× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: a72f7514831130305c95ca5f8839b56a778b9fd69fbba264e5fde93cf1833e8b
ფაილის სახელი: 1.exe
დაფიქსირების შეფარდება: 5 / 61
ანალიზის თარიღი: 2017-03-27 05:41:41 UTC ( 2 წელი, 1 თვე-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
CrowdStrike Falcon (ML) malicious_confidence_94% (D) 20170130
Endgame malicious (moderate confidence) 20170317
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20170327
SentinelOne (Static ML) static engine - malicious 20170315
ViRobot Trojan.Win32.Cerber.334706[h] 20170327
Ad-Aware 20170327
AegisLab 20170327
AhnLab-V3 20170326
Alibaba 20170327
ALYac 20170327
Antiy-AVL 20170327
Arcabit 20170327
Avast 20170327
AVG 20170327
Avira (no cloud) 20170326
AVware 20170327
Baidu 20170327
BitDefender 20170327
Bkav 20170326
CAT-QuickHeal 20170327
ClamAV 20170327
CMC 20170326
Comodo 20170325
Cyren 20170327
DrWeb 20170327
Emsisoft 20170327
ESET-NOD32 20170326
F-Prot 20170327
F-Secure 20170327
Fortinet 20170327
GData 20170327
Ikarus 20170326
Sophos ML 20170203
Jiangmin 20170327
K7AntiVirus 20170327
K7GW 20170327
Kingsoft 20170327
Malwarebytes 20170327
McAfee 20170327
McAfee-GW-Edition 20170327
Microsoft 20170327
eScan 20170327
NANO-Antivirus 20170327
nProtect 20170327
Palo Alto Networks (Known Signatures) 20170327
Panda 20170326
Rising 20170327
Sophos AV 20170327
SUPERAntiSpyware 20170327
Symantec 20170326
Symantec Mobile Insight 20170326
Tencent 20170327
TheHacker 20170327
TotalDefense 20170327
TrendMicro 20170327
TrendMicro-HouseCall 20170327
Trustlook 20170327
VBA32 20170324
VIPRE 20170327
Webroot 20170327
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
ZoneAlarm by Check Point 20170327
Zoner 20170327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product egrge.exe
Original name egrge.exe
Internal name egrge.exe
File version 1.0.0.1
Description TODO: <File description>
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-26 21:55:48
Entry Point 0x000421B0
Number of sections 3
PE sections
Overlays
MD5 0f70e8cbade022247c2fecd37bed4f94
File type data
Offset 101888
Size 232818
Entropy 8.00
PE imports
GetOpenFileNameA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SafeArrayCreateEx
BringWindowToTop
strchr
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
FRENCH 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
167936

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x421b0

OriginalFileName
egrge.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
1.0.0.1

TimeStamp
2017:03:26 22:55:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
egrge.exe

ProductVersion
1.0.0.1

FileDescription
TODO: <File description>

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
102400

ProductName
egrge.exe

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ebe4f80ff798d1db687a9bdc67775030
SHA1 a0cffada762af3efd6f43d088d71d0f2ddbbed0c
SHA256 a72f7514831130305c95ca5f8839b56a778b9fd69fbba264e5fde93cf1833e8b
ssdeep
6144:h8Wx7Ry+IxClkae0gcgWohVx4KValHlLqb9RyTQKsAB02KdggVPZsfim6pgu:h8mY+Qqkfc9K0lHlLqb9RyUYu2SPZgqx

authentihash a5a1d8c4a1cad26952d27a59c4caaa3bf7fcc6354704838be6d94e56b626d9a4
imphash 0489d500383d1dbb7e33e738d4587c60
File size 326.9 კბ ( 334706 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe suspicious-udp upx overlay

VirusTotal metadata
First submission 2017-03-27 05:41:41 UTC ( 2 წელი, 1 თვე-ის წინ )
Last submission 2017-07-08 22:27:07 UTC ( 1 წელი, 10 თვე-ის წინ )
ფაილის სახელები 1.exe
ebe4f80ff798d1db687a9bdc67775030
egrge.exe
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created mutexes
Runtime DLLs
UDP communications