256 6f062fdc7da4de176acc18c72b65fce88ee407f80c84a0b15565cf2a9ef82c72
ssdeep
12288:UjCmVVv7MqWrK3uAn5n0utuRlmfRPFgeCv6mwSFJ8g:u7VlMqWrK3uAnJ0utuIPU6Or8g

authentihash a085afc9e2f4862fbb5ddf06a0b5cc3248340dd5fc8f969b14e4b973a025e7a3
imphash 58fa858914cf2034b9aacc2d567bf77a
File size 848.3 KB ( 868688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-03-11 06:11:11 UTC (4 年前)
Last submission 2015-06-27 17:11:57 UTC (3 年, 8 ヶ月前)
ファイル名 yet_another_cleaner_sk_7039222.exe
test.exe
yet_another_cleaner_sk_4112149.exe
yet_another_cleaner_sk_5155824.exe
yet_another_cleaner_sk_4858527.exe
yet_another_cleaner_sk_6821207.exe
yac_newdl_1.0.154.23394_ds0.exe
yet_another_cleaner_sk_6285670.exe
yet_another_cleaner_neti.exe
yet_another_cleaner_sk_6092887.exe
yet_another_cleaner_sk_3045935.exe
yet_another_cleaner_sk_2612009.exe
yet_another_cleaner_sk_6004791.exe
yet_another_cleaner_sk_7048829.exe
648360
yet_another_cleaner_sk_0.exe
yet_another_cleaner_sk_4317598.exe
yet_another_cleaner_sk_6853832.exe
yet_another_cleaner_sk_137536.exe
yet_another_cleaner_sk_5183953.exe
yet_another_cleaner_sk_75579.exe
yet_another_cleaner_sk_1521485.exe
yet_another_cleaner_sk_1315163.exe
yet_another_cleaner_sk.exe
output.60764403.txt
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections