× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: 9ab38c6d37b84ab39081bd0494f62a6eb3666f6d2837065b284c94c5544549c1
ფაილის სახელი: Elf Roast Fail
დაფიქსირების შეფარდება: 45 / 54
ანალიზის თარიღი: 2016-07-06 15:39:44 UTC ( 11 თვე, 3 კვირა-ის წინ )
ანტივირუსი შედეგები განახლება
Ad-Aware Gen:Variant.Kazy.169916 20160706
AegisLab Backdoor.W32.Azbreg.ufy!c 20160706
AhnLab-V3 Trojan/Win32.Tepfer.N849777794 20160706
ALYac Gen:Variant.Kazy.169916 20160706
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20160706
Arcabit Trojan.Kazy.D297BC 20160706
Avast Win32:Malware-gen 20160706
AVG SHeur4.BHST 20160706
Avira (no cloud) TR/Crypt.XPACK.Gen8 20160706
AVware Trojan.Win32.Zbocheman.fb (v) 20160706
BitDefender Gen:Variant.Kazy.169916 20160706
Bkav W32.TaskmanAzbregB.Trojan 20160706
Comodo Heur.Suspicious 20160705
DrWeb BackDoor.Ddoser.131 20160706
Emsisoft Gen:Variant.Kazy.169916 (B) 20160706
ESET-NOD32 Win32/AutoRun.KS 20160706
F-Secure Gen:Variant.Kazy.169916 20160706
Fortinet W32/Kryptik.AX!tr 20160706
GData Gen:Variant.Kazy.169916 20160706
Ikarus Backdoor.Win32.Androm 20160706
Jiangmin Backdoor/Azbreg.aoh 20160706
K7AntiVirus Backdoor ( 0040f4101 ) 20160706
K7GW Backdoor ( 0040f4101 ) 20160706
Kaspersky Backdoor.Win32.Azbreg.ufy 20160706
Malwarebytes Worm.AutoRun 20160706
McAfee Artemis!3DCCF3E786F0 20160706
McAfee-GW-Edition BehavesLike.Win32.Worm.qc 20160706
Microsoft Worm:Win32/Hamweq.A 20160706
eScan Gen:Variant.Kazy.169916 20160706
NANO-Antivirus Trojan.Win32.Siggen1.bxpyuy 20160706
nProtect Backdoor/W32.Azbreg.59392 20160706
Panda Trj/OCJ.E 20160706
Qihoo-360 QVM11.1.Malware.Gen 20160706
Sophos W32/IRCBot-AKW 20160706
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp[i] 20160706
Symantec Trojan.Gen 20160706
Tencent Win32.Backdoor.Azbreg.Loim 20160706
TheHacker Posible_Worm32 20160705
TotalDefense Win32/Tnega.ASBK 20160706
TrendMicro TROJ_IRCBRUTE.LE 20160706
TrendMicro-HouseCall TROJ_IRCBRUTE.LE 20160706
VBA32 Trojan.SB.01742 20160706
VIPRE Trojan.Win32.Zbocheman.fb (v) 20160706
ViRobot Trojan.Win32.Z.Agent.59392[h] 20160706
Zillya Backdoor.Azbreg.Win32.2599 20160706
Alibaba 20160706
Baidu 20160706
CAT-QuickHeal 20160705
ClamAV 20160706
CMC 20160704
Cyren 20160706
F-Prot 20160706
Kingsoft 20160706
Zoner 20160706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Rag 2001 2007

Product Gnat Diaper Pears Bound
Original name Onto.exe
Internal name Elf Roast Fail
File version 10, 3, 7
Description Siju
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-12 23:25:18
Entry Point 0x0008A320
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
Struct(18) 12
RT_DIALOG 11
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 32
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
24576

ImageVersion
0.0

ProductName
Gnat Diaper Pears Bound

FileVersionNumber
10.3.0.0

UninitializedDataSize
528384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
5.0

FileTypeExtension
exe

OriginalFileName
Onto.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10, 3, 7

TimeStamp
2005:04:13 00:25:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Elf Roast Fail

ProductVersion
10 3 5152

FileDescription
Siju

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Rag 2001 2007

MachineType
Intel 386 or later, and compatibles

CompanyName
I>f*i@

CodeSize
36864

FileSubtype
0

ProductVersionNumber
10.3.0.0

EntryPoint
0x8a320

ObjectFileType
Executable application

File identification
MD5 3dccf3e786f031b0333b86bf37d33bb4
SHA1 077a113863dfffdff0947bbbb341b42fbc7ab854
SHA256 9ab38c6d37b84ab39081bd0494f62a6eb3666f6d2837065b284c94c5544549c1
ssdeep
768:L9WpAbeD19PqJ84i7KTtJGZpy0FW121/QHdkV8fwJRNfyy9Rw:Qp2erqGdctgZs0FW1BdaRXNf1b

authentihash e0154a8d5bab67a3e04ae6171fd71beffdb72a3e191f085d122c2f7940bbdf30
imphash 837c25c2579db69dabe8e2336d5b8f65
File size 58.0 კბ ( 59392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-05-03 13:08:45 UTC ( 4 წელი, 1 თვე-ის წინ )
Last submission 2016-07-06 15:39:44 UTC ( 11 თვე, 3 კვირა-ის წინ )
ფაილის სახელები i.exe
aa
Elf Roast Fail
077a113863dfffdff0947bbbb341b42fbc7ab854
3dccf3e786f031b0333b86bf37d33bb4.077a113863dfffdff0947bbbb341b42fbc7ab854
B2721.exe
i.exe
3dccf3e786f031b0333b86bf37d33bb4
sample.exe
file-5456911_ViR
10676155
output.10676155.txt
Onto.exe
ii.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications