× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 71cb2f95804a6395020a1e6be5edf20154f8a45bfd8be1a827368375988fcedb
파일 이름: 패스타핑
탐지 비율: 0 / 68
분석 날짜: 2017-12-05 13:34:48 UTC ( 1년, 1개월 전 )
안티바이러스 결과 업데이트
Ad-Aware 20171205
AegisLab 20171205
AhnLab-V3 20171205
Alibaba 20171205
ALYac 20171205
Antiy-AVL 20171205
Arcabit 20171205
Avast 20171205
Avast-Mobile 20171204
AVG 20171205
Avira (no cloud) 20171205
AVware 20171205
Baidu 20171201
BitDefender 20171205
Bkav 20171205
CAT-QuickHeal 20171204
ClamAV 20171205
CMC 20171205
Comodo 20171205
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171205
Cyren 20171205
DrWeb 20171205
eGambit 20171205
Emsisoft 20171205
Endgame 20171130
ESET-NOD32 20171205
F-Prot 20171205
F-Secure 20171205
Fortinet 20171205
GData 20171205
Ikarus 20171205
Sophos ML 20170914
Jiangmin 20171205
K7AntiVirus 20171205
K7GW 20171205
Kaspersky 20171205
Kingsoft 20171205
Malwarebytes 20171205
MAX 20171205
McAfee 20171205
McAfee-GW-Edition 20171205
Microsoft 20171205
eScan 20171205
NANO-Antivirus 20171205
nProtect 20171205
Palo Alto Networks (Known Signatures) 20171205
Panda 20171205
Qihoo-360 20171205
Rising 20171205
SentinelOne (Static ML) 20171113
Sophos AV 20171205
SUPERAntiSpyware 20171205
Symantec 20171205
Symantec Mobile Insight 20171204
Tencent 20171205
TheHacker 20171205
TotalDefense 20171205
TrendMicro 20171205
TrendMicro-HouseCall 20171205
Trustlook 20171205
VBA32 20171205
VIPRE 20171205
ViRobot 20171205
Webroot 20171205
WhiteArmor 20171204
Yandex 20171201
Zillya 20171204
ZoneAlarm by Check Point 20171205
Zoner 20171205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Dongwoo Shin(http://www.byCPP.com)

Product 패스타핑
Original name 패스타핑.exe
Internal name 패스타핑
File version 0.0.0.0
Description 패스타핑
Signature verification Certificate out of its validity period
Signers
[+] Dongwoo Shin
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Class 2 Primary Intermediate Object CA
Valid from 4:41 PM 5/9/2015
Valid to 9:52 PM 5/9/2017
Valid usage Code Signing, Lifetime Signing
Algorithm sha256RSA
Thumbprint DF58AB56417621283CA2099C5009E80A0FF5AB0F
Serial number 11 85 0E 4B 32 C0 32
[+] StartCom Class 2 Primary Intermediate Object CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Certification Authority
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm sha1RSA
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time-Stamping Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 1:00 AM 1/31/2011
Valid to 12:59 AM 2/1/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 962FDDD76C6145ADAFA5E9AD98E3020D0821DD81
Serial number 40
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-26 01:56:18
Entry Point 0x00012BF0
Number of sections 5
PE sections
Overlays
MD5 64d5f6b838606871d99192ec8f1eb6f8
File type data
Offset 208896
Size 6384
Entropy 7.30
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
InterlockedPopEntrySList
WaitForSingleObject
SetEndOfFile
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InterlockedPushEntrySList
LoadResource
InterlockedDecrement
SetLastError
TlsGetValue
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
ReadConsoleW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
GlobalLock
GetProcessHeap
lstrcpyW
lstrcmpA
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
SizeofResource
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
LoadRegTypeLib
SysAllocStringLen
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VariantInit
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_IDW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
PathFileExistsW
SetFocus
CreateDialogParamW
EndPaint
EnableWindow
RegisterWindowMessageW
GetWindow
PostQuitMessage
InvalidateRect
DefWindowProcW
ReleaseCapture
GetParent
DestroyAcceleratorTable
GetMessageW
FindWindowA
LoadMenuW
SetWindowPos
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
ScreenToClient
UnhookWindowsHookEx
UpdateWindow
SetCapture
MoveWindow
TranslateMessage
GetFocus
PostMessageW
GetSysColor
DisableProcessWindowsGhosting
DispatchMessageW
GetCursorPos
ReleaseDC
BeginPaint
RegisterClassExW
DestroyIcon
RedrawWindow
ShowWindow
TranslateAcceleratorW
wsprintfW
IsWindowVisible
LoadStringW
SetWindowTextW
CreateAcceleratorTableW
GetDlgItem
SystemParametersInfoW
MessageBoxW
GetDC
ClientToScreen
CallNextHookEx
GetSubMenu
CreateWindowExA
CallWindowProcW
GetClassNameW
TrackPopupMenu
UnregisterClassW
FillRect
BlockInput
GetClientRect
GetWindowTextW
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
GetWindowTextLengthW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
SetForegroundWindow
InvalidateRgn
CharNextW
IsChild
DestroyWindow
InternetGetConnectedState
WSAStartup
gethostbyname
inet_ntoa
gethostname
WSACleanup
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize
OleInitialize
CoGetClassObject
CoCreateInstance
CLSIDFromProgID
CoTaskMemRealloc
OleUninitialize
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 8
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Korean

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
80384

EntryPoint
0x12bf0

OriginalFileName
.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.0.0.0

TimeStamp
2015:05:26 02:56:18+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0)

LegalCopyright
Dongwoo Shin(http://www.byCPP.com)

MachineType
Intel 386 or later, and compatibles

CompanyName
byCPP

CodeSize
136704

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 84fb489578409de08201056b120f3f4f
SHA1 7057578ef79894852cf4b2d954b1420abbae96df
SHA256 71cb2f95804a6395020a1e6be5edf20154f8a45bfd8be1a827368375988fcedb
ssdeep
3072:z6ZZxavnrsxaeUFe4hL0CMZ1AgB44OzJNAXMttkAHnpM:zUHaeUFe4h42kcK0p

authentihash d875e28886bf59b626068bb3c11ed751673f60f719fd2785e25d47c6f5a2de64
imphash 44e2e81cef81b9113882107fcab239d9
File size 210.2 KB ( 215280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-05-26 02:46:03 UTC ( 3년, 8개월 전 )
Last submission 2017-06-11 09:02:04 UTC ( 1년, 7개월 전 )
파일 이름 x91.exe"; filename*=UTF-8''%ED%8C%A8%EC%8A%A4%ED%83%80%ED%95%91.exe
패스타핑
패스타핑.exe
%ED%8C%A8%EC%8A%A4%ED%83%80%ED%95%91.exe
????.exe
????
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.