× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: c675dc7fcb2dd80f9afa13fbca9a689f341a0ce6b87c2db98580ed92c593befb
파일 이름: HSUpdate.exe
탐지 비율: 23 / 43
분석 날짜: 2014-02-25 05:02:36 UTC ( 4년, 7개월 전 ) 최신 보기
안티바이러스 결과 업데이트
Ad-Aware Trojan.GenericKD.1572109 20140225
Yandex Packed/NSPack 20140223
AntiVir TR/Crypt.NSPM.Gen 20140225
Avast Win32:Malware-gen 20140225
BitDefender Trojan.GenericKD.1572109 20140225
Commtouch W32/Heuristic-210!Eldorado 20140225
Emsisoft Trojan.GenericKD.1572109 (B) 20140225
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.AFE 20140225
F-Prot W32/Heuristic-210!Eldorado 20140225
F-Secure Trojan.GenericKD.1572109 20140225
Fortinet W32/Agent.AFE!tr.dldr 20140225
GData Trojan.GenericKD.1572109 20140225
Ikarus Trojan-Downloader.Win32.Adnur 20140225
K7GW Trojan ( 00454f271 ) 20140224
McAfee Artemis!B6B9D14EF2A9 20140225
McAfee-GW-Edition Artemis!B6B9D14EF2A9 20140225
eScan Trojan.GenericKD.1572109 20140225
nProtect Trojan.GenericKD.1572109 20140225
Panda Trj/CI.A 20140224
Qihoo-360 HEUR/Malware.QVM17.Gen 20140225
Sophos AV Mal/Packer 20140225
TrendMicro-HouseCall TROJ_GEN.F47V0218 20140225
VIPRE Trojan.Win32.Generic!BT 20140225
AhnLab-V3 20140224
Antiy-AVL 20140219
AVG 20140225
Baidu-International 20140224
Bkav 20140224
ByteHero 20130613
CAT-QuickHeal 20140224
ClamAV 20140224
CMC 20140220
Comodo 20140225
DrWeb 20140225
Jiangmin 20140224
K7AntiVirus 20140224
Kaspersky 20140225
Kingsoft 20140225
Malwarebytes 20140225
Microsoft 20140225
NANO-Antivirus 20140225
Norman 20140224
Rising 20140223
SUPERAntiSpyware 20140225
Symantec 20140225
TheHacker 20140224
TotalDefense 20140225
TrendMicro 20140225
VBA32 20140224
ViRobot 20140224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product HackShield
Original name HSUpdate.exe
File version 2.1.2.10
Description HSUpdate
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 12:51 PM 4/4/2016
Packers identified
Command PecBundle, PECompact, NSPack
F-PROT PECompact, NSPack, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-17 23:28:27
Entry Point 0x00002055
Number of sections 2
PE sections
Overlays
MD5 f6099fc1f345ed624bf9850d169288d4
File type data
Offset 108544
Size 6736
Entropy 7.37
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 8
MHM 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 13
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.2.10

UninitializedDataSize
0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
245760

EntryPoint
0x2055

OriginalFileName
HSUpdate.exe

MIMEType
application/octet-stream

FileVersion
2.1.2.10

TimeStamp
2014:02:18 00:28:27+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.1.2.10

FileDescription
HSUpdate

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
HackShield

ProductVersionNumber
2.1.2.10

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b6b9d14ef2a9bb9b850dcbe3dc4aa927
SHA1 f87a10c6a513cbd1e2764d51ee4a9742c9de5207
SHA256 c675dc7fcb2dd80f9afa13fbca9a689f341a0ce6b87c2db98580ed92c593befb
ssdeep
1536:Xmu9sjw0TBx1kx7l8Jz+g8AlgdKVGQbMyB1HmcKFhvtG0UQTY+0wRWecxX:WU0chv1noVRbMEduh4010+0YcF

authentihash a3cf7691bcb1b3d0146aba2ed2bdaf49989ca38b465c93941e687faf6c7a8adf
imphash 09d0478591d4f788cb3e5ea416c25237
File size 112.6 KB ( 115280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (51.0%)
Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
pecompact peexe nspack overlay

VirusTotal metadata
First submission 2014-02-18 06:33:27 UTC ( 4년, 7개월 전 )
Last submission 2014-03-06 12:33:48 UTC ( 4년, 6개월 전 )
파일 이름 tmp77.tmp
vti-rescan
c675dc7fcb2dd80f9afa13fbca9a689f341a0ce6b87c2db98580ed92c593befb.exe
HSUpdate.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DD216.

Symantec reputation Suspicious.Insight
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections