× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 1dd1dbd6631b8b0b87d7bbab7aff004c983dbe87ba6c9e7fed851de4786e6ae1
파일 이름: Runner.exe
탐지 비율: 53 / 68
분석 날짜: 2017-10-29 01:53:46 UTC ( 7개월, 3주 전 )
안티바이러스 결과 업데이트
Ad-Aware Gen:Variant.Razy.164662 20171029
AegisLab Gen.Variant.Razy!c 20171029
AhnLab-V3 Trojan/Win32.Banki.C1922200 20171028
ALYac Spyware.PWS.KRBanker.acu 20171028
Antiy-AVL Trojan/Win32.TSGeneric 20171029
Arcabit Trojan.Razy.D28336 20171029
Avast Win32:Malware-gen 20171029
AVG Win32:Malware-gen 20171029
Avira (no cloud) TR/Crypt.ZPACK.Gen 20171028
AVware Trojan.Win32.Generic!BT 20171029
BitDefender Gen:Variant.Razy.164662 20171029
CAT-QuickHeal Trojan.Qzonit 20171028
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171029
Cyren W32/Trojan.UKGL-8045 20171028
DrWeb Trojan.StartPage1.39698 20171028
eGambit Trojan.Generic 20171029
Emsisoft Gen:Variant.Razy.164662 (B) 20171029
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Spy.Agent.OWQ 20171029
F-Secure Gen:Variant.Razy.164662 20171028
Fortinet W32/Agent.A!tr.spy 20171028
GData Gen:Variant.Razy.164662 20171028
Ikarus Trojan-Spy.Agent 20171028
Sophos ML heuristic 20170914
K7AntiVirus Spyware ( 004ee7901 ) 20171027
K7GW Spyware ( 004ee7901 ) 20171028
Kaspersky HEUR:Trojan.Win32.Generic 20171029
MAX malware (ai score=100) 20171028
McAfee RDN/Generic PWS.y 20171028
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20171029
Microsoft Trojan:Win32/Qzonit.A!bit 20171029
eScan Gen:Variant.Razy.164662 20171028
NANO-Antivirus Trojan.Win32.Banbra.enxrwd 20171029
nProtect Banker/W32.Pharm.741276 20171029
Palo Alto Networks (Known Signatures) generic.ml 20171029
Panda Trj/CI.A 20171028
Qihoo-360 Win32/Trojan.7e9 20171029
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/VMProtBad-A 20171029
SUPERAntiSpyware Trojan.Agent/Gen-Razy 20171028
Symantec Trojan.Gen 20171028
Tencent Win32.Trojan.Generic.Fhy 20171029
TheHacker Trojan/Spy.Agent.owq 20171028
TrendMicro TROJ_GEN.R047C0DDN17 20171029
TrendMicro-HouseCall TROJ_GEN.R047C0DDN17 20171029
VIPRE Trojan.Win32.Generic!BT 20171028
ViRobot Trojan.Win32.R.Agent.741276.A 20171028
WhiteArmor Malware.HighConfidence 20171024
Yandex Trojan.PWS.Banbra!LDwAhzMoxX4 20171027
Zillya Trojan.Banbra.Win32.27200 20171027
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171029
Alibaba 20170911
Avast-Mobile 20171028
Baidu 20171027
Bkav 20171029
ClamAV 20171028
CMC 20171028
Comodo 20171028
F-Prot 20171029
Jiangmin 20171029
Kingsoft 20171029
Malwarebytes 20171029
Rising 20171029
Symantec Mobile Insight 20171027
TotalDefense 20171028
Trustlook 20171029
VBA32 20171027
Webroot 20171029
Zoner 20171029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
版权所有 2016 联想集团有限公司

Product 联想云盘
Original name Runner.exe
Internal name Runner.exe
File version 1.4.0.8
Description 联想云盘
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-14 16:05:34
Entry Point 0x00185A72
Number of sections 8
PE sections
PE imports
GetUserNameA
DnsQuery_A
DecodePointer
EncodePointer
LocalFree
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleFileNameA
GetLocalTime
tolower
SafeArrayCreate
SHGetSpecialFolderPathA
PathFileExistsA
MessageBoxW
closesocket
LoadResource
LockResource
CoUninitialize
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
CHINESE SIMPLIFIED 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:14 17:05:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
134144

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
118784

SubsystemVersion
5.0

EntryPoint
0x185a72

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0952d38bf8b3f026cb3c41c87db338a7
SHA1 989b53cd73e1ef9e2fcea22da9614efe2c4e1589
SHA256 1dd1dbd6631b8b0b87d7bbab7aff004c983dbe87ba6c9e7fed851de4786e6ae1
ssdeep
12288:E87Ff6S7HfkYh59VNAWhH9Xwz0Dm+NAucTXjxAhu0EvlLsxpRV/fXGf8UyZV:PFfvHfkY1796C9NAtfxWCsx7V/fWEhZV

authentihash f31a75a7c677e7fda759e9af1fa6876e580e94292cca449f34a69d454fbf25fd
imphash 20597f67b0f42e341c1749cff8315b31
File size 723.9 KB ( 741276 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-23 08:08:57 UTC ( 1년, 1개월 전 )
Last submission 2017-07-24 15:37:08 UTC ( 10개월, 4주 전 )
파일 이름 Runner.exe
up.exe
Advanced heuristic and reputation engines
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications