× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: b7b3f2f04ce5c38ae5bcf78ac8c6546475fc82f5f8e8f19400f6ece9a53b4cd0
ファイル名: mucom88win.exe
検出率: 2 / 70
分析日時: 2019-01-07 07:37:34 UTC (2 ヶ月, 1 週間前) 最新を表示
ウイルス対策ソフト 結果 更新日
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Trapmine suspicious.low.ml.score 20190103
Acronis 20181227
Ad-Aware 20190107
AegisLab 20190107
AhnLab-V3 20190106
Alibaba 20180921
ALYac 20190107
Antiy-AVL 20190107
Arcabit 20190107
Avast 20190107
Avast-Mobile 20190106
AVG 20190107
Avira (no cloud) 20190107
Babable 20180918
Baidu 20190107
BitDefender 20190107
Bkav 20190104
CAT-QuickHeal 20190106
ClamAV 20190107
CMC 20190106
Comodo 20190107
Cybereason 20180225
Cylance 20190107
Cyren 20190107
DrWeb 20190107
eGambit 20190107
Emsisoft 20190107
Endgame 20181108
ESET-NOD32 20190107
F-Prot 20190107
F-Secure 20190107
Fortinet 20190107
GData 20190107
Ikarus 20190106
Sophos ML 20181128
Jiangmin 20190107
K7AntiVirus 20190107
K7GW 20190106
Kaspersky 20190107
Kingsoft 20190107
Malwarebytes 20190107
MAX 20190107
McAfee 20190107
McAfee-GW-Edition 20190107
Microsoft 20190107
eScan 20190107
NANO-Antivirus 20190107
Palo Alto Networks (Known Signatures) 20190107
Panda 20190106
Qihoo-360 20190107
Rising 20190107
SentinelOne (Static ML) 20181223
Sophos AV 20190107
SUPERAntiSpyware 20190102
Symantec 20190106
TACHYON 20190107
Tencent 20190107
TheHacker 20190106
TrendMicro 20190107
TrendMicro-HouseCall 20190107
Trustlook 20190107
VBA32 20190104
VIPRE 20190106
ViRobot 20190107
Webroot 20190107
Yandex 20181229
Zillya 20190105
ZoneAlarm by Check Point 20190107
Zoner 20190107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-13 16:27:22
Entry Point 0x000248BA
Number of sections 4
PE sections
Overlays
MD5 51e783b70c61dff35e8cadf8ef110a3d
File type data
Offset 286720
Size 44672
Entropy 7.37
PE imports
GetUserNameA
Ord(17)
_TrackMouseEvent
CreatePen
CreateFontIndirectA
GetTextMetricsA
SetStretchBltMode
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
SetPixel
BitBlt
CreateDIBSection
RealizePalette
SetTextColor
MoveToEx
CreatePalette
GetStockObject
SelectPalette
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
SetDIBColorTable
CreateSolidBrush
SetBkColor
DeleteObject
Ellipse
GetStdHandle
GetConsoleOutputCP
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
WinExec
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
GetProcessHeap
FindFirstFileA
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetShortPathNameA
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GradientFill
VariantChangeType
SafeArrayAccessData
VariantCopy
SafeArrayGetElement
SafeArrayPutElement
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SysAllocString
SafeArrayCreate
SafeArrayGetUBound
SysFreeString
VariantInit
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCopy
SysAllocStringByteLen
OleLoadPicture
ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA
SetFocus
GetAsyncKeyState
MapVirtualKeyA
DrawTextA
BeginPaint
ChangeDisplaySettingsA
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
DrawFocusRect
SetWindowPos
FindWindowA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetSysColor
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SetWindowTextA
UnregisterClassA
SendMessageA
GetClientRect
SetCursorPos
RegisterClassA
GetClassLongA
LoadIconA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
EnumDisplaySettingsA
InvalidateRect
GetActiveWindow
FillRect
ShowCursor
IsDlgButtonChecked
InflateRect
CallWindowProcA
GetFocus
MsgWaitForMultipleObjects
EndPaint
GetMessageA
DestroyWindow
sndPlaySoundA
timeGetTime
timeEndPeriod
timeGetDevCaps
mciSendStringA
timeBeginPeriod
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CoInitializeEx
OleUninitialize
CoUninitialize
IIDFromString
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:13 17:27:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x248ba

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 404145bcefc53c4e021cbb639cb188d3
SHA1 503cf034da02cc99efd60d49a26c1718b43dbf3a
SHA256 b7b3f2f04ce5c38ae5bcf78ac8c6546475fc82f5f8e8f19400f6ece9a53b4cd0
ssdeep
6144:lnUA0xRhodUOPLdbTanE9sAGEF9kyGAOX1Rnh0ln+IB+I9f:JUA0+dU8LdTaE9iarGxref9f

authentihash f325a2bcb9b7f19661397adf5df1c60f2a4d7f0102ca022a0ca1f896444cb290
imphash 7222b097e2b310d9d61de7937982aa90
File size 323.6 KB ( 331392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-26 09:29:53 UTC (2 ヶ月, 3 週間前)
Last submission 2019-01-07 07:37:34 UTC (2 ヶ月, 1 週間前)
ファイル名 mucom88win.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs