× Cookies er deaktivert! Denne siden krever at cookies er aktivert for å fungere optimalt.
SHA256: d94d1b90dbb0c5c3f8ea013b3f98bf7c305e40b4b390f0112c4f1ce6fde3b5af
Filnavn: d94d1b90dbb0c5c3f8ea013b3f98bf7c305e40b4b390f0112c4f1ce6fde3b5af.bin
Deteksjonsrate: 58 / 62
Analysedato: 2017-03-20 14:58:44 UTC ( 2 måneder, 1 uke siden )
Antivirus Resultat Oppdatér
Ad-Aware Trojan.Generic.KD.914347 20170320
AegisLab Packer.W32.Krap.lJyH 20170320
AhnLab-V3 Trojan/Win32.HmBlocker.R64891 20170320
ALYac Trojan.Generic.KD.914347 20170320
Antiy-AVL Worm[Net]/Win32.Kolab 20170320
Arcabit Trojan.Generic.KD.DDF3AB 20170320
Avast Win32:Malware-gen 20170320
AVG Dropper.Generic7.COFM 20170320
Avira (no cloud) TR/Dropper.Gen 20170320
AVware Trojan.Win32.Agent.aaxv (v) 20170320
Baidu Win32.Trojan.Injector.dt 20170320
BitDefender Trojan.Generic.KD.914347 20170320
Bkav W32.KeyloggerLTHVAP.Trojan 20170320
CAT-QuickHeal Trojan.Ircbrute.SU5 20170320
ClamAV Win.Trojan.Agent-1073066 20170320
Comodo TrojWare.Win32.Injector.BGJ 20170320
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.WLUI-7811 20170320
DrWeb BackDoor.Gurl.2 20170320
Emsisoft Trojan.Generic.KD.914347 (B) 20170320
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Injector.AEJX 20170320
F-Prot W32/Trojan2.NWBR 20170320
F-Secure Trojan.Generic.KD.914347 20170320
Fortinet W32/Injector.AEJX!tr 20170320
GData Trojan.Generic.KD.914347 20170320
Ikarus Trojan.Win32.Ircbrute 20170320
Invincea trojan.win32.lethic.b 20170203
Jiangmin Backdoor/Azbreg.aoo 20170320
K7AntiVirus Trojan ( 0040f5791 ) 20170320
K7GW Trojan ( 0040f5791 ) 20170320
Kaspersky HEUR:Trojan.Win32.Generic 20170320
Kingsoft Win32.Troj.Undef.(kcloud) 20170320
Malwarebytes Worm.AutoRun 20170320
McAfee Dropper-FED!A592B59CD6C1 20170320
McAfee-GW-Edition BehavesLike.Win32.Downloader.qm 20170320
Microsoft Trojan:Win32/Lethic.B 20170320
eScan Trojan.Generic.KD.914347 20170320
NANO-Antivirus Trojan.Win32.Gurl.brorzr 20170320
Panda Trj/Zbot.M 20170319
Qihoo-360 HEUR/Malware.QVM07.Gen 20170320
Rising Trojan.Generic (cloud:YSYWXQz2vrE) 20170320
Sophos Troj/Agent-AAXV 20170320
SUPERAntiSpyware Trojan.Agent/Gen-IRCBot 20170320
Symantec Packed.Generic.326 20170320
Tencent Win32.Trojan.Generic.Lmuc 20170320
TheHacker Trojan/Injector.aejx 20170318
TotalDefense Win32/Tnega.ASBD 20170320
TrendMicro WORM_AUTORUN.IHF 20170320
TrendMicro-HouseCall WORM_AUTORUN.IHF 20170320
VBA32 BScope.Backdoor.IRCBot.2122 20170320
VIPRE Trojan.Win32.Agent.aaxv (v) 20170320
ViRobot Worm.Win32.Net-Kolab.68231[h] 20170320
Webroot Malicious 20170320
Yandex Trojan.Injector!XWZZ9oRWCPQ 20170318
Zillya Trojan.HmBlocker.Win32.3851 20170320
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170320
Zoner Trojan.Lethic.AA 20170320
Alibaba 20170320
CMC 20170317
nProtect 20170320
Palo Alto Networks (Known Signatures) 20170320
SentinelOne (Static ML) 20170315
Trustlook 20170320
WhiteArmor 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-10-28 19:00:30
Entry Point 0x0000160F
Number of sections 5
PE sections
Overlays
MD5 fbaf48ec981a5eecdb57b929fdd426e8
File type ASCII text
Offset 57344
Size 200
Entropy 0.00
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
AddAtomA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
DrawAnimatedRects
FlashWindowEx
Number of PE resources by type
Struct(202) 1
Struct(211) 1
Number of PE resources by language
GERMAN NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:10:28 20:00:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x160f

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a592b59cd6c1e334dd66d7f9484d1f15
SHA1 67e1fe08c49469fb0639c50733d2403bc0fd6dbf
SHA256 d94d1b90dbb0c5c3f8ea013b3f98bf7c305e40b4b390f0112c4f1ce6fde3b5af
ssdeep
768:HCbJTWdEDgbvXF3lqF4rFmObOrFS2KneZ7+9MJC:HCbJTYEDclqaFnirlKneZ7uMU

authentihash 06f5418a052e357c515d0d1fd7219f1b115e8b6ae127db7e7f5bfdaf462fdfe9
imphash b41f22486d4aa79695588232cb2c7b00
File size 56.2 KB ( 57544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (56.7%)
Win32 Executable MS Visual C++ (generic) (29.1%)
Win32 Dynamic Link Library (generic) (6.1%)
Win32 Executable (generic) (4.2%)
Generic Win/DOS Executable (1.8%)
Tags
peexe via-tor armadillo overlay

VirusTotal metadata
First submission 2013-04-26 23:19:02 UTC ( 4 år, 1 måned siden )
Last submission 2015-09-04 17:40:09 UTC ( 1 år, 8 måneder siden )
Filnavn d94d1b90dbb0c5c3f8ea013b3f98bf7c305e40b4b390f0112c4f1ce6fde3b5af
a592b59cd6c1e334dd66d7f9484d1f15
B2708.exe
67e1fe08c49469fb0639c50733d2403bc0fd6dbf
d94d1b90dbb0c5c3f8ea013b3f98bf7c305e40b4b390f0112c4f1ce6fde3b5af.bin
7081.exe
Ingen kommentarer. Ingen av VirusTotals medlemmer har kommentert denne enheten, bli den første til å gjøre det!

Skriv en kommentar...

?
Send kommentar

Du har ikke logget inn. Bare registrerte brukere kan skrive kommentarer. Logg inn og bli hørt!

Ingen stemmer. Ingen har stemt på denne ennå, bli den første til å gjøre det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs