× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 2f16a1a7f66c4291d67cf1a1b967c76d9f1555ed35e9b2c413ea02e00db84304
Nazwa pliku: Gully.exe
Współczynnik wykrycia: 54 / 67
Data analizy: 2017-11-01 01:50:32 UTC ( 1 miesiąc, 1 tydzień temu )
Antywirus Wynik Uaktualnij
Ad-Aware Gen:Variant.Kazy.166603 20171101
AegisLab Backdoor.W32.Azbreg.ubw!c 20171101
AhnLab-V3 Downloader/Win32.Dofoil.R65395 20171031
ALYac Gen:Variant.Kazy.166603 20171101
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20171101
Arcabit Trojan.Kazy.D28ACB 20171031
Avast Win32:Malware-gen 20171101
AVG Win32:Malware-gen 20171101
Avira (no cloud) TR/Crypt.XPACK.Gen8 20171031
AVware Trojan.Win32.Zbocheman.fb (v) 20171101
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9924 20171031
BitDefender Gen:Variant.Kazy.166603 20171101
Bkav W32.GenericDorkbotF.Trojan 20171031
CAT-QuickHeal Worm.HamweqBot 20171031
Comodo TrojWare.Win32.Kryptik.AZFP 20171101
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171101
Cyren W32/Trojan.XCFO-3673 20171101
DrWeb BackDoor.Ddoser.131 20171101
Emsisoft Gen:Variant.Kazy.166603 (B) 20171101
ESET-NOD32 Win32/AutoRun.KS 20171031
F-Secure Gen:Variant.Kazy.166603 20171101
Fortinet W32/Kryptik.AX!tr 20171101
GData Gen:Variant.Kazy.166603 20171101
Ikarus Trojan-Ransom.Win32.Gimemo 20171031
Sophos ML heuristic 20170914
Jiangmin Backdoor/Azbreg.aoe 20171101
Kaspersky Backdoor.Win32.Azbreg.ubw 20171031
MAX malware (ai score=100) 20171101
McAfee Artemis!085F286A6F2C 20171031
McAfee-GW-Edition PWS-Zbot-FAUE!028AA5F1D4BE 20171031
Microsoft Worm:Win32/Hamweq 20171031
eScan Gen:Variant.Kazy.166603 20171031
NANO-Antivirus Trojan.Win32.Azbreg.cunbvk 20171031
nProtect Backdoor/W32.Azbreg.41984 20171101
Palo Alto Networks (Known Signatures) generic.ml 20171101
Panda Trj/Dtcontx.D 20171031
Qihoo-360 Win32/Backdoor.389 20171101
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Troj/Agent-ABIP 20171031
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20171101
Symantec W32.Pilleuz 20171101
Tencent Win32.Backdoor.Azbreg.Eyp 20171101
TheHacker Posible_Worm32 20171031
TotalDefense Win32/Tnega.ASAZ 20171031
TrendMicro TROJ_IRCBRUTE.BC 20171031
TrendMicro-HouseCall TROJ_IRCBRUTE.BC 20171031
VBA32 BScope.Trojan.MTA.2507 20171031
VIPRE Trojan.Win32.Zbocheman.fb (v) 20171101
Webroot Trojan.Dropper.Gen 20171101
Yandex Backdoor.Azbreg!aanmHZdZk9A 20171031
Zillya Backdoor.Azbreg.Win32.1985 20171031
ZoneAlarm by Check Point Backdoor.Win32.Azbreg.ubw 20171101
Alibaba 20170911
Avast-Mobile 20171031
ClamAV 20171031
CMC 20171031
Endgame 20171024
F-Prot 20171101
K7AntiVirus 20171031
K7GW 20171101
Kingsoft 20171101
Malwarebytes 20171031
Rising 20171101
Symantec Mobile Insight 20171101
Trustlook 20171101
ViRobot 20171031
WhiteArmor 20171024
Zoner 20171101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Sappy 2000 2010

Original name Gully.exe
File version 3, 7, 9
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-03 03:22:58
Entry Point 0x0017BFC0
Number of sections 3
PE sections
PE imports
SetBrushOrgEx
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
RT_DLGINCLUDE 16
RT_DIALOG 13
RT_VERSION 1
Number of PE resources by language
SPANISH COSTA RICA 30
PE resources
ExifTool file metadata
EDpDJvWBMUreoSWMgbSe
IPIRkOrkWMKOcRjJxbx2

SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileVersionNumber
3.7.0.0

JJiUflpA5hv
NmdU3KMyDFG

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LegalCopyright
Sappy 2000 2010

CharacterSet
Unicode

InitializedDataSize
4096

nfsNFqo4u8
8ProLidTplp

EntryPoint
0x17bfc0

Tag5K3apinproNFb1YMgRI
tj2ugQcxNDv7H

OriginalFileName
Gully.exe

MIMEType
application/octet-stream

J1LM7HSgIJASIedWQAGO
mto8keXPXbprb8WYrrXR

FileVersion
3, 7, 9

TimeStamp
2005:07:03 04:22:58+01:00

FileType
Win32 EXE

PEType
PE32

SRqxJ7DFMfAAWEt
4yy3DcW4whHHrNN

ProductVersion
3 7 502

hGBxcIgX3r16bsKUewD
VxiwFQjq1aQu

UninitializedDataSize
1515520

MachineType
Intel 386 or later, and compatibles

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

Tag2QoUvGNpRJqTolnCkRH
JGJftcHFDV

uJVvSFKGC21sLmsXN8
mgiYvT1eInT2DYx

fiBMkEJvEWPB5MRgIWev
NYVC62LkdUBMDwGf

CompanyName
He&m

CodeSize
40960

FileSubtype
0

ProductVersionNumber
3.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

u6Nro15J5knIn
axferH83jt3w8Q4

l3MtiF2kHQ3EsjodFu6
g4bJRmOC4VGL3SIW

File identification
MD5 085f286a6f2c31943aff11f301684b74
SHA1 b3e86c139d779aa3b715380af751c73e28016440
SHA256 2f16a1a7f66c4291d67cf1a1b967c76d9f1555ed35e9b2c413ea02e00db84304
ssdeep
768:JkRxwKSbI/hSYfPTavBQwZLLLrS7QvlieRaAVlpMauq28nblG:aRG3StDav2w9vlfaAVYa3285

authentihash 156ab63c6c89ef45e146e5eb40461933db8b52f347f0c5b4d917721aa8c023f1
imphash eff659f95d8517fd146fbb6f239133e7
File size 41.0 KB ( 41984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-04-20 16:40:07 UTC ( 4 lata, 7 miesięcy temu )
Last submission 2015-09-29 04:31:07 UTC ( 2 lata, 2 miesiące temu )
Nazwy plików aa
2f16a1a7f66c4291d67cf1a1b967c76d9f1555ed35e9b2c413ea02e00db84304-41984
t2.exe
jNMd8yO.wbs
SEGSDPL.jpeg
085f286a6f2c31943aff11f301684b74
Gully.exe
hostsn.exe
hostsn.exeê
B2605.exe
sample.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Code injections in the following processes
Runtime DLLs
DNS requests
TCP connections