× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 751b436bd85e24a7774881d2c1dbe4cb98aef65672ed149bba39c29824dfbbaf
ファイル名: al_upload_751b436bd85e24a7774881d2c1dbe4cb98aef65672ed149bba39c29...
検出率: 51 / 62
分析日時: 2017-04-07 20:56:36 UTC (3 ヶ月, 2 週間前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.Generic.20559555 20170407
AegisLab Ml.Attribute.Gen!c 20170407
AhnLab-V3 Malware/Win32.Generic.C1887889 20170407
ALYac Trojan.Ransom.Cerber 20170407
Antiy-AVL Trojan[Ransom]/Win32.Zerber 20170407
Arcabit Trojan.Generic.D139B6C3 20170407
Avast Win32:Rootkit-gen [Rtk] 20170407
AVG Ransom_r.BTR 20170407
Avira (no cloud) TR/Crypt.ZPACK.ohxws 20170407
AVware Trojan.Win32.Generic!BT 20170407
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9715 20170406
BitDefender Trojan.Generic.20559555 20170407
CAT-QuickHeal TrojanRansom.Zerber 20170407
Comodo TrojWare.Win32.Cerber.~I 20170407
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Cerber.AY.gen!Eldorado 20170407
DrWeb Trojan.Inject2.51644 20170407
Emsisoft Trojan.Generic.20559555 (B) 20170407
Endgame malicious (high confidence) 20170407
ESET-NOD32 Win32/Filecoder.Cerber.I 20170407
F-Prot W32/Cerber.AY.gen!Eldorado 20170407
F-Secure Trojan.Generic.20559555 20170407
Fortinet W32/Cerber.I!tr 20170407
GData Trojan.Generic.20559555 20170407
Ikarus Trojan.Win32.Filecoder 20170407
Sophos ML virus.win32.parite.b 20170203
Jiangmin Trojan.Zerber.bcg 20170407
K7AntiVirus Trojan ( 00509c971 ) 20170407
K7GW Trojan ( 00509c971 ) 20170407
Kaspersky Trojan-Ransom.Win32.Zerber.dhin 20170407
Malwarebytes Ransom.Cerber 20170407
McAfee RDN/Generic.grp 20170407
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20170407
Microsoft Ransom:Win32/Cerber 20170407
eScan Trojan.Generic.20559555 20170407
NANO-Antivirus Trojan.Win32.Zerber.emwatk 20170407
nProtect Ransom/W32.Cerber.373161 20170407
Palo Alto Networks (Known Signatures) generic.ml 20170407
Panda Trj/GdSda.A 20170407
Qihoo-360 Trojan.Generic 20170407
Rising Malware.Generic.1!tfe (cloud:AY9aF45IppQ) 20170407
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Cerber-U 20170407
Symantec Trojan.Randsom.A 20170407
Tencent Win32.Trojan.Zerber.Dumb 20170407
TrendMicro Ransom_CERBER.F117CR 20170407
TrendMicro-HouseCall Ransom_CERBER.F117CR 20170407
VIPRE Trojan.Win32.Generic!BT 20170407
Webroot W32.Trojan.Gen 20170407
Yandex Trojan.Zerber! 20170406
ZoneAlarm by Check Point Trojan-Ransom.Win32.Zerber.dhin 20170407
Alibaba 20170407
Bkav 20170407
ClamAV 20170407
CMC 20170407
Kingsoft 20170407
SUPERAntiSpyware 20170407
Symantec Mobile Insight 20170406
TheHacker 20170406
TotalDefense 20170407
Trustlook 20170407
VBA32 20170407
ViRobot 20170407
WhiteArmor 20170327
Zillya 20170407
Zoner 20170407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-26 10:40:38
Entry Point 0x000099B0
Number of sections 5
PE sections
Overlays
MD5 326c2976b2d05727cd3d542d0fd7adc0
File type data
Offset 372736
Size 425
Entropy 7.42
PE imports
OpenThreadToken
SetThreadToken
RevertToSelf
GetStdHandle
WaitForSingleObject
HeapDestroy
DebugBreak
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
OpenFileMappingA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
OutputDebugStringA
GetSystemTime
GetModuleFileNameW
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
SetEvent
GetUserDefaultLCID
GetProcessHeap
lstrcpyW
lstrcpyA
HeapValidate
CreateFileMappingA
IsValidLocale
GetProcAddress
GetFileType
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
lstrcpynW
RaiseException
MapViewOfFile
SetFilePointer
CloseHandle
GetACP
GetVersion
IsValidCodePage
UnmapViewOfFile
VirtualFree
IsBadReadPtr
IsBadCodePtr
OpenEventA
VirtualAlloc
Ord(89)
GetMessageA
DispatchMessageA
TranslateMessage
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
CoUnmarshalInterface
CreateStreamOnHGlobal
CoRegisterClassObject
CoRevokeClassObject
CoReleaseMarshalData
CoMarshalInterface
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:26 11:40:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
106496

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
307200

SubsystemVersion
4.0

EntryPoint
0x99b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 14012eccec6ff1072bd5f0a16eb4efd0
SHA1 b62305163a11274f0d8401efbe4be4793fc23c0b
SHA256 751b436bd85e24a7774881d2c1dbe4cb98aef65672ed149bba39c29824dfbbaf
ssdeep
6144:enmOSBXDuZl+yCWGUEmoYMNxms4lXguI7L9OX3OhonwxHmCfxZkHWtWmJri:tOMDuZl+y8UTo5J9ODwtf2WnJm

authentihash 3c95b1d5099277894b776b672b6444cff6afd04fe76779a0df9e20bd67bc5f24
imphash e559291923a558f1c22c991181ba362e
File size 364.4 KB ( 373161 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.4%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2017-03-26 20:47:34 UTC (3 ヶ月, 4 週間前)
Last submission 2017-03-29 17:12:10 UTC (3 ヶ月, 3 週間前)
ファイル名 UnInstall.exe
UnInstall.exe
al_upload_751b436bd85e24a7774881d2c1dbe4cb98aef65672ed149bba39c29824dfbbaf
751b436bd85e24a7774881d2c1dbe4cb98aef65672ed149bba39c29824dfbbaf.exe
751b436bd85e24a7774881d2c1dbe4cb98aef65672ed149bba39c29824dfbbaf.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs