× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: c2859b160652ba211c4c102b6f5d806d2459190d836efe77d7c0885c0613a08e
파일 이름: C2859B160652BA211C4C102B6F5D806D2459190D836EFE77D7C0885C0613A08E
탐지 비율: 20 / 55
분석 날짜: 2016-08-12 05:03:32 UTC ( 2년, 9개월 전 )
안티바이러스 결과 업데이트
Ad-Aware Trojan.GenericKD.3457295 20160812
ALYac Trojan.GenericKD.3457295 20160812
Arcabit Trojan.Generic.D34C10F 20160812
Avast Win32:Malware-gen 20160812
AVG Atros3.COIN 20160812
BitDefender Trojan.GenericKD.3457295 20160812
Cyren W32/Trojan.IGQV-5125 20160812
DrWeb BackDoor.Bifrost.20608 20160812
Emsisoft Trojan.GenericKD.3457295 (B) 20160812
ESET-NOD32 a variant of Win32/GenKryptik.YD 20160812
F-Secure Trojan.GenericKD.3457295 20160812
Fortinet W32/GenKryptik.YD!tr 20160812
GData Trojan.GenericKD.3457295 20160812
K7AntiVirus Trojan ( 004f5ec01 ) 20160811
K7GW Trojan ( 004f5ec01 ) 20160812
McAfee Artemis!BF547B4770DF 20160812
McAfee-GW-Edition Artemis!Trojan 20160812
eScan Trojan.GenericKD.3457295 20160812
nProtect Trojan.GenericKD.3457295 20160812
TrendMicro-HouseCall TROJ_GEN.R047H09HB16 20160812
AegisLab 20160812
AhnLab-V3 20160811
Alibaba 20160812
Antiy-AVL 20160812
Avira (no cloud) 20160812
AVware 20160812
Baidu 20160811
Bkav 20160811
CAT-QuickHeal 20160812
ClamAV 20160811
CMC 20160811
Comodo 20160812
F-Prot 20160812
Ikarus 20160811
Jiangmin 20160811
Kaspersky 20160812
Kingsoft 20160812
Malwarebytes 20160812
Microsoft 20160811
NANO-Antivirus 20160812
Panda 20160811
Qihoo-360 20160812
Sophos AV 20160812
SUPERAntiSpyware 20160812
Symantec 20160812
Tencent 20160812
TheHacker 20160812
TotalDefense 20160812
TrendMicro 20160812
VBA32 20160811
VIPRE 20160812
ViRobot 20160812
Yandex 20160812
Zillya 20160811
Zoner 20160812
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TODO: (C)

Product TODO:
Original name SubFirst.exe
Internal name SubFirst
File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-10 18:33:35
Entry Point 0x0001F0BA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
InitCommonControlsEx
GetWindowExtEx
SetMapMode
GetRgnBox
SaveDC
TextOutA
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
ExtSelectClipRgn
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
DuplicateHandle
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
MoveWindow
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetWindowContextHelpId
GetNextDlgTabItem
CallNextHookEx
CopyAcceleratorTableA
GetActiveWindow
GetTopWindow
GetWindowTextA
InvalidateRgn
DestroyWindow
GetMessageA
GetParent
MapDialogRect
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
PostMessageA
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
SetCapture
ReleaseCapture
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
CharNextA
GetCapture
MessageBeep
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
RegisterClipboardFormatA
IsRectEmpty
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
WinHelpA
SetRect
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
OleUninitialize
CLSIDFromString
CoTaskMemAlloc
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
CoGetClassObject
Number of PE resources by type
RT_STRING 25
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_DIALOG 3
RT_BITMAP 3
OMG 2
RT_MENU 2
Struct(241) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 67
NEUTRAL 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
94208

EntryPoint
0x1f0ba

OriginalFileName
SubFirst.exe

MIMEType
application/octet-stream

LegalCopyright
TODO: (C)

FileVersion
1.0.0.1

TimeStamp
2016:08:10 19:33:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SubFirst

ProductVersion
1.0.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO:

CodeSize
204800

ProductName
TODO:

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bf547b4770dfd29b31eaaa922db6f562
SHA1 ffe2b8d0845edcbbae860f8ab03f581a3dca6ffc
SHA256 c2859b160652ba211c4c102b6f5d806d2459190d836efe77d7c0885c0613a08e
ssdeep
6144:Dpv+ZnM/B5hO6yN83VyBhfCj7bmU6vpENc:tv+rN2VyBlmbmvvL

authentihash aa31ac0bd81cbb6f4c5d7eab5644a083363473e0b1c675b7692befd2c2123553
imphash 0e932a37e31579327165721b4421fb50
File size 296.0 KB ( 303104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-11 09:11:16 UTC ( 2년, 9개월 전 )
Last submission 2016-08-11 09:11:16 UTC ( 2년, 9개월 전 )
파일 이름 SubFirst
SubFirst.exe
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications