× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 3c894a3209feb4698b26d3dc1e67836252e1ae3d272064178143207f7f0e0ef1
Bestandsnaam: franz_krukenberg_str_10_25436_uetersen.scr
Detectieverhouding: 44 / 57
Datum van analyse: 2015-02-20 11:23:52 UTC (4 jaren, 1 maand geleden) Laatste weergeven
Virusscanner Resultaat Versie
Ad-Aware Trojan.Downloader.CryptoLocker.F 20150220
Yandex Trojan.DL.Cabby! 20150220
AhnLab-V3 Win-Trojan/Ctblocker.44544 20150220
ALYac Trojan.Downloader.CryptoLocker.F 20150220
Antiy-AVL Trojan[Downloader]/Win32.Cabby 20150220
Avast Win32:Crypt-RTM [Trj] 20150220
AVG Crypt3.BYRG 20150220
Avira (no cloud) TR/Agent.49152.2041 20150220
AVware Trojan-Downloader.Win32.Dalexis 20150220
BitDefender Trojan.Downloader.CryptoLocker.F 20150220
ByteHero Trojan.Malware.Obscu.Gen.002 20150220
CAT-QuickHeal TrojanDownloader.Dalexis.A3 20150220
CMC Trojan.Win32.Krap.2!O 20150214
Cyren W32/Trojan.WGFQ-2226 20150220
DrWeb Trojan.DownLoader12.18214 20150220
Emsisoft Trojan.Downloader.CryptoLocker.F (B) 20150220
ESET-NOD32 a variant of Win32/Kryptik.CXJE 20150220
F-Prot W32/Trojan3.NOY 20150220
F-Secure Trojan.Downloader.CryptoLocker.F 20150220
Fortinet W32/Kryptik.CWXI!tr 20150220
GData Trojan.Downloader.CryptoLocker.F 20150220
Ikarus Trojan-Downloader.CTBLocker 20150220
Jiangmin TrojanDownloader.Cabby.dcv 20150219
K7AntiVirus Trojan-Downloader ( 00499db21 ) 20150220
K7GW Trojan-Downloader ( 00499db21 ) 20150220
Kaspersky Trojan-Downloader.Win32.Cabby.cekz 20150220
Malwarebytes Trojan.Ransom.TR 20150220
McAfee Ransom-CTB 20150220
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ph 20150220
Microsoft TrojanDownloader:Win32/Dalexis 20150220
eScan Trojan.Downloader.CryptoLocker.F 20150220
NANO-Antivirus Trojan.Win32.DownLoader12.dnnnhx 20150220
Norman Elenoocka.AE 20150220
nProtect Trojan-Downloader/W32.Cabby.49152.K 20150218
Sophos AV Troj/Agent-ALLW 20150220
Symantec Downloader.Ponik!gen11 20150220
TheHacker Trojan/Kryptik.cxje 20150219
TotalDefense Win32/Tnega.eSQSXWC 20150220
TrendMicro TROJ_DALEXIS.SMK 20150220
TrendMicro-HouseCall TROJ_DALEXIS.SMK 20150220
VBA32 Trojan.FakeAV.01657 20150220
VIPRE Trojan-Downloader.Win32.Dalexis 20150220
ViRobot Trojan.Win32.Downloader.48128.DT[h] 20150220
Zillya Downloader.Elenoocka.Win32.74 20150220
AegisLab 20150220
Alibaba 20150219
Baidu-International 20150220
Bkav 20150213
ClamAV 20150220
Comodo 20150220
Kingsoft 20150220
Panda 20150220
Qihoo-360 20150220
Rising 20150219
SUPERAntiSpyware 20150220
Tencent 20150220
Zoner 20150218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-06-30 12:22:30
Entry Point 0x00002A4A
Number of sections 5
PE sections
PE imports
DeviceIoControl
GetShortPathNameW
GetComputerNameA
lstrcmpiA
WaitForSingleObject
GetTickCount
LoadLibraryA
CreateNamedPipeA
GetPrivateProfileStructW
UpdateResourceA
GetProcessId
GetCurrentProcess
GetDateFormatA
GetPrivateProfileIntA
CreateDirectoryA
GetCurrentDirectoryA
GetConsoleTitleA
GetProcessHeap
ReadConsoleA
GetStringTypeA
SetFilePointer
ReadFile
GetAtomNameA
HeapValidate
GetTimeFormatA
GetSystemTimeAsFileTime
lstrcpynA
GetFullPathNameA
WriteConsoleA
SetCurrentDirectoryW
GetLongPathNameA
FormatMessageA
GetFullPathNameW
GetPrivateProfileSectionA
VirtualAlloc
GetNumberFormatW
UrlCanonicalizeA
UrlCombineA
UrlIsNoHistoryW
UrlIsA
PathCommonPrefixA
UrlGetPartA
PathCompactPathA
UrlUnescapeA
UrlGetLocationA
UrlIsOpaqueA
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSLogoffSession
WTSVirtualChannelWrite
WTSVirtualChannelClose
WTSFreeMemory
WTSRegisterSessionNotification
WTSSendMessageA
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSVirtualChannelQuery
WTSOpenServerW
WTSQueryUserToken
CAEnumFirstCA
CADeleteCA
CAEnumNextCA
CACloseCertType
CACloseCA
PhoneBookEnumCountries
PhoneBookCopyFilter
AlphaBlend
DllInitialize
TransparentBlt
GradientFill
GetWindowLongA
CreateWindowExA
IsWindow
wsprintfA
DispatchMessageA
LoadImageA
PeekMessageA
DialogBoxParamA
LoadCursorA
IsCharLowerW
GetPropA
CharToOemA
Number of PE resources by type
RT_ICON 10
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:06:30 13:22:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10240

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
37888

SubsystemVersion
5.1

EntryPoint
0x2a4a

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e4b72ce8ea569b12eabf0aef6ed81615
SHA1 99920e112a522e2d1b409e00330022f705c2fec7
SHA256 3c894a3209feb4698b26d3dc1e67836252e1ae3d272064178143207f7f0e0ef1
ssdeep
768:unmQZS5ZZv/smjw+MQ5kFPQ9Bml8AUph4ic7ru:QIp/zjw1QWq3ml8AUpzc7ru

authentihash fac90e70016acbb665cb53e983c5668655583e3ceb63b534dec169b7df23826a
imphash 57c8f6f8e19a0b5794c1e093acf2aee8
Bestandsgrootte 48.0 KB ( 49152 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-20 11:23:52 UTC (4 jaren, 1 maand geleden)
Last submission 2018-05-10 06:25:30 UTC (10 maanden, 2 weken geleden)
Bestandsnamen 3c894a3209feb4698b26d3dc1e67836252e1ae3d272064178143207f7f0e0ef1
franz_krukenberg_str_10_25436_uetersen.scr
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications