× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 59534fc234f2a99163f6c449778f838e1a84f14bb142def09b3e7342ba72c3fb
Bestandsnaam: SpyHunterCleaner.exe
Detectieverhouding: 21 / 56
Datum van analyse: 2016-11-13 11:42:36 UTC (2 jaren, 5 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
AegisLab Gen.Variant.Symmi!c 20161113
Antiy-AVL Trojan[Backdoor]/BAT.Agent 20161113
AVware Trojan.Win32.Generic!BT 20161113
Bkav W32.Clod525.Trojan.cffd 20161112
CAT-QuickHeal Trojan.Dynamer 20161112
CrowdStrike Falcon (ML) malicious_confidence_68% (D) 20161024
DrWeb Trojan.KillProc.42878 20161113
Fortinet W32/KillProc.SH!tr 20161113
Sophos ML backdoor.win32.fynloski.a 20161018
Jiangmin Trojan.Generic.acnqx 20161113
Kaspersky UDS:DangerousObject.Multi.Generic 20161113
McAfee Generic.aet 20161113
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc 20161113
NANO-Antivirus Trojan.Win32.KillProc.eempmh 20161113
Panda Trj/CI.A 20161113
Rising Malware.Generic!i6NAh7gYlrM@5 (thunder) 20161113
Sophos AV Mal/Generic-S 20161113
SUPERAntiSpyware Trojan.Agent/Gen-KillProc 20161112
VIPRE Trojan.Win32.Generic!BT 20161113
ViRobot Trojan.Win32.Z.Killproc.525312[h] 20161113
Yandex Trojan.KillProc!X317hgZoPHo 20161112
Ad-Aware 20161113
AhnLab-V3 20161112
Alibaba 20161110
ALYac 20161113
Arcabit 20161113
Avast 20161113
AVG 20161113
Avira (no cloud) 20161113
Baidu 20161111
BitDefender 20161113
ClamAV 20161113
CMC 20161113
Comodo 20161113
Cyren 20161113
Emsisoft 20161113
ESET-NOD32 20161113
F-Prot 20161113
F-Secure 20161113
GData 20161113
Ikarus 20161113
K7AntiVirus 20161113
K7GW 20161113
Kingsoft 20161113
Malwarebytes 20161113
Microsoft 20161113
eScan 20161113
nProtect 20161113
Qihoo-360 20161113
Symantec 20161113
Tencent 20161113
TheHacker 20161111
TrendMicro 20161113
TrendMicro-HouseCall 20161113
VBA32 20161111
Zillya 20161111
Zoner 20161113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Trojaner-Board.de

Product SpyHunterCleaner
Internal name SHC
File version 1,2,3,0
Description Programm zum Entfernen von SpyHunter
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-27 14:05:09
Entry Point 0x000A9E70
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CoInitialize
ShellExecuteExA
PathGetArgsA
Number of PE resources by type
RT_ICON 17
RT_RCDATA 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 25
PE resources
ExifTool file metadata
UninitializedDataSize
454656

InitializedDataSize
286720

ImageVersion
0.0

ProductName
SpyHunterCleaner

FileVersionNumber
1.2.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Programm zum Entfernen von SpyHunter

CharacterSet
Windows, Latin1

LinkerVersion
2.5

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1,2,3,0

TimeStamp
2016:05:27 15:05:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SHC

ProductVersion
1.2.3.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Trojaner-Board.de

MachineType
Intel 386 or later, and compatibles

CompanyName
Trojaner-Board.de

CodeSize
241664

FileSubtype
0

ProductVersionNumber
1.2.3.0

EntryPoint
0xa9e70

ObjectFileType
Executable application

File identification
MD5 61bb90aca0f7173a43f14d35e27d92d7
SHA1 35f3603723d02bca6dcabe07d4e71c447380735e
SHA256 59534fc234f2a99163f6c449778f838e1a84f14bb142def09b3e7342ba72c3fb
ssdeep
12288:uMQADHSHjYokP41VcUeV8Ff2WxoSLOCBlM6mYV2fDwoq/4CGV3:DQADHSEdmGhOt7HM6mG2fDwoqwCG

authentihash 45770895e732a2ec78cc56da7e29bd8c04bb0a57311e7bc53e4b7bcd18bea9eb
imphash 222aa05376cbfcb8bf95030ca1e5adde
Bestandsgrootte 513.0 KB ( 525312 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-07-10 09:27:39 UTC (2 jaren, 9 maanden geleden)
Last submission 2017-02-04 16:44:54 UTC (2 jaren, 2 maanden geleden)
Bestandsnamen SpyHunterCleaner.exe
59534fc234f2a99163f6c449778f838e1a84f14bb142def09b3e7342ba72c3fb
SHC
SpyHunterCleaner.exe
59534fc234f2a99163f6c449778f838e1a84f14bb142def09b3e7342ba72c3fb.bin
59534FC234F2A99163F6C449778F838E1A84F14BB142DEF09B3E7342BA72C3FB.dat
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0710.

Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications