× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: 6c627a4be54b6377af9f73ab0923aeebcccbb57ec94e995a2171deb69d61af9d
ფაილის სახელი: DarkSeoul_E4F66C3CD27B97649976F6F0DAAD9032
დაფიქსირების შეფარდება: 36 / 46
ანალიზის თარიღი: 2013-04-01 16:48:04 UTC ( 6 წელი, 1 თვე-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
AhnLab-V3 Win-Trojan/Agent.24576.JOV 20130401
AntiVir TR/Spy.24576.2257 20130401
Antiy-AVL Trojan/Win32.EraseMBR 20130401
Avast Win32:DarkSeoul-C [Trj] 20130401
AVG KillFiles.W 20130401
BitDefender Gen:Variant.Zusy.40948 20130401
CAT-QuickHeal TrojanDownloader.Petus 20130401
Commtouch W32/Trojan.FGDI-8276 20130401
Comodo UnclassifiedMalware 20130401
DrWeb Trojan.DownLoader6.55304 20130401
Emsisoft Gen:Trojan.Heur.PT.bmW@b03xuPe (B) 20130401
ESET-NOD32 Win32/TrojanDownloader.Agent.RRZ 20130401
F-Secure Gen:Variant.Zusy.40948 20130401
Fortinet Malware_fam.NB 20130401
GData Gen:Variant.Zusy.40948 20130401
Ikarus Trojan.Win32.Rozena 20130401
Jiangmin TrojanDownloader.Generic.agqp 20130331
K7AntiVirus Riskware 20130401
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20130401
Kingsoft Win32.Troj.Undef.(kcloud) 20130401
Malwarebytes Trojan.Downloader.NR 20130401
McAfee Trojan-FBIB 20130401
McAfee-GW-Edition Trojan-FBIB 20130401
Microsoft TrojanDownloader:Win32/Petus.F 20130401
eScan Gen:Variant.Zusy.40948 20130401
NANO-Antivirus Virus.Win32.Gen.ccmw 20130401
Norman Downloader 20130401
nProtect Trojan/W32.Agent.24576.BUT 20130401
Panda Trj/Downloader.WKY 20130401
PCTools Downloader.Generic 20130401
Sophos AV Mal/EncPk-CR 20130401
Symantec Downloader 20130401
TrendMicro TROJ_DLOAD.KRT 20130401
TrendMicro-HouseCall TROJ_DLOAD.KRT 20130401
VIPRE Trojan.Win32.Generic!BT 20130401
ViRobot Trojan.Win32.S.Agent.24576.GX 20130401
Yandex 20130401
ByteHero 20130326
ClamAV 20130401
eSafe 20130328
F-Prot 20130401
Rising 20130328
SUPERAntiSpyware 20130401
TheHacker 20130401
TotalDefense 20130401
VBA32 20130330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-06 12:24:18
Entry Point 0x00001000
Number of sections 3
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:06 13:24:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
8192

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e4f66c3cd27b97649976f6f0daad9032
SHA1 08c84f0406ad0bfbafd37da50e686b3e53157ddf
SHA256 6c627a4be54b6377af9f73ab0923aeebcccbb57ec94e995a2171deb69d61af9d
ssdeep
192:kVujyV50Kqq5W9oMSzBrQXY3dgX3ltKmZBdZDB2nEM1qtTV7M0+UV9GOyykc7nu2:euw0KqkVDnmlTvMENjGOyykcrumoZ

authentihash 5b300b109129d0b5fbdae13244640e7fd80e31d8d144e49167c906522ff66394
imphash 8cf2375491e257d65da71e5d263d7df7
File size 24.0 კბ ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-19 22:40:28 UTC ( 6 წელი, 7 თვე-ის წინ )
Last submission 2018-11-10 05:24:38 UTC ( 6 თვე, 1 კვირა-ის წინ )
ფაილის სახელები DarkSeoul_E4F66C3CD27B97649976F6F0DAAD9032
E4F66C3CD27B97649976F6F0DAAD9032.bin
e4f66c3cd27b97649976f6f0daad9032.virus
DarkSeoul_E4F66C3CD27B97649976F6F0DAAD9032
DarkSeoul_E4F66C3CD27B97649976F6F0DAAD9032
3TFT.com
DarkSeoul_E1
DarkSeoul_E4F66C3CD27B97649976F6F0DAAD9032
E4F66C3CD27B97649976F6F0DAAD9032
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications