× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 8b0621cb875236a02d12cd2566e3eccdbec7af8c7c565a2524b5911e516d0ec2
파일 이름: dll.exe
탐지 비율: 35 / 55
분석 날짜: 2016-01-13 04:26:30 UTC ( 2년, 4개월 전 )
안티바이러스 결과 업데이트
Ad-Aware Gen:Trojan.Heur.PT.tmJdb0phvtp 20160112
Yandex Packed/NSPack 20160111
AhnLab-V3 Trojan/Win32.Agent 20160112
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160113
Arcabit Trojan.Heur.PT.tmJdb0phvtp 20160113
Avast Win32:Evo-gen [Susp] 20160113
AVG nspack 20160113
Avira (no cloud) TR/Crypt.XPACK.Gen 20160113
AVware Packer.NSAnti.Gen (v) 20160111
BitDefender Gen:Trojan.Heur.PT.tmJdb0phvtp 20160113
Bkav W32.HfsAutoB.B122 20160112
Comodo TrojWare.Win32.Trojan.NSPM.~gen 20160113
Cyren W32/Heuristic-210!Eldorado 20160113
DrWeb Trojan.DownLoader18.50694 20160113
Emsisoft Gen:Trojan.Heur.PT.tmJdb0phvtp (B) 20160113
ESET-NOD32 a variant of Win32/Qhost.PMI 20160113
F-Prot W32/Heuristic-210!Eldorado 20160111
F-Secure Gen:Trojan.Heur.PT.tmJdb0phvtp 20160113
Fortinet W32/Generic!tr 20160113
GData Gen:Trojan.Heur.PT.tmJdb0phvtp 20160113
Ikarus Trojan.Win32.Cosmu 20160113
K7AntiVirus Trojan ( 003bc76d1 ) 20160112
K7GW Trojan ( 003bc76d1 ) 20160113
Kaspersky HEUR:Trojan.Win32.Generic 20160112
Malwarebytes Trojan.Agent.Gen 20160113
McAfee Artemis!148DC5CEE98D 20160113
McAfee-GW-Edition BehavesLike.Win32.PWSGamania.fc 20160113
eScan Gen:Trojan.Heur.PT.tmJdb0phvtp 20160113
Qihoo-360 QVM12.0.Malware.Gen 20160113
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160112
Sophos AV Mal/Packer 20160113
Symantec Suspicious.IRCBot 20160112
TheHacker W32/Behav-Heuristic-063 20160107
VIPRE Packer.NSAnti.Gen (v) 20160113
ViRobot Trojan.Win32.Agent.318391[h] 20160112
AegisLab 20160112
Alibaba 20160112
ALYac 20160113
Baidu-International 20160112
ByteHero 20160113
CAT-QuickHeal 20160112
ClamAV 20160113
CMC 20160111
Jiangmin 20160112
Microsoft 20160113
NANO-Antivirus 20160113
nProtect 20160112
Panda 20160112
SUPERAntiSpyware 20160113
Tencent 20160113
TrendMicro 20160113
TrendMicro-HouseCall 20160113
VBA32 20160112
Zillya 20160112
Zoner 20160113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PE_Patch, NSPack
PEiD NsPacK V3.7 -> LiuXingPing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-12 04:47:35
Entry Point 0x000291D5
Number of sections 3
PE sections
Overlays
MD5 0c1329797fc37c1bde2a587dd464d836
File type data
Offset 62464
Size 255927
Entropy 8.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
??3@YAXPAX@Z
wsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:12 05:47:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

EntryPoint
0x291d5

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
163840

File identification
MD5 148dc5cee98db9c5dbc7ccac54b03ac0
SHA1 86f69f2b13e5a9a96c8325821c463d51957a1f62
SHA256 8b0621cb875236a02d12cd2566e3eccdbec7af8c7c565a2524b5911e516d0ec2
ssdeep
6144:Xkq1ryp2L+om5N1dN75fMJ3+ndYahSXPVWuXLYB:XsXH1/GtgdGXLYB

authentihash 8e2194cc0c2c7339564e7cd6e4569a66ecf873e7542e0f8c42cc9342c1a307ec
imphash 27ca6b32f3c43eb7f5606685f8911b24
File size 310.9 KB ( 318391 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe hosts-modifier nspack overlay

VirusTotal metadata
First submission 2016-01-12 15:25:32 UTC ( 2년, 4개월 전 )
Last submission 2016-01-13 04:26:30 UTC ( 2년, 4개월 전 )
파일 이름 dll.exe
dll.exe.bak
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Modified hosts file
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications