Antivirus scan for f589e6e081ba3cd34b601aaea2f5c797f6018e10be8b55b019c19c518f7afc32 at 2016-04-28 08:47:30 UTC

ウイルス対策ソフト	結果	更新日
AegisLab	Troj.W32.Swisyn.mki7	20160428
Bkav	HW32.Packed.B62A	20160427
CMC	Virus.Win32.Sality!O	20160428
Ad-Aware		20160428
AhnLab-V3		20160428
Alibaba		20160428
ALYac		20160428
Antiy-AVL		20160428
Arcabit		20160428
Avast		20160428
AVG		20160428
Avira (no cloud)		20160428
AVware		20160428
Baidu		20160428
Baidu-International		20160427
BitDefender		20160428
CAT-QuickHeal		20160428
ClamAV		20160427
Comodo		20160428
Cyren		20160428
DrWeb		20160428
Emsisoft		20160428
ESET-NOD32		20160428
F-Prot		20160428
F-Secure		20160428
Fortinet		20160428
GData		20160428
Ikarus		20160428
Jiangmin		20160428
K7AntiVirus		20160428
K7GW		20160428
Kaspersky		20160427
Kingsoft		20160428
Malwarebytes		20160428
McAfee		20160428
McAfee-GW-Edition		20160428
Microsoft		20160428
eScan		20160428
NANO-Antivirus		20160428
nProtect		20160428
Panda		20160427
Qihoo-360		20160428
Rising		20160428
Sophos AV		20160428
SUPERAntiSpyware		20160428
Symantec		20160428
Tencent		20160428
TheHacker		20160426
TrendMicro		20160428
TrendMicro-HouseCall		20160428
VBA32		20160427
VIPRE		20160428
ViRobot		20160428
Yandex		20160427
Zillya		20160427
Zoner		20160428

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

File version 0.0.0.2

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2016-04-27 00:57:20

Entry Point 0x0118B721

Number of sections 3

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.MPRESS1 4096 18391040 6503424 8.00 2830667d306dc241493b50aa41c0649e

.MPRESS2 18395136 4984 5120 5.41 4128964b93bf37d7696a4be9ca1d8db4

.rsrc 18403328 180548 180736 4.63 5373097b36edeacf90a3b07df9b31b26

Overlays

MD5 45a9dee14ca010d43b4508e6c80d8edd

File type ASCII text

Offset 6689792

Size 32

Entropy 3.25

PE imports

PE exports

TMethodImplementationIntercept

Number of PE resources by type

RT_RCDATA 140

RT_STRING 80

RT_BITMAP 44

RT_GROUP_CURSOR 32

RT_CURSOR 32

RT_ICON 9

UNICODEDATA 6

RT_GROUP_ICON 5

RT_DIALOG 2

RT_MANIFEST 1

RT_VERSION 1

Number of PE resources by language

NEUTRAL 178

ENGLISH US 158

GERMAN 12

SERBIAN LATIN 2

SPANISH ARGENTINA 2

PE resources

027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd ASCII text

28d38d528e682cb6a7330cc38828a3d79c559433b55829c017f7aaa73ba9ed8a ASCII text

2dad263245cdc59156aee45019d5e98de12554f9b1b730aa8b9472e6d71fac4b ASCII text

56adc626c6646111f74454e77e5e59304199bf879af056ffa2bd16632d7420c7 ASCII text

5cd9724a1e5d53d845c8892e0f7981d022509473c9dbc74d9ecf3150dac3d698 data

60dee0e0dccfdfc85d86a75ee2de0ba79514ccf985d95e50c43a1da057726daa data

722e2343500e52be56f42a10feb71ae573732dd0a210751b7e3336e7fbfecf05 data

85cb8be851874a63fd088867ed4d847366be3d0c1e1a4d3a1d566161131ae2d1 ASCII text

8d5fbc1e516de41b545fa2e1a9f75b7e33dd0da63f04f230a4395bdf42e22b73 data

ad0c0e54f2940cb7caf07dcea1cdd16cd38a62efd9c96474cfba62b162fa16cf data

ExifTool file metadata

UninitializedDataSize

InitializedDataSize

9163264

ImageVersion

0.0

FileVersionNumber

0.0.5960.55552

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

CharacterSet

Windows, Latin1

LinkerVersion

2.25

FileTypeExtension

exe

MIMEType

application/octet-stream

FileVersion

0.0.0.2

TimeStamp

2016:04:27 01:57:20+01:00

FileType

Win32 EXE

PEType

PE32

ProductVersion

0.0.0.0

SubsystemVersion

5.0

OSVersion

5.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CodeSize

8516096

FileSubtype

ProductVersionNumber

0.0.0.0

EntryPoint

0x118b721

ObjectFileType

Executable application

File identification

MD5 afd0e52c24d6a96d074ce443aadb9f82

SHA1 5e671f475c768739ccaae67d4ce1f142f93f7be2

SHA256 f589e6e081ba3cd34b601aaea2f5c797f6018e10be8b55b019c19c518f7afc32

ssdeep

196608:BNpFCdTQbZmeZhHvyNm2HwsEpMEcd1WHhPSyXg:BhCRQt9ZZmmWw+EeWhSyXg

authentihash 507f12afbcf036437ee060f10176c0b553f5edd18deb2ac3c17a06d1ed370403

imphash 4ed4645d3c9688dd9cf1e434fd0389cf

File size 6.4 MB ( 6689824 bytes )

File type Win32 EXE

Magic literal

MS-DOS executable, MZ for MS-DOS

TrID	Win32 Executable (generic) (52.9%) Generic Win/DOS Executable (23.5%) DOS Executable Generic (23.5%)

VirusTotal metadata

First submission 2016-04-28 08:47:30 UTC (1 年, 12 ヶ月前)

Last submission 2016-12-30 10:00:14 UTC (1 年, 3 ヶ月前)

ファイル名

X.exe

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

サインインコミュニティに参加

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

Opened files

C:\f589e6e081ba3cd34b601aaea2f5c797f6018e10be8b55b019c19c518f7afc32 (successful)

Read files

C:\f589e6e081ba3cd34b601aaea2f5c797f6018e10be8b55b019c19c518f7afc32 (successful)

Created mutexes

MutexNPA_UnitVersioning_564 (successful)

Runtime DLLs

kernel32.dll (successful)

c:\windows\system32\imm32.dll (successful)

imm32.dll (successful)

wtsapi32.dll (successful)

rpcrt4.dll (successful)

oleaut32.dll (successful)

uxtheme.dll (successful)

olepro32.dll (successful)

security.dll (successful)

UDP communications

<MACHINE_DNS_SERVER>:53

SHA256:	f589e6e081ba3cd34b601aaea2f5c797f6018e10be8b55b019c19c518f7afc32
ファイル名:	X.exe
検出率:	3 / 56
分析日時:	2016-04-28 08:47:30 UTC (1 年, 12 ヶ月前) 最新を表示

Ciphered bundle