× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: c7cd4a20d66accac17fd215004fa23894dd05a9e7be0f18bf9e27be4dd9b42d6
Bestandsnaam: process.0x86372a38.0x400000.dmp
Detectieverhouding: 32 / 46
Datum van analyse: 2013-06-18 19:36:57 UTC (5 jaren, 11 maanden geleden)
Virusscanner Resultaat Versie
AhnLab-V3 Trojan/Win32.Windef 20130618
AntiVir BDS/Backdoor.Gen 20130618
Antiy-AVL Trojan/Win32.Windef 20130618
Avast Win32:KeyLogger-ARY [Spy] 20130618
AVG Generic31.URJ 20130618
BitDefender Trojan.Keylogger.VB.AP 20130618
Commtouch W32/VBInject.AM.gen!Eldorado 20130618
Comodo TrojWare.Win32.Agent.ADDD 20130618
DrWeb BackDoor.Blackshades.17 20130618
Emsisoft Trojan.Keylogger.VB.AP (B) 20130618
ESET-NOD32 Win32/Ainslot.AB 20130618
F-Prot W32/VBInject.AM.gen!Eldorado 20130618
Fortinet W32/Cospet.HA!tr 20130618
GData Trojan.Keylogger.VB.AP 20130618
Ikarus P2P-Worm.Win32.BlackControl 20130618
K7AntiVirus Riskware 20130618
Kaspersky Trojan-FakeAV.Win32.Windef.myj 20130618
Kingsoft Win32.Troj.Undef.(kcloud) 20130506
McAfee W32/Generic.worm!p2p 20130618
McAfee-GW-Edition W32/Generic.worm!p2p 20130618
Microsoft Worm:Win32/Ainslot.A 20130618
Norman Ainslot.A 20130618
nProtect Trojan.Keylogger.VB.AP 20130618
Panda Suspicious file 20130618
PCTools Malware.Shadesrat 20130521
Rising Worm.Win32.Anisolt.a 20130618
Sophos AV Mal/VB-GI 20130618
Symantec W32.Shadesrat 20130618
TrendMicro WORM_SWISYN.SM 20130618
TrendMicro-HouseCall WORM_SWISYN.SM 20130618
VBA32 Malware-Cryptor.VB.gen.1 20130618
VIPRE Trojan.Win32.Ainslot.b (v) 20130618
Yandex 20130618
ByteHero 20130613
CAT-QuickHeal 20130618
ClamAV 20130618
eSafe 20130616
Jiangmin 20130618
K7GW 20130618
Malwarebytes 20130618
eScan 20130618
NANO-Antivirus 20130618
SUPERAntiSpyware 20130618
TheHacker 20130618
TotalDefense 20130618
ViRobot 20130618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-10 09:20:29
Entry Point 0x000013D8
Number of sections 3
PE sections
PE imports
Ord(546)
Ord(518)
Ord(537)
Ord(616)
EVENT_SINK_Invoke
Ord(527)
Ord(558)
Ord(709)
Ord(665)
Ord(714)
Ord(301)
Ord(536)
Ord(694)
Ord(595)
Ord(577)
Ord(581)
Ord(601)
Ord(306)
Ord(631)
EVENT_SINK_QueryInterface
Ord(689)
Ord(648)
Ord(516)
Ord(531)
Ord(607)
Ord(525)
Ord(594)
Ord(681)
Ord(576)
Ord(717)
Ord(600)
Ord(307)
DllFunctionCall
Zombie_GetTypeInfoCount
Ord(608)
Ord(571)
Ord(319)
Ord(321)
Ord(696)
Ord(711)
Ord(606)
EVENT_SINK_Release
Ord(610)
Ord(716)
Ord(579)
Ord(570)
Ord(710)
Ord(592)
EVENT_SINK_GetIDsOfNames
Ord(666)
Ord(593)
Ord(626)
Ord(578)
Ord(618)
Ord(542)
Zombie_GetTypeInfo
Ord(520)
Ord(320)
Ord(660)
Ord(690)
Ord(580)
Ord(713)
EVENT_SINK2_AddRef
Ord(303)
Ord(528)
Ord(553)
Ord(619)
Ord(563)
Ord(535)
Ord(521)
Ord(685)
Ord(572)
EVENT_SINK_AddRef
Ord(712)
Ord(300)
Ord(612)
Ord(702)
Ord(632)
MethCallEngine
Ord(645)
Ord(100)
Ord(599)
Ord(519)
Ord(561)
Ord(309)
Ord(526)
ProcCallEngine
Ord(617)
Ord(573)
Ord(569)
Ord(529)
Ord(613)
__vbaExceptHandler
Ord(644)
EVENT_SINK2_Release
Ord(598)
Ord(545)
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:10 10:20:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
458752

LinkerVersion
6.0

EntryPoint
0x13d8

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 479c3ddc00be43eeabe26fffbef5fac4
SHA1 71bab2d81464e5e6f2f618bee7033b51f7cf4dea
SHA256 c7cd4a20d66accac17fd215004fa23894dd05a9e7be0f18bf9e27be4dd9b42d6
ssdeep
6144:4bIUuRgSqk1l+4Hb4I2HIEi+nPHawj6gwIRlzLzjzB8Q5LlKTWKnHe1yvsaAEco4:4bHu1+C4Is7zrvzWQ5LlKTWKnHmyvsZB

Bestandsgrootte 488.0 KB ( 499712 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (54.9%)
Win32 Executable MS Visual C++ (generic) (20.8%)
Win64 Executable (generic) (18.5%)
Win32 Executable (generic) (3.0%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-18 19:36:57 UTC (5 jaren, 11 maanden geleden)
Last submission 2013-06-18 19:36:57 UTC (5 jaren, 11 maanden geleden)
Bestandsnamen process.0x86372a38.0x400000.dmp
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications