× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: e40a32e6781af530eb6a544b185156d1a25384a78b7771bca52f05744af811f1
파일 이름: 0034095.scr
탐지 비율: 0 / 56
분석 날짜: 2015-08-20 11:56:24 UTC ( 3년, 9개월 전 ) 최신 보기
안티바이러스 결과 업데이트
Ad-Aware 20150820
AegisLab 20150820
Yandex 20150819
AhnLab-V3 20150820
Alibaba 20150820
ALYac 20150820
Antiy-AVL 20150820
Arcabit 20150820
Avast 20150820
AVG 20150820
Avira (no cloud) 20150820
AVware 20150820
Baidu-International 20150820
BitDefender 20150820
Bkav 20150820
ByteHero 20150820
CAT-QuickHeal 20150819
ClamAV 20150820
CMC 20150819
Comodo 20150820
Cyren 20150820
DrWeb 20150820
Emsisoft 20150820
ESET-NOD32 20150820
F-Prot 20150820
F-Secure 20150820
Fortinet 20150820
GData 20150820
Ikarus 20150820
Jiangmin 20150819
K7AntiVirus 20150820
K7GW 20150820
Kaspersky 20150820
Kingsoft 20150820
Malwarebytes 20150820
McAfee 20150820
McAfee-GW-Edition 20150820
Microsoft 20150820
eScan 20150820
NANO-Antivirus 20150820
nProtect 20150820
Panda 20150820
Qihoo-360 20150820
Rising 20150817
Sophos AV 20150820
SUPERAntiSpyware 20150820
Symantec 20150819
Tencent 20150820
TheHacker 20150820
TrendMicro 20150820
TrendMicro-HouseCall 20150820
VBA32 20150820
VIPRE 20150820
ViRobot 20150820
Zillya 20150820
Zoner 20150820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-06-05 22:05:28
Entry Point 0x00003000
Number of sections 5
PE sections
PE imports
GetModuleHandleA
ExitProcess
GetCommandLineW
DragAcceptFiles
DragQueryFileW
DragFinish
ShellAboutW
GetMessageA
CreateWindowExA
LoadIconA
DispatchMessageA
TranslateMessage
DefWindowProcA
RegisterClassExA
ChooseFontW
PageSetupDlgW
FindTextW
GetSaveFileNameW
CommDlgExtendedError
Number of PE resources by type
RT_BITMAP 1
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:06:05 23:05:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
1.71

EntryPoint
0x3000

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0fa4329816dc54b21f8542f2b84abcd4
SHA1 cb6945a81b9f19a384eb68d8aafcdcedd2dfb0b3
SHA256 e40a32e6781af530eb6a544b185156d1a25384a78b7771bca52f05744af811f1
ssdeep
384:KrA0wuC21D1hdCp2yxE6rfjg/sXkSk/VWX26z3Wf/P8fvP0nk:KrA0wuxDwTrfjfX3ktWm6LO/PqvN

authentihash 990edea8cae29c7bd8b17d993c7183ef71ba77625ee04f829a11cecdd9f383bf
imphash 64e4956b65f68eeee6c31364abcd60ab
File size 26.0 KB ( 26624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (53.8%)
Windows screen saver (25.5%)
Win32 Executable (generic) (8.7%)
Win16/32 Executable Delphi generic (4.0%)
Generic Win/DOS Executable (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-20 11:12:03 UTC ( 3년, 9개월 전 )
Last submission 2015-11-19 10:46:04 UTC ( 3년, 6개월 전 )
파일 이름 0034095.scr
0fa4329816dc54b21f8542f2b84abcd4
0034095.scr
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0E9H0ZHK15.

댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!