× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 0856c826b6ea200923a482b2480e7f1a6231bbd052c0f27614c0e6bf7e58b4dc
파일 이름: OhYL7nuhWL0hxEocE.exe
탐지 비율: 18 / 71
분석 날짜: 2018-12-06 12:21:04 UTC ( 5개월, 1주 전 ) 최신 보기
안티바이러스 결과 업데이트
AVG FileRepMalware 20181206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.f2214b 20180225
Cylance Unsafe 20181206
eGambit Unsafe.AI_Score_98% 20181206
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181206
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20181206
Microsoft Trojan:Win32/Emotet.AC!bit 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181206
Qihoo-360 HEUR/QVM20.1.AEFC.Malware.Gen 20181206
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazqh7NaSUxvVZ1xOFx94zBJA) 20181206
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181206
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181206
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181206
Ad-Aware 20181206
AegisLab 20181206
AhnLab-V3 20181206
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181206
Avast 20181206
Avast-Mobile 20181206
Avira (no cloud) 20181206
AVware 20180925
Babable 20180918
Baidu 20181206
BitDefender 20181206
Bkav 20181205
CAT-QuickHeal 20181205
ClamAV 20181206
CMC 20181205
Comodo 20181206
Cyren 20181206
DrWeb 20181206
Emsisoft 20181206
ESET-NOD32 20181206
F-Prot 20181206
F-Secure 20181206
Fortinet 20181206
GData 20181206
Ikarus 20181206
Jiangmin 20181206
K7AntiVirus 20181206
K7GW 20181206
Kingsoft 20181206
Malwarebytes 20181206
MAX 20181206
McAfee 20181206
eScan 20181206
NANO-Antivirus 20181206
Panda 20181205
Sophos AV 20181206
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
TrendMicro 20181206
TrendMicro-HouseCall 20181206
Trustlook 20181206
VBA32 20181205
VIPRE 20181205
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Micros
Internal name kbdla (3.13)
File version 6.1.7600.16385
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-06 11:41:50
Entry Point 0x00007767
Number of sections 9
PE sections
PE imports
GetFontLanguageInfo
LineTo
GetRandomRgn
GetVolumePathNamesForVolumeNameW
GetNamedPipeClientProcessId
GlobalMemoryStatus
GetDriveTypeW
GetBinaryTypeW
GetModuleHandleA
lstrlenW
FreeConsole
GetCommMask
GetStringTypeExA
FillConsoleOutputAttribute
LZInit
SetupDiDestroyDriverInfoList
StrChrA
GetComputerObjectNameW
GetUpdateRect
GetPriorityClipboardFormat
GetFocus
InsertMenuA
EnumDisplayMonitors
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
36864

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
131072

EntryPoint
0x7767

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
6.1.7600.16385

TimeStamp
2018:12:06 12:41:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdla (3.13)

ProductVersion
1.4: 2003062408

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Micros

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a9fc2e3f2214b0a0bbe086ccae159326
SHA1 533fce293f0bff45ad8b733beef15db95277d15c
SHA256 0856c826b6ea200923a482b2480e7f1a6231bbd052c0f27614c0e6bf7e58b4dc
ssdeep
1536:B6HQoVKA2W4aI/Dr+QLY6dDtdjXY14Hn/sPj+N/MbmNVJta2GqUVt:wQoVK/aI/xY6dDHvHqc/QmNVJQ2Vgt

authentihash ef155777355c75e5a38d176513b09eb040403464f51bd8a276a48de595756fa2
imphash 9821b32672e1a2cd212167279694a808
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-06 11:46:12 UTC ( 5개월, 1주 전 )
Last submission 2019-03-06 05:53:29 UTC ( 2개월, 2주 전 )
파일 이름 QfmRm3Yyy8N.exe
664.exe
QGdPGtWA.exe
LqbYOSlmd.exe
kbdla (3.13)
DQwZd0BlcbyD.exe
OhYL7nuhWL0hxEocE.exe
SRVxbQ7o6cI6.exe
clearbundle.exe
bb77e445.exe
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!