× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 38cef3cc4acffbb0d33c495038e60394c34839999434b9ee2e2610d5d5fcdd90
Bestandsnaam: Analyzer.exe
Detectieverhouding: 2 / 67
Datum van analyse: 2018-10-05 15:04:25 UTC (5 maanden, 2 weken geleden) Laatste weergeven
Virusscanner Resultaat Versie
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Ikarus Trojan.Python.Psw 20181005
Ad-Aware 20181005
AegisLab 20181005
AhnLab-V3 20181005
Alibaba 20180921
ALYac 20181005
Antiy-AVL 20181005
Arcabit 20181005
Avast 20181005
Avast-Mobile 20181005
AVG 20181005
Avira (no cloud) 20181005
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181005
Bkav 20181005
CAT-QuickHeal 20181005
ClamAV 20181005
CMC 20181005
Comodo 20181005
Cybereason 20180225
Cylance 20181005
Cyren 20181005
DrWeb 20181005
eGambit 20181005
Emsisoft 20181005
Endgame 20180730
ESET-NOD32 20181005
F-Prot 20181005
F-Secure 20181005
Fortinet 20181005
GData 20181005
Sophos ML 20180717
Jiangmin 20181005
K7AntiVirus 20181005
K7GW 20181005
Kaspersky 20181005
Kingsoft 20181005
Malwarebytes 20181005
MAX 20181005
McAfee 20181005
McAfee-GW-Edition 20181005
Microsoft 20181005
eScan 20181005
NANO-Antivirus 20181005
Palo Alto Networks (Known Signatures) 20181005
Panda 20181005
Qihoo-360 20181005
Rising 20181005
SentinelOne (Static ML) 20180926
Sophos AV 20181005
SUPERAntiSpyware 20181005
Symantec 20181005
Symantec Mobile Insight 20181001
TACHYON 20181005
Tencent 20181005
TheHacker 20181001
TrendMicro 20181005
TrendMicro-HouseCall 20181005
Trustlook 20181005
VBA32 20181005
VIPRE 20181005
ViRobot 20181005
Webroot 20181005
Yandex 20181005
Zillya 20181005
ZoneAlarm by Check Point 20181005
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2017-12-11 15:04:33
Entry Point 0x000087D4
Number of sections 7
PE sections
Overlays
MD5 d0dc7d01df6708ff6fabdc57ff9d2857
File type data
Offset 270336
Size 5232602
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RaiseException
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
FreeLibrary
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
RtlLookupFunctionEntry
FindFirstFileExW
RtlUnwindEx
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
SetEndOfFile
TlsFree
ReadFile
RtlCaptureContext
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2017:12:11 16:04:33+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
135680

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x87d4

InitializedDataSize
133632

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 138815e12b895a4037988f9e2d5ba8ab
SHA1 e8bde11e244f41465356b042ce47d15319639cfa
SHA256 38cef3cc4acffbb0d33c495038e60394c34839999434b9ee2e2610d5d5fcdd90
ssdeep
98304:bi87r2BzReIivVD/V6hz0q+PNLvE+zjEi2wVOSNgrC1nkLtm7L0rnpQ+IWsYde4i:biXcI2tVmmaOHR3f1gkIr+Wske4i

authentihash cddc7cd5c44a9539850f4aaf673c07d1f4099a31ca58a8b3590265d1c70f3809
imphash e5d81cf6a49d9472d6de8c1764efdfb4
Bestandsgrootte 5.2 MB ( 5502938 bytes )
Bestandstype Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID InstallShield setup (46.1%)
Win64 Executable (generic) (29.6%)
Microsoft Visual C++ compiled executable (generic) (17.7%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
Tags
64bits peexe assembly overlay

VirusTotal metadata
First submission 2018-10-05 15:04:25 UTC (5 maanden, 2 weken geleden)
Last submission 2018-10-05 15:04:25 UTC (5 maanden, 2 weken geleden)
Bestandsnamen Analyzer.exe
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!