× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 4d986aadd255e0f5c1d8638c87441ef4974402512eb31c670ac1a929cb929e38
Nazwa pliku: YgoLink.exe
Współczynnik wykrycia: 0 / 56
Data analizy: 2016-11-06 14:26:37 UTC ( 8 miesięcy, 2 tygodnie temu )
Antywirus Wynik Uaktualnij
Ad-Aware 20161106
AegisLab 20161106
AhnLab-V3 20161106
Alibaba 20161104
ALYac 20161106
Antiy-AVL 20161106
Arcabit 20161106
Avast 20161106
AVG 20161106
Avira (no cloud) 20161106
AVware 20161106
Baidu 20161104
BitDefender 20161106
Bkav 20161105
CAT-QuickHeal 20161105
ClamAV 20161106
CMC 20161106
Comodo 20161106
CrowdStrike Falcon (ML) 20161024
Cyren 20161106
DrWeb 20161106
Emsisoft 20161106
ESET-NOD32 20161106
F-Prot 20161106
F-Secure 20161106
Fortinet 20161106
GData 20161106
Ikarus 20161106
Sophos ML 20161018
Jiangmin 20161106
K7AntiVirus 20161106
K7GW 20161106
Kaspersky 20161106
Kingsoft 20161106
Malwarebytes 20161106
McAfee 20161106
McAfee-GW-Edition 20161106
Microsoft 20161106
eScan 20161106
NANO-Antivirus 20161106
nProtect 20161106
Panda 20161106
Qihoo-360 20161106
Rising 20161106
Sophos AV 20161106
SUPERAntiSpyware 20161106
Symantec 20161106
Tencent 20161106
TheHacker 20161106
TrendMicro 20161106
TrendMicro-HouseCall 20161106
VBA32 20161105
VIPRE 20161106
ViRobot 20161106
Yandex 20161105
Zillya 20161105
Zoner 20161106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © YgoLink 2012

Product YgoLink
File version 4.4.0.0
Description YgoLink
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-15 15:04:10
Entry Point 0x0001408A
Number of sections 4
PE sections
Overlays
MD5 d2306996cde623e07245f14d824c9b3b
File type data
Offset 262144
Size 10677366
Entropy 7.78
PE imports
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
OpenFileMappingW
LocalAlloc
SetErrorMode
GetFileInformationByHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
CreateMailslotW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
CopyFileW
GetModuleFileNameW
ExitProcess
FlushFileBuffers
InterlockedExchangeAdd
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
GetFullPathNameW
LockFileEx
CreateThread
CreateSemaphoreW
CreateMutexW
MulDiv
GetMailslotInfo
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
UnlockFile
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetTempFileNameW
CreateFileMappingW
GetProfileStringW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
SetEvent
GetTempPathW
CreateEventW
CreateFileW
TlsSetValue
InterlockedIncrement
GetLastError
GetComputerNameW
LockFile
FileTimeToLocalFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
WritePrivateProfileStringW
GetSystemDefaultLangID
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetModuleHandleW
FreeResource
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
strncmp
__p__fmode
malloc
_wcsupr
_lfind
__wgetmainargs
realloc
memset
wcschr
strcat
__dllonexit
_snwprintf
_controlfp
swprintf
towupper
wcscpy
strlen
_vsnwprintf
_except_handler3
??2@YAPAXI@Z
_onexit
wcslen
wcscmp
exit
_XcptFilter
memcmp
__setusermatherr
wcsncpy
__p__commode
_wcmdln
strchr
_wcsicmp
wcspbrk
_wcsnicmp
_adjust_fdiv
_wmakepath
??3@YAXPAX@Z
gmtime
memcpy
wcscat
atoi
vswprintf
free
_initterm
_wstati64
_vsnprintf
__CxxFrameHandler
memmove
wcsrchr
time
iswspace
wcsstr
_exit
_wtoi
vsprintf
__set_app_type
PE exports
Number of PE resources by type
RT_STRING 18
RT_ICON 13
FILEPATH 4
INFOEXE 3
FRAMEWORK 3
RT_DIALOG 1
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 40
NEUTRAL 5
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Version
4.4.0.0

InitializedDataSize
172032

ImageVersion
0.0

ProductName
YgoLink

FileVersionNumber
4.4.0.0

UninitializedDataSize
0

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.4.0.0

TimeStamp
2011:12:15 16:04:10+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.4.0.0

FileDescription
YgoLink

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright YgoLink 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
YgoLink.xyz

CodeSize
86016

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x1408a

ObjectFileType
Executable application

WDVersion
17.0

File identification
MD5 8b26144cac184ec042abfa1eca41015c
SHA1 80a37c8e9684f9bf8e9182237972df76c7ef8d76
SHA256 4d986aadd255e0f5c1d8638c87441ef4974402512eb31c670ac1a929cb929e38
ssdeep
196608:LV6ssypMB8cA0hBFROcDvnmZM4KYKjRib6piJqr186WgVR:pOt+6bzuy4Euwuqru6vv

authentihash d8235398a5011310d9b72863b83ae58e0401b82a8ae8b2c1a96906b4f11e1219
imphash 4e528bbf11972035ef8fbabde9342c80
File size 10.4 MB ( 10939510 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-06 14:26:37 UTC ( 8 miesięcy, 2 tygodnie temu )
Last submission 2016-11-06 14:26:37 UTC ( 8 miesięcy, 2 tygodnie temu )
Nazwy plików YgoLink.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications