× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 8abf7fd28c5c4d9f078392ecfa26d8db7c0d29455a1605e2928b95cc77efa87c
ファイル名: どこでもなんでもBackup君.exe
検出率: 9 / 55
分析日時: 2015-08-31 13:32:14 UTC (3 年, 5 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
AhnLab-V3 Trojan/Win32.Snocry 20150831
Antiy-AVL Trojan/Win32.TSGeneric 20150831
DrWeb Trojan.DownLoader15.43553 20150831
Fortinet W32/Reconyc.EGBH!tr 20150831
Jiangmin Trojan/AntiAV.fmg 20150830
K7AntiVirus Riskware ( 0040eff71 ) 20150831
K7GW Riskware ( 0040eff71 ) 20150831
Panda Trj/Genetic.gen 20150831
VBA32 Trojan.BAT.Flood 20150831
Ad-Aware 20150831
AegisLab 20150831
Yandex 20150831
Alibaba 20150831
ALYac 20150831
Arcabit 20150831
Avast 20150831
AVG 20150831
Avira (no cloud) 20150831
AVware 20150831
Baidu-International 20150831
BitDefender 20150831
Bkav 20150831
ByteHero 20150831
CAT-QuickHeal 20150831
ClamAV 20150831
Comodo 20150831
Cyren 20150831
Emsisoft 20150831
ESET-NOD32 20150831
F-Prot 20150829
F-Secure 20150829
GData 20150831
Ikarus 20150831
Kaspersky 20150831
Kingsoft 20150831
Malwarebytes 20150831
McAfee 20150831
McAfee-GW-Edition 20150831
Microsoft 20150831
eScan 20150831
NANO-Antivirus 20150831
nProtect 20150831
Qihoo-360 20150831
Rising 20150831
Sophos AV 20150831
SUPERAntiSpyware 20150829
Symantec 20150830
Tencent 20150831
TheHacker 20150830
TrendMicro 20150831
TrendMicro-HouseCall 20150831
VIPRE 20150831
ViRobot 20150831
Zillya 20150831
Zoner 20150831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
???

Publisher patorichicken????
Product ????????Backup?
File version 1,0,0,0
Description ????????Backup??????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-09 09:07:26
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetObjectA
DeleteDC
SelectObject
GetTextExtentPoint32A
GetStockObject
CreateBitmap
SetPixel
CreateSolidBrush
GetDIBits
GetObjectType
BitBlt
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
PeekNamedPipe
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
HeapCreate
WaitForSingleObject
FreeLibrary
HeapDestroy
HeapAlloc
TlsAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
CreatePipe
GetCurrentProcess
SizeofResource
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
SetFilePointer
GetTempPathA
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetTempFileNameA
DuplicateHandle
HeapReAlloc
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
TerminateProcess
CreateProcessA
RemoveDirectoryA
InitializeCriticalSection
LoadResource
Sleep
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
strncmp
malloc
tolower
fabs
memmove
memset
fclose
strcat
free
ceil
_stricmp
strcpy
sprintf
_strnicmp
memcpy
floor
strlen
strcmp
strncpy
RevokeDragDrop
CoTaskMemFree
CoInitialize
ShellExecuteExA
PathRemoveArgsA
PathGetArgsA
PathAddBackslashA
PathQuoteSpacesA
SetFocus
RedrawWindow
GetForegroundWindow
GetParent
ReleaseDC
SetPropA
EnumWindows
RegisterWindowMessageA
DefWindowProcA
ShowWindow
FillRect
GetPropA
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
EnumChildWindows
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
SetActiveWindow
GetDC
GetKeyState
DrawTextA
RemovePropA
DefFrameProcA
DestroyIcon
UnregisterClassA
IsWindowVisible
SendMessageA
GetClientRect
RegisterClassA
SetRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
GetActiveWindow
DestroyAcceleratorTable
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
TranslateAcceleratorA
GetWindowTextA
CreateAcceleratorTableA
IsChild
DestroyWindow
timeBeginPeriod
Number of PE resources by type
RT_ICON 12
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
80384

EntryPoint
0x1000

MIMEType
application/octet-stream

FileVersion
1,0,0,0

TimeStamp
2015:08:09 10:07:26+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
Backup

OSVersion
4.0

FileOS
Windows 16-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
patorichicken

CodeSize
42496

ProductName
Backup

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 db7301251a703d1f4d3b86b00180624d
SHA1 0952601d23b8ec1759f275c7f81db50902432681
SHA256 8abf7fd28c5c4d9f078392ecfa26d8db7c0d29455a1605e2928b95cc77efa87c
ssdeep
1536:7WqCR8ze0SMfFIE43jqTYf/iWKD/qxw0n1U//+XjbkKTQYmqu2vnpvHvmMkmeSO5:yqk0SvWTsqxCxdU/OjbGYKIHuZmeD

authentihash fd80c356830eb202bc24bc13d73b57b9cfecef6f7fda7164f5e9570f994c3ae5
imphash 0818438d729451edf8c455424695687b
File size 121.0 KB ( 123904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Windows screen saver (43.2%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.8%)
Win16/32 Executable Delphi generic (6.8%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-31 13:28:36 UTC (3 年, 5 ヶ月前)
Last submission 2015-09-01 09:08:00 UTC (3 年, 5 ヶ月前)
ファイル名 잂놂얂좂얂慂正灵二攮數
どこでもなんでもBackup君.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00XC0DI415.

コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Opened mutexes
Runtime DLLs