× Cookies er deaktivert! Denne siden krever at cookies er aktivert for å fungere optimalt.
SHA256: b7a7d715f370142ddc6d1ba15f9f7377cda3995d4726874d4eeda24d4b9eff13
Filnavn: C.exe
Deteksjonsrate: 17 / 63
Analysedato: 2017-07-26 04:04:30 UTC ( 1 år, 10 måneder siden ) Se siste
Antivirus Resultat Oppdatér
AegisLab Ml.Attribute.Gen!c 20170725
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9944 20170725
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170710
Cylance Unsafe 20170726
Endgame malicious (high confidence) 20170721
Sophos ML heuristic 20170607
Kaspersky UDS:DangerousObject.Multi.Generic 20170725
McAfee Artemis!90284B01FAE8 20170725
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20170725
Palo Alto Networks (Known Signatures) generic.ml 20170726
Panda Trj/Genetic.gen 20170725
Rising Trojan.Ransom.GlobeImposter!1.AC37 (classic) 20170725
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-S 20170725
Symantec Trojan.Trickybot 20170725
Webroot W32.Trojan.Gen 20170726
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170725
Ad-Aware 20170725
AhnLab-V3 20170725
Alibaba 20170725
ALYac 20170725
Antiy-AVL 20170725
Arcabit 20170725
Avast 20170725
AVG 20170725
Avira (no cloud) 20170725
AVware 20170721
BitDefender 20170725
Bkav 20170725
CAT-QuickHeal 20170725
ClamAV 20170725
CMC 20170725
Comodo 20170725
Cyren 20170725
DrWeb 20170725
Emsisoft 20170725
ESET-NOD32 20170725
F-Prot 20170725
F-Secure 20170725
Fortinet 20170725
GData 20170725
Ikarus 20170725
Jiangmin 20170725
K7AntiVirus 20170725
K7GW 20170725
Kingsoft 20170726
Malwarebytes 20170725
MAX 20170725
Microsoft 20170725
eScan 20170725
NANO-Antivirus 20170725
nProtect 20170725
Qihoo-360 20170726
SUPERAntiSpyware 20170725
Symantec Mobile Insight 20170725
Tencent 20170726
TheHacker 20170724
TrendMicro 20170725
TrendMicro-HouseCall 20170725
Trustlook 20170726
VBA32 20170725
VIPRE 20170725
ViRobot 20170725
WhiteArmor 20170725
Yandex 20170725
Zillya 20170725
Zoner 20170725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Yogi bonubasozucu tikutateduwevu giyecalulihaku tuhufotafodoja

File version 19, 5, 8, 9
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-25 15:07:56
Entry Point 0x000019F3
Number of sections 4
PE sections
PE imports
GetMapMode
GetGraphicsMode
GetTextCharacterExtra
GetPath
CloseFigure
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetSystemTimes
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
AddAtomA
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
GlobalMemoryStatus
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
GetFileType
GetConsoleOutputCP
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetDC
GetMenuInfo
WinHttpOpen
WinHttpCloseHandle
Number of PE resources by type
RT_MENU 5
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
19.5.8.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
408064

EntryPoint
0x19f3

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
19, 5, 8, 9

TimeStamp
2017:07:25 16:07:56+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
19, 5, 8, 9

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Yogi bonubasozucu tikutateduwevu giyecalulihaku tuhufotafodoja

MachineType
Intel 386 or later, and compatibles

CodeSize
49152

FileSubtype
0

ProductVersionNumber
19.5.8.9

FileTypeExtension
exe

ObjectFileType
Unknown

Execution parents
File identification
MD5 90284b01fae8a932ca99767825568721
SHA1 b5d87d60a66100151f5ce1af2b9737ebe14d63e4
SHA256 b7a7d715f370142ddc6d1ba15f9f7377cda3995d4726874d4eeda24d4b9eff13
ssdeep
6144:HkiJfvHjIm0e88nde+LntximA9QRdCI2WXP6a0YMqz8S1JyKS+NU4:HkRcpd0L9QRdChWXyqz8SH4M7

authentihash 035a4c8627139defc7133faa0a9e957366ec023fe25adc702ee7bdf5e41b9e09
imphash 274383fe9620e6c5727d50ed2192a1ef
File size 438.5 KB ( 449024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (32.3%)
Win32 Executable MS Visual C++ (generic) (24.2%)
Win64 Executable (generic) (21.4%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-25 23:22:27 UTC ( 1 år, 10 måneder siden )
Last submission 2017-08-04 05:26:42 UTC ( 1 år, 9 måneder siden )
Filnavn b7a7d715f370142ddc6d1ba15f9f7377cda3995d4726874d4eeda24d4b9eff13.bin.exe
C.exe
05_http`wirbeldipf.ch`n3f7b$_descrambled.malware
http___trominguatedrop.org_af_n3f7b.decoded.exe
zmfzSc.exe
vciv.exe
A.exe
Ingen kommentarer. Ingen av VirusTotals medlemmer har kommentert denne enheten, bli den første til å gjøre det!

Skriv en kommentar...

?
Send kommentar

Du har ikke logget inn. Bare registrerte brukere kan skrive kommentarer. Logg inn og bli hørt!

Ingen stemmer. Ingen har stemt på denne ennå, bli den første til å gjøre det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs