× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5
Nazwa pliku: betabot.exe
Współczynnik wykrycia: 30 / 57
Data analizy: 2015-03-26 08:52:36 UTC ( 4 lata, 2 miesiące temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Ad-Aware Gen:Variant.Graftor.101543 20150326
Yandex Trojan.Neurevt!XwBHb7qqPvY 20150325
AhnLab-V3 Trojan/Win32.Neurevt 20150326
ALYac Gen:Variant.Graftor.101543 20150326
Antiy-AVL Trojan/Win32.Pincav 20150326
Avast Win32:Trojan-gen 20150326
AVG Inject2.AMLW 20150326
Avira (no cloud) TR/Crypt.XPACK.Gen 20150326
BitDefender Gen:Variant.Graftor.101543 20150326
Cyren W32/Agent.CC.gen!Eldorado 20150326
DrWeb Trojan.Betabot.3 20150326
Emsisoft Gen:Variant.Graftor.101543 (B) 20150326
ESET-NOD32 a variant of Win32/Neurevt.E 20150326
F-Prot W32/Agent.CC.gen!Eldorado 20150326
F-Secure Gen:Variant.Graftor.101543 20150326
GData Gen:Variant.Graftor.101543 20150326
Ikarus Trojan.Win32.Neurevt 20150326
K7AntiVirus Trojan ( 00499d471 ) 20150326
K7GW Trojan ( 00499d471 ) 20150326
Kaspersky Trojan.Win32.Neurevt.anc 20150326
Kingsoft Win32.Troj.Pincav.cs.(kcloud) 20150326
Malwarebytes Trojan.Agent.ED 20150326
Microsoft Trojan:Win32/Neurevt 20150326
eScan Gen:Variant.Graftor.101543 20150326
NANO-Antivirus Virus.Win32.Gen.ccmw 20150326
Rising PE:Worm.Rebhip!1.64F0 20150325
Tencent Trojan.Win32.Qudamah.Gen.7 20150326
TotalDefense Win32/Tnega.FNVcESB 20150325
VBA32 Trojan.Pincav 20150325
Zillya Trojan.Pincav.Win32.24196 20150325
AegisLab 20150326
Alibaba 20150326
AVware 20150326
Baidu-International 20150326
Bkav 20150325
ByteHero 20150326
CAT-QuickHeal 20150326
ClamAV 20150326
CMC 20150325
Comodo 20150326
Fortinet 20150326
Jiangmin 20150325
McAfee 20150326
McAfee-GW-Edition 20150326
Norman 20150326
nProtect 20150325
Panda 20150325
Qihoo-360 20150326
Sophos AV 20150326
SUPERAntiSpyware 20150326
Symantec 20150326
TheHacker 20150324
TrendMicro 20150326
TrendMicro-HouseCall 20150326
VIPRE 20150326
ViRobot 20150326
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-20 01:58:45
Entry Point 0x00024876
Number of sections 5
PE sections
Overlays
MD5 631e32e42d105520ed0b8d86029a7bc5
File type ASCII text
Offset 524289
Size 20479
Entropy 0.00
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:01:20 02:58:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
189952

LinkerVersion
10.0

EntryPoint
0x24876

InitializedDataSize
62976

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d4728e2a8f6b5bf2c72651136c1a6a1a
SHA1 419b75320f7b5d7693450a648ce4415e9039417d
SHA256 19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5
ssdeep
3072:gPMykrmxFYB7d8ltTequ6mmSRGTDPI5HaeFrZalG8iG18qtTPH+An54kj4d9MMcJ:exFE7cBeqEJMDPIxPAsDVQkPGW

authentihash db10c416ef5eeac6b20cffcd8da85061f3787d40e25893dddb68fc4689bb6b4c
File size 532.0 KB ( 544768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
corrupt peexe overlay

VirusTotal metadata
First submission 2015-03-26 08:52:36 UTC ( 4 lata, 2 miesiące temu )
Last submission 2015-11-29 05:37:44 UTC ( 3 lata, 5 miesięcy temu )
Nazwy plików betabot.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications