× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: ab83443b4fa9034bc3c0bbcaf98131128b9c78b5da8b07cdaa26e8ea8f51ee75
ファイル名: output.115180721.txt
検出率: 36 / 70
分析日時: 2019-02-08 14:10:44 UTC (3 ヶ月, 2 週間前) 最新を表示
ウイルス対策ソフト 結果 更新日
Acronis suspicious 20190208
Ad-Aware Gen:Variant.Razy.461222 20190208
AhnLab-V3 Trojan/Win32.Infostealer.R254638 20190208
ALYac Gen:Variant.Razy.461222 20190208
Arcabit Trojan.Razy.D709A6 20190208
Avast Win32:Trojan-gen 20190208
AVG Win32:Trojan-gen 20190208
BitDefender Gen:Variant.Razy.461222 20190208
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181023
Cylance Unsafe 20190208
Cyren W32/VBKrypt.KZ.gen!Eldorado 20190208
ESET-NOD32 a variant of Win32/Injector.EDLG 20190208
F-Prot W32/VBKrypt.KZ.gen!Eldorado 20190208
Fortinet W32/Injector.EDLG!tr 20190208
GData Gen:Variant.Razy.461222 20190208
Ikarus Trojan.Win32.Injector 20190208
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005473e71 ) 20190208
K7GW Trojan ( 005473e71 ) 20190208
Malwarebytes Spyware.PasswordStealer 20190208
MAX malware (ai score=89) 20190208
McAfee Fareit-FNR!9FD0E20B7DC4 20190208
McAfee-GW-Edition Artemis!Trojan 20190208
Microsoft Trojan:Win32/Fuerboos.C!cl 20190208
eScan Gen:Variant.Razy.461222 20190208
NANO-Antivirus Trojan.Win32.Inject.fmsari 20190208
Palo Alto Networks (Known Signatures) generic.ml 20190208
Qihoo-360 HEUR/QVM03.0.134F.Malware.Gen 20190208
Rising Trojan.Injector!1.B459 (CLASSIC) 20190208
Sophos AV Mal/Generic-S 20190208
Symantec ML.Attribute.HighConfidence 20190208
Trapmine malicious.moderate.ml.score 20190123
TrendMicro Trojan.Win32.MALREP.THBOHAI 20190208
TrendMicro-HouseCall Trojan.Win32.MALREP.THBOHAI 20190208
VBA32 BScope.Backdoor.Androm 20190208
ViRobot Trojan.Win32.Z.Razy.861832 20190208
AegisLab 20190208
Alibaba 20180921
Antiy-AVL 20190208
Avast-Mobile 20190208
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
Cybereason 20190109
DrWeb 20190208
eGambit 20190208
Emsisoft 20190208
Endgame 20181108
F-Secure 20190208
Jiangmin 20190208
Kaspersky 20190208
Kingsoft 20190208
Panda 20190208
SentinelOne (Static ML) 20190203
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190208
Tencent 20190208
TheHacker 20190203
TotalDefense 20190206
Trustlook 20190208
Webroot 20190208
Yandex 20190208
Zillya 20190208
ZoneAlarm by Check Point 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Ordisplay
Original name Flirtling10.exe
Internal name Flirtling10
File version 3.04.0005
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:07 PM 3/23/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-11-10 03:42:46
Entry Point 0x00001324
Number of sections 3
PE sections
Overlays
MD5 a9a9f6813ff274757a4b1926ec12cfec
File type data
Offset 856064
Size 5768
Entropy 7.53
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
Ord(521)
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
EVENT_SINK_AddRef
Ord(685)
__vbaFreeStrList
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
Ord(693)
__vbaVarForInit
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
__vbaVarAdd
Ord(714)
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaLbound
__vbaObjSetAddref
_CItan
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaVarTstGt
_CIcos
__vbaVarTstEq
_adj_fptan
__vbaI2Var
__vbaFileClose
__vbaR8Var
__vbaObjSet
__vbaI4Var
__vbaVarMove
_CIatan
__vbaNew2
__vbaVarForNext
__vbaLateIdSt
__vbaLateIdCallLd
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaVarMul
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(648)
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
3.4

FileSubtype
0

FileVersionNumber
3.4.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x1324

OriginalFileName
Flirtling10.exe

MIMEType
application/octet-stream

FileVersion
3.04.0005

TimeStamp
2002:11:10 04:42:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Flirtling10

ProductVersion
3.04.0005

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
sparklessly8

CodeSize
819200

ProductName
Ordisplay

ProductVersionNumber
3.4.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9fd0e20b7dc41da62e2092e117026382
SHA1 0ef0cdec22e9fd097e62cddc0174b99ab6e5c5d2
SHA256 ab83443b4fa9034bc3c0bbcaf98131128b9c78b5da8b07cdaa26e8ea8f51ee75
ssdeep
24576:Cs/spY60VlOo+u/h3piUd0bxTintvz1n+qAvU:c0VZH3pF

authentihash bce534b28389ec5e13ce063aee0ab42f08b0c87f0f39c255a9ebcd9b76b4275c
imphash b8324111531b290a99bb137f3c209bb7
File size 841.6 KB ( 861832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-07 17:46:26 UTC (3 ヶ月, 2 週間前)
Last submission 2019-03-22 13:04:16 UTC (2 ヶ月前)
ファイル名 Flirtling10.exe
Flirtling10
ab83443b4fa9034bc3c0bbcaf98131128b9c78b5da8b07cdaa26e8ea8f51ee75.exe
VirusShare_9fd0e20b7dc41da62e2092e117026382
DU.exe
output.115180721.txt
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.