× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: ce22d9a4604f2cbd8ed193f19bffe4a603a6961fbf838b6bbb77061afdbfc4cb
ファイル名: Sample_5aca4935bb67851bf3aa2208.bin
検出率: 17 / 66
分析日時: 2018-04-08 16:58:23 UTC (1 年, 1 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.40184525 20180408
ALYac Trojan.GenericKD.40184525 20180408
Arcabit Trojan.Generic.D2652ACD 20180408
BitDefender Trojan.GenericKD.40184525 20180408
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20170201
Cyren W32/Trojan.ZLIK-0304 20180408
Emsisoft Trojan.GenericKD.40184525 (B) 20180408
Endgame malicious (high confidence) 20180403
F-Secure Trojan.GenericKD.40184525 20180408
GData Trojan.GenericKD.40184525 20180408
Kaspersky UDS:DangerousObject.Multi.Generic 20180408
MAX malware (ai score=86) 20180408
McAfee-GW-Edition BehavesLike.Win32.PUPXAA.jc 20180408
eScan Trojan.GenericKD.40184525 20180408
Qihoo-360 HEUR/QVM10.1.5EC8.Malware.Gen 20180408
Symantec ML.Attribute.HighConfidence 20180407
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180408
AegisLab 20180408
AhnLab-V3 20180407
Alibaba 20180408
Antiy-AVL 20180408
Avast 20180408
Avast-Mobile 20180407
AVG 20180408
Avira (no cloud) 20180408
AVware 20180408
Baidu 20180408
Bkav 20180407
CAT-QuickHeal 20180408
ClamAV 20180408
CMC 20180407
Comodo 20180408
Cybereason None
Cylance 20180408
DrWeb 20180408
eGambit 20180408
ESET-NOD32 20180408
F-Prot 20180408
Fortinet 20180408
Ikarus 20180408
Sophos ML 20180121
Jiangmin 20180408
K7AntiVirus 20180404
K7GW 20180407
Kingsoft 20180408
Malwarebytes 20180408
McAfee 20180408
Microsoft 20180408
NANO-Antivirus 20180408
nProtect 20180408
Palo Alto Networks (Known Signatures) 20180408
Panda 20180408
Rising 20180408
SentinelOne (Static ML) 20180225
Sophos AV 20180408
SUPERAntiSpyware 20180408
Symantec Mobile Insight 20180406
Tencent 20180408
TheHacker 20180404
TotalDefense 20180408
TrendMicro 20180408
TrendMicro-HouseCall 20180408
Trustlook 20180408
VBA32 20180406
VIPRE 20180408
ViRobot 20180407
WhiteArmor 20180408
Yandex 20180408
Zillya 20180406
Zoner 20180407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-06 15:36:17
Entry Point 0x0003037B
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
RegCreateKeyA
SetSecurityDescriptorDacl
LookupAccountNameA
RegOpenKeyA
OpenProcessToken
RegQueryValueA
DuplicateToken
AddAccessAllowedAce
RegOpenKeyExA
SetFileSecurityA
OpenThreadToken
RegEnumKeyA
GetLengthSid
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
AVIStreamRelease
AVIFileGetStream
AVIStreamLength
AVIFileOpenA
AVIFileInit
AVIStreamGetFrame
AVIFileExit
AVIStreamStart
AVIStreamGetFrameClose
AVIStreamGetFrameOpen
AVIFileRelease
AVIFileInfoA
ImageList_Draw
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
ImageList_Destroy
GetOpenFileNameA
CommDlgExtendedError
GetEnhMetaFileA
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetClipBox
GetPixel
GetDeviceCaps
SetWindowExtEx
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetPixel
GetMetaFileA
DeleteObject
BitBlt
GetCharWidthA
CreateDIBSection
GdiSetBatchLimit
EnumFontFamiliesA
SetTextColor
GetObjectA
MoveToEx
SetAbortProc
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GdiFlush
CreateCompatibleDC
StretchBlt
StretchDIBits
GetMetaFileBitsEx
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
StartDocA
GetEnhMetaFileHeader
CreateSolidBrush
Escape
SetBkColor
SetWinMetaFileBits
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
ImmIsIME
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
LoadLibraryW
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
SetLastError
ReadConsoleInputA
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetPriorityClass
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
SystemTimeToFileTime
GetFileSize
GlobalDeleteAtom
CreateDirectoryA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GlobalLock
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
WinExec
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
WideCharToMultiByte
IsValidCodePage
SetConsoleMode
VirtualFree
Sleep
FindResourceA
VirtualAlloc
TransparentBlt
ICGetInfo
ICSendMessage
ICClose
ICInfo
ICOpen
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
OleCreatePictureIndirect
VariantChangeType
VariantClear
VariantInit
glPopMatrix
glTranslatef
glFlush
glTexCoord2f
glColor3f
glClearColor
glVertex3f
glClear
glViewport
glPushMatrix
glMatrixMode
glEnd
glBegin
glColor4f
glRotatef
glEnable
glBlendFunc
glLoadIdentity
wglMakeCurrent
ShellExecuteA
Shell_NotifyIconA
PathFindFileNameA
PathFindExtensionA
StrChrA
RedrawWindow
GetMessagePos
SetMenuItemBitmaps
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
OemToCharBuffW
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetClipCursor
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
ClientToScreen
GetActiveWindow
LoadImageA
GetTopWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
GetWindowContextHelpId
ShowWindow
SetClassLongA
GetPropA
GetMenuState
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
EnumDisplayDevicesA
SetClipboardData
GetWindowPlacement
GetKeyboardLayoutList
RegisterRawInputDevices
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
GetSubMenu
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
SetFocus
CopyIcon
KillTimer
ClipCursor
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
SetKeyboardState
GetScrollInfo
RemovePropA
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
PtInRect
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
SendInput
ScreenToClient
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
AttachThreadInput
GetDesktopWindow
GetSystemMenu
GetDC
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
OpenClipboard
EmptyClipboard
DrawTextA
EndDialog
LoadMenuA
FindWindowW
CreateDialogIndirectParamA
MessageBeep
DrawTextExA
GetWindowThreadProcessId
MessageBoxW
AppendMenuA
SetMenu
MoveWindow
MessageBoxA
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
CallWindowProcW
GetClassNameW
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
UnhookWindowsHookEx
SetCursor
mmioOpenW
mmioWrite
mmioCreateChunk
mmioAscend
timeGetTime
OpenPrinterA
DocumentPropertiesA
ClosePrinter
bind
htons
inet_addr
listen
socket
SymFindFileInPath
SymFromName
SymFromAddr
GetHGlobalFromStream
CLSIDFromString
CreateStreamOnHGlobal
PdhCloseQuery
PdhOpenQueryA
PdhCollectQueryData
PdhAddCounterA
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhBrowseCountersA
PdhMakeCounterPathA
FaultInIEFeature
HlinkGoBack
Number of PE resources by type
RT_CURSOR 11
RT_GROUP_CURSOR 10
TXT 5
RT_BITMAP 4
RT_DIALOG 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 33
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:06 17:36:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
281600

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3037b

InitializedDataSize
340992

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 c794ea45bad7f797e592edc8b2a85012
SHA1 7f496be6b255f75b136bd3700a35d25cb1621f5c
SHA256 ce22d9a4604f2cbd8ed193f19bffe4a603a6961fbf838b6bbb77061afdbfc4cb
ssdeep
12288:UXa41HPYOdgwSOxqJTAHxiNHsgrwKu1d3Fk+lBxu9RI:sjj4JTA8MgrwKMGq/CI

authentihash 5578181a74ea2b5aae1565454d0b6172937e77e0439bd75c8e0b59c058e91d3e
imphash 09cd61830416bed3ea9c8f0a0f54ec6c
File size 609.0 KB ( 623616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-08 16:58:23 UTC (1 年, 1 ヶ月前)
Last submission 2018-04-09 09:40:19 UTC (1 年, 1 ヶ月前)
ファイル名 Sample_5aca4935bb67851bf3aa2208.bin
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.