× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: 9ae06b0662f88ba6dfd6933dad5fddd09a86803bac61eb53592c4448af7e95d0
ფაილის სახელი: 43A1.TMP
დაფიქსირების შეფარდება: 48 / 68
ანალიზის თარიღი: 2018-09-06 22:25:30 UTC ( 8 თვე, 2 კვირა-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
Ad-Aware Generic.Nymaim.E.76A393CE 20180906
AhnLab-V3 Malware/Win32.Generic.C1494000 20180906
ALYac Generic.Nymaim.E.76A393CE 20180906
Antiy-AVL Trojan[Downloader]/Win32.Agent 20180906
Arcabit Generic.Nymaim.E.76A393CE 20180906
Avast Win32:Evo-gen [Susp] 20180906
AVG FileRepMalware 20180906
Avira (no cloud) HEUR/AGEN.1006920 20180906
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180906
BitDefender Generic.Nymaim.E.76A393CE 20180906
Bkav HW32.Packed. 20180906
CAT-QuickHeal Ransom.Exxroute.ZZ4 20180906
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.fd4288 20180225
Cylance Unsafe 20180906
Cyren W32/Nymaim.BZ.gen!Eldorado 20180906
DrWeb Trojan.PWS.Sphinx.2 20180906
Emsisoft Generic.Nymaim.E.76A393CE (B) 20180906
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.FBPG 20180906
F-Prot W32/Nymaim.BZ.gen!Eldorado 20180906
F-Secure Generic.Nymaim.E.76A393CE 20180906
Fortinet W32/Kryptik.FEBL!tr 20180906
GData Generic.Nymaim.E.76A393CE 20180906
Ikarus Trojan.Win32.Crypt 20180906
Sophos ML heuristic 20180717
Jiangmin TrojanDownloader.Agent.fiyy 20180906
K7AntiVirus Trojan ( 00515aa21 ) 20180906
K7GW Trojan ( 00515aa21 ) 20180906
Kaspersky HEUR:Trojan.Win32.Generic 20180906
MAX malware (ai score=100) 20180906
McAfee Ransomware-GFM!CC9E2F2FD428 20180906
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180906
Microsoft TrojanDownloader:Win32/Talalpek.A 20180906
eScan Generic.Nymaim.E.76A393CE 20180906
NANO-Antivirus Trojan.Win32.Sphinx.evlpyy 20180906
Palo Alto Networks (Known Signatures) generic.ml 20180906
Panda Trj/GdSda.A 20180906
Qihoo-360 HEUR/QVM20.1.AF6D.Malware.Gen 20180906
Rising Downloader.Talalpek!8.848F (CLOUD) 20180906
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Elenoocka-E 20180906
Symantec Packed.Generic.493 20180906
Tencent Win32.Trojan.Generic.Tbis 20180906
TrendMicro Mal_Cerber-20 20180906
TrendMicro-HouseCall Mal_Cerber-20 20180906
VBA32 Trojan.FakeAV.01657 20180906
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180906
AegisLab 20180906
Alibaba 20180713
Avast-Mobile 20180906
AVware 20180906
Babable 20180902
ClamAV 20180906
CMC 20180906
Comodo 20180905
eGambit 20180906
Kingsoft 20180906
Malwarebytes 20180906
SUPERAntiSpyware 20180906
Symantec Mobile Insight 20180905
TACHYON 20180906
TheHacker 20180904
TotalDefense 20180906
Trustlook 20180906
VIPRE 20180906
ViRobot 20180906
Webroot 20180906
Yandex 20180906
Zillya 20180906
Zoner 20180906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x000173A7
Number of sections 4
PE sections
PE imports
CreateWaitableTimerA
GetFileAttributesA
GetOEMCP
CompareStringW
GetTickCount
RemoveDirectoryA
WaitForSingleObjectEx
GetDiskFreeSpaceA
GetDateFormatA
CreateDirectoryW
DeleteFileW
lstrcatW
MoveFileExW
GetProcessHeap
CreateHardLinkA
GetTempPathA
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CreateMutexW
lstrcpynA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetProcAddress
GetBinaryTypeA
GetNumberFormatA
GetLogicalDriveStringsW
QueryDosDeviceW
CreateFileA
OpenJobObjectA
WriteConsoleW
InterlockedIncrement
ResUtilGetBinaryValue
ClusWorkerStart
ClusWorkerTerminate
ResUtilDupString
ClusWorkerCreate
ExtractIconA
SHFree
FindExecutableA
DragQueryFileW
SHChangeNotify
DragQueryPoint
ShellAboutA
SHGetNewLinkInfoA
SHGetDiskFreeSpaceA
SHUpdateImageA
StrChrA
SHGetDataFromIDListA
ShellMessageBoxA
ExtractAssociatedIconA
SHFileOperationA
SHGetMalloc
DragFinish
IsAppThemed
DrawThemeEdge
GetThemeColor
GetCurrentThemeName
GetThemeBool
OpenThemeData
CloseThemeData
GetThemeSysSize
GetWindowTheme
SetWindowTheme
GetThemeEnumValue
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96256

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
17408

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x173a7

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 cc9e2f2fd4288986a11c6bd475982021
SHA1 4a35a102c5bd61dd61dd9d6b33c6c1d8b706bdf9
SHA256 9ae06b0662f88ba6dfd6933dad5fddd09a86803bac61eb53592c4448af7e95d0
ssdeep
1536:RcNR+iLe7cyivb6HTAOysaimXbBRfTIr3kuW7+oBJkaUZfYuXjgTcNohzfY4d:eGiLe7cyUbj3sanbB5uvIHYPzgQ+xY+

authentihash 461010f3e4bb98b600d79861b0ec222ffa5a8f48ece488c362bd1fd8353b32de
imphash 9df2de787b32820dfdfbb0ab7551ff8e
File size 112.0 კბ ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe nxdomain

VirusTotal metadata
First submission 2018-09-06 10:19:06 UTC ( 8 თვე, 2 კვირა-ის წინ )
Last submission 2018-10-04 19:10:53 UTC ( 7 თვე, 2 კვირა-ის წინ )
ფაილის სახელები 43A1.TMP
cc9e2f2fd4288986a11c6bd475982021.vir
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests