× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 717a391c24a0e8796ac9fda436164b5764f5050bbdd8dbe16373787103753819
파일 이름: Faint.exe
탐지 비율: 49 / 56
분석 날짜: 2015-07-27 17:59:54 UTC ( 2년, 4개월 전 )
안티바이러스 결과 업데이트
Ad-Aware Trojan.GenericKDV.966993 20150727
Yandex Backdoor.Azbreg!MUY+pZg20Uk 20150727
AhnLab-V3 Backdoor/Win32.Androm 20150727
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20150727
Arcabit Trojan.GenericV.DEC151 20150727
Avast Win32:Trojan-gen 20150727
AVG BackDoor.Generic17.AXW 20150727
Avira (no cloud) TR/Crypt.ULPM.Gen 20150727
AVware Worm.Win32.Hamweq 20150727
Baidu-International Worm.Win32.AutoRun.42 20150727
BitDefender Trojan.GenericKDV.966993 20150727
CAT-QuickHeal Worm.Hamweq.rw3 20150727
Comodo Heur.Suspicious 20150727
Cyren W32/Hamweq.IUPB-8009 20150727
DrWeb BackDoor.Ddoser.131 20150727
Emsisoft Trojan.GenericKDV.966993 (B) 20150727
ESET-NOD32 Win32/AutoRun.KS 20150727
F-Prot W32/Hamweq.AG 20150727
F-Secure Trojan.GenericKDV.966993 20150727
Fortinet W32/Azbreg.KS!tr.bdr 20150727
GData Trojan.GenericKDV.966993 20150727
Ikarus Worm.Win32.Hamweq 20150727
Jiangmin Backdoor/Azbreg.bpb 20150726
K7AntiVirus Riskware ( 0040eff71 ) 20150727
K7GW Riskware ( 0040eff71 ) 20150727
Kaspersky Backdoor.Win32.Azbreg.ucr 20150727
Kingsoft Win32.Troj.Agent.k.(kcloud) 20150727
Malwarebytes Trojan.Agent.RSRVGen 20150727
McAfee W32/Rimecud 20150727
McAfee-GW-Edition BehavesLike.Win32.Virut.qc 20150727
Microsoft Worm:Win32/Hamweq.A 20150727
eScan Trojan.GenericKDV.966993 20150727
NANO-Antivirus Trojan.Win32.Siggen.crawoy 20150727
nProtect Backdoor/W32.Azbreg.58880 20150727
Panda Trj/OCJ.E 20150727
Qihoo-360 HEUR/Malware.QVM11.Gen 20150727
Rising PE:Trojan.Win32.Generic.14883593!344470931 20150722
Sophos AV Mal/ZboCheMan-N 20150727
SUPERAntiSpyware Trojan.Agent/Gen-Vermer 20150727
Symantec W32.Pilleuz 20150727
Tencent Win32.Backdoor.Azbreg.Chf 20150727
TheHacker Posible_Worm32 20150727
TotalDefense Win32/Tnega.ASBC 20150727
TrendMicro WORM_HAMWEQ.FU 20150727
TrendMicro-HouseCall WORM_HAMWEQ.FU 20150727
VBA32 Trojan.SB.01742 20150727
VIPRE Worm.Win32.Hamweq 20150727
Zillya Worm.AutoRun.Win32.104945 20150727
Zoner I-Worm.AutoRun.KS 20150727
AegisLab 20150727
Alibaba 20150727
ALYac 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Stag 1997 2007

Publisher O*r>
Original name Faint.exe
File version 5, 8, 6
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-18 09:47:37
Entry Point 0x00082FE0
Number of sections 3
PE sections
PE imports
LsaLookupNames
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
RT_DLGINCLUDE 16
RT_DIALOG 15
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH AUS 40
PE resources
ExifTool file metadata
CharacterSet
Unicode

SubsystemVersion
4.0

InitializedDataSize
24576

ImageVersion
0.0

sOSLIMdcWWYUC
BOHFE7EELI1Odhll

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

qmMS5x4CnHINo1rFbj
BJ8uktUTB4D3MLvO

FileVersionNumber
5.8.0.0

L1L6JWcHamorLwQQ64
tb8aj1wxIUOXTHuNScwI

LinkerVersion
5.0

FBA8Y4DmcaFnYRfMQ
rxWOgR4IuRpq4QD4yOjG

EntryPoint
0x82fe0

OriginalFileName
Faint.exe

MIMEType
application/octet-stream

LegalCopyright
Stag 1997 2007

FileVersion
5, 8, 6

TimeStamp
2006:02:18 10:47:37+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5 8 1286

UninitializedDataSize
499712

kgVkhS725rRyYP45Kqh
WIOsbjaX6fcPGwT

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

RbnqPMJHsGO
IyxHUFd5CSUSmVp2p8i

MachineType
Intel 386 or later, and compatibles

CompanyName
O*r>

CodeSize
36864

FileSubtype
0

ProductVersionNumber
5.8.0.0

AuC7MxJL3h24
Stc2YppxedK

FileTypeExtension
exe

ObjectFileType
Executable application

R6jXYhUej8kT
ITeD8obbhwfMEcEMuA

File identification
MD5 00632e0224390d5ebdfa50efc51ed8d3
SHA1 3266392d010460fed1a0df5795de3e38fe0446eb
SHA256 717a391c24a0e8796ac9fda436164b5764f5050bbdd8dbe16373787103753819
ssdeep
1536:Kz6ixRYwfCIyYWBf8y0EfDpQdyAGG1Gx:4Hx2wRDWJ8y0ECYN

authentihash 6cae5917e6990e42e297fcf3b8b5bd71417dbae6f50cfdac9979c208c59597e2
imphash f09f4b154a17052da6c4bff7c4e201ea
File size 57.5 KB ( 58880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
honeypot peexe

VirusTotal metadata
First submission 2013-04-26 18:04:50 UTC ( 4년, 7개월 전 )
Last submission 2015-06-12 11:12:32 UTC ( 2년, 6개월 전 )
파일 이름 006467617
hostsn.exe1
aa
Faint.exe
00632e0224390d5ebdfa50efc51ed8d3
WL-0aa7eb44b572b5f287553ad48f08fe88-0.ex$
v.exe
00632e0224390d5ebdfa50efc51ed8d3.3266392d010460fed1a0df5795de3e38fe0446eb
output.10493897.txt
hostsn.exe
00632e0224390d5ebdfa50efc51ed8d3
v.exe
B2700.exe
sample.exe
10493897
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!