× Cookies er deaktivert! Denne siden krever at cookies er aktivert for å fungere optimalt.
SHA256: 2f4970866c91dd402dd1aafa3c06cacd369b35cee44d54f8475e1a2a68b83694
Filnavn: DOC #7887575794 PDF.exe
Deteksjonsrate: 43 / 68
Analysedato: 2017-11-20 07:02:27 UTC ( 1 år, 6 måneder siden ) Se siste
Antivirus Resultat Oppdatér
Ad-Aware Trojan.Agent.COZO 20171120
AhnLab-V3 Trojan/Win32.Fareit.R212666 20171120
ALYac Trojan.Agent.COZO 20171120
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20171120
Arcabit Trojan.Agent.COZO 20171120
Avast Win32:Malware-gen 20171120
AVG Win32:Malware-gen 20171120
Avira (no cloud) TR/Downloader.ruyxa 20171120
BitDefender Trojan.Agent.COZO 20171120
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171120
Cyren W32/Trojan.VBHP-6633 20171120
Emsisoft Trojan.Agent.COZO (B) 20171120
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 Win32/Injector.DSVZ 20171120
F-Prot W32/Trojan3.ACXI 20171120
F-Secure Trojan.Agent.COZO 20171120
Fortinet W32/Injector.DTAI!tr 20171120
GData Trojan.Agent.COZO 20171120
Ikarus Win32.Outbreak 20171119
Jiangmin Backdoor.Androm.tmg 20171120
K7AntiVirus Trojan ( 0051a1ce1 ) 20171120
K7GW Trojan ( 0051a1ce1 ) 20171120
Kaspersky Trojan-PSW.Win32.Fareit.hhx 20171120
Malwarebytes Spyware.HawkEyeKeyLogger 20171119
MAX malware (ai score=84) 20171120
McAfee Fareit-FOHM!DCB7AA9A46E0 20171120
McAfee-GW-Edition Fareit-FOHM!DCB7AA9A46E0 20171120
eScan Trojan.Agent.COZO 20171120
NANO-Antivirus Trojan.Win32.Fareit.eujkji 20171120
Panda Trj/CI.A 20171119
Qihoo-360 HEUR/QVM11.1.4EAE.Malware.Gen 20171120
Rising Trojan.Injector!1.AE3F (CLASSIC) 20171120
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Fareit-N 20171120
Symantec Infostealer.Lokibot!g6 20171119
Tencent Win32.Trojan-qqpass.Qqrob.Dwjk 20171120
TrendMicro TSPY_FAREIT.SMBD 20171120
TrendMicro-HouseCall TSPY_FAREIT.SMBD 20171120
VBA32 TrojanPSW.Fareit 20171117
Zillya Backdoor.Agent.Win32.64639 20171117
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.hhx 20171120
AegisLab 20171120
Alibaba 20170911
Avast-Mobile 20171119
AVware 20171120
Baidu 20171120
Bkav 20171118
CAT-QuickHeal 20171118
ClamAV 20171120
CMC 20171120
Comodo 20171120
DrWeb 20171120
eGambit 20171120
Sophos ML 20170914
Kingsoft 20171120
Microsoft 20171120
nProtect 20171120
Palo Alto Networks (Known Signatures) 20171120
SUPERAntiSpyware 20171120
Symantec Mobile Insight 20171117
TheHacker 20171117
TotalDefense 20171120
Trustlook 20171120
VIPRE 20171120
ViRobot 20171120
Webroot 20171120
WhiteArmor 20171104
Yandex 20171118
Zoner 20171120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-04-09 21:30:46
Entry Point 0x000FE5C0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
CoInitialize
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_STRING 22
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 51
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:04:09 22:30:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
585728

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xfe5c0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
454656

Compressed bundles
File identification
MD5 1364013aeb7d79ef351abff354bdf6c3
SHA1 3e7d9316e139e56e67bfec66772bbf6a4d956ee3
SHA256 2f4970866c91dd402dd1aafa3c06cacd369b35cee44d54f8475e1a2a68b83694
ssdeep
12288:cPQJh5VBAd6/9zEJ0u8n6qQec7h3FscIutuiXteqZunWZ+t78:4u5VqwzMtNec7h3ic3uqbP+

authentihash 793ec908db7e0de54bbfd4abbb93fac144dc914873cd4c5493c833b0f960bf18
imphash 1aaa197a27f37409d4b24f7bd8508e17
File size 583.5 KB ( 597504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-11-20 07:02:27 UTC ( 1 år, 6 måneder siden )
Last submission 2017-11-21 08:32:28 UTC ( 1 år, 5 måneder siden )
Filnavn DOC #7887575794 PDF.exe
DOC #7887575794 PDF.exe
Ingen kommentarer. Ingen av VirusTotals medlemmer har kommentert denne enheten, bli den første til å gjøre det!

Skriv en kommentar...

?
Send kommentar

Du har ikke logget inn. Bare registrerte brukere kan skrive kommentarer. Logg inn og bli hørt!

Ingen stemmer. Ingen har stemt på denne ennå, bli den første til å gjøre det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs