× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 6ef6c65d1a088ce21fc75954805ec033f6a070c7575745182d51c45084641679
파일 이름: #16.tmp.exe
탐지 비율: 5 / 46
분석 날짜: 2013-02-21 20:27:13 UTC ( 6년, 3개월 전 ) 최신 보기
안티바이러스 결과 업데이트
ESET-NOD32 Win32/Spy.Zbot.AAO 20130221
Fortinet W32/Zbot.ANQ!tr 20130221
Kaspersky UDS:DangerousObject.Multi.Generic 20130221
Panda Suspicious file 20130221
Rising Suspicious 20130205
Yandex 20130221
AhnLab-V3 20130221
AntiVir 20130221
Antiy-AVL 20130221
Avast 20130221
AVG 20130221
BitDefender 20130221
ByteHero 20130221
CAT-QuickHeal 20130221
ClamAV 20130221
Commtouch 20130221
Comodo 20130221
DrWeb 20130221
Emsisoft 20130221
eSafe 20130211
F-Prot 20130221
F-Secure 20130221
GData 20130221
Ikarus 20130221
Jiangmin 20130221
K7AntiVirus 20130221
Kingsoft 20130204
Malwarebytes 20130221
McAfee 20130221
McAfee-GW-Edition 20130221
Microsoft 20130221
eScan 20130221
NANO-Antivirus 20130221
Norman 20130221
nProtect 20130221
PCTools 20130219
Sophos AV 20130221
SUPERAntiSpyware 20130221
Symantec 20130221
TheHacker 20130221
TotalDefense 20130221
TrendMicro 20130221
TrendMicro-HouseCall 20130221
VBA32 20130221
VIPRE 20130221
ViRobot 20130221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name rekeywiz.exe
Internal name rekeywiz
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description EFS REKEY wizard
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-16 12:15:02
Entry Point 0x00004468
Number of sections 8
PE sections
PE imports
lstrcmpiW
GetAsyncKeyState
GetMessagePos
UnhookWindowsHookEx
GetDoubleClickTime
GetLastActivePopup
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:10:16 13:15:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
11.1

Warning
Error processing PE data dictionary

EntryPoint
0x4468

InitializedDataSize
170496

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c26c64c3129fca7aafe695904d5976da
SHA1 e452ecd2872fba751ccb6e8529447f0e81eebff6
SHA256 6ef6c65d1a088ce21fc75954805ec033f6a070c7575745182d51c45084641679
ssdeep
3072:5C0SuWwfG3i1MKiXfQ8d7moiH/1gh8Jy9zhdQKAMyJAg4izJLJVz8W+J:5C0r5fJ1Ml9N01gSnsyJNLXAW

authentihash 65515674d155de5d9f01dcd4220e7834e4308e902ab4e165b0e4eac3ef97723c
imphash a65fc3ce28c8115b15f6d4357174d606
File size 198.0 KB ( 202752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
corrupt peexe

VirusTotal metadata
First submission 2013-02-21 20:27:13 UTC ( 6년, 3개월 전 )
Last submission 2015-06-12 10:40:22 UTC ( 3년, 11개월 전 )
파일 이름 005187014
6ef6c65d1a088ce21fc75954805ec033f6a070c7575745182d51c45084641679
rekeywiz.exe
vti-rescan
rekeywiz
c26c64c3129fca7aafe695904d5976da
#16.tmp.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!