× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: b41d12b1b3dbe8c9caf6695cfda856e66c598775239b17c370e1e1d0f47bac9d
ფაილის სახელი: 1234701d263909f896192bec30d22201
დაფიქსირების შეფარდება: 48 / 63
ანალიზის თარიღი: 2017-09-11 01:49:09 UTC ( 2 თვე, 1 კვირა-ის წინ )
ანტივირუსი შედეგები განახლება
Ad-Aware Gen:Variant.Zusy.245863 20170910
AegisLab Gen.Variant.Zusy!c 20170911
AhnLab-V3 Backdoor/Win32.Androm.C2116364 20170910
ALYac Gen:Variant.Zusy.245863 20170911
Antiy-AVL Trojan/Win32.TSGeneric 20170910
Arcabit Trojan.Zusy.D3C067 20170911
Avast Win32:Malware-gen 20170910
AVG Win32:Malware-gen 20170910
Avira (no cloud) TR/Dropper.Gen 20170910
AVware Trojan.Win32.Generic!BT 20170906
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9968 20170908
BitDefender Gen:Variant.Zusy.245863 20170911
CAT-QuickHeal Genvariant.Zusy 20170909
Comodo UnclassifiedMalware 20170910
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cylance Unsafe 20170911
Cyren W32/Trojan.JFWX-5521 20170911
DrWeb Trojan.Inject2.58730 20170910
Emsisoft Gen:Variant.Zusy.245863 (B) 20170910
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRGL 20170911
F-Prot W32/S-56b56ae3!Eldorado 20170910
F-Secure Gen:Variant.Zusy.245863 20170911
Fortinet W32/Injector.DQID!tr 20170910
GData Gen:Variant.Zusy.245863 20170910
Sophos ML heuristic 20170822
Jiangmin Backdoor.Androm.sdz 20170909
K7AntiVirus Trojan ( 005135601 ) 20170910
K7GW Trojan ( 005135601 ) 20170911
Kaspersky Backdoor.Win32.Androm.nwzz 20170911
MAX malware (ai score=99) 20170911
McAfee GenericRXCK-EC!1234701D2639 20170910
McAfee-GW-Edition GenericRXCK-EC!1234701D2639 20170911
Microsoft Trojan:Win32/Dynamer!rfn 20170911
eScan Gen:Variant.Zusy.245863 20170911
NANO-Antivirus Trojan.Win32.Androm.eskyur 20170911
Palo Alto Networks (Known Signatures) generic.ml 20170911
Panda Trj/GdSda.A 20170910
Qihoo-360 HEUR/QVM07.1.97D7.Malware.Gen 20170911
Rising Trojan.Kryptik!1.AD44 (classic) 20170911
Sophos AV Mal/Generic-S 20170911
Symantec Trojan.Gen.2 20170910
Tencent Win32.Backdoor.Androm.Duwa 20170911
TrendMicro TROJ_GEN.R021C0DI517 20170911
TrendMicro-HouseCall TROJ_GEN.R021C0DI517 20170910
VIPRE Trojan.Win32.Generic!BT 20170911
Yandex Backdoor.Androm!XKCnkhIl8Mc 20170908
ZoneAlarm by Check Point Backdoor.Win32.Androm.nwzz 20170910
Alibaba 20170910
Bkav 20170909
ClamAV 20170910
CMC 20170902
Kingsoft 20170911
Malwarebytes 20170910
nProtect 20170910
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170910
Symantec Mobile Insight 20170911
TheHacker 20170907
TotalDefense 20170910
Trustlook 20170911
VBA32 20170907
ViRobot 20170910
WhiteArmor 20170829
Zillya 20170909
Zoner 20170911
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-03 06:59:51
Entry Point 0x00002305
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:03 07:59:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x2305

InitializedDataSize
98304

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1234701d263909f896192bec30d22201
SHA1 ecabd239936eb9e81e9617cf7dd30445dc15d5c1
SHA256 b41d12b1b3dbe8c9caf6695cfda856e66c598775239b17c370e1e1d0f47bac9d
ssdeep
3072:4seyuAwDSxiv4J2YNo3C4u0j3SKT++Pc88LHDca8j3TmVO:4seyuAwDSxiv4J2Z33S+40j3Tmc

authentihash e696ce1c17b329137fb00f5a177fd18935ca2c883a552932ea11df5d11ece770
imphash 838bea1adfd32cd060e2ed3493579dcf
File size 116.0 კბ ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-03 07:29:23 UTC ( 2 თვე, 2 კვირა-ის წინ )
Last submission 2017-09-03 13:18:19 UTC ( 2 თვე, 2 კვირა-ის წინ )
ფაილის სახელები 1234701d263909f896192bec30d22201
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications