× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 5abefb43098f9d49a10d9e89e4068d972f8cf3ee86b71038a80cdc9ae72ce7e6
Nazwa pliku: 2269833.exe
Współczynnik wykrycia: 7 / 56
Data analizy: 2014-12-10 15:18:59 UTC ( 3 lata, 4 miesiące temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
AVG Crypt3.BKDN 20141210
Baidu-International Trojan.Win32.Kryptik.bCSMJ 20141210
ESET-NOD32 a variant of Win32/Kryptik.CSMJ 20141210
Kaspersky UDS:DangerousObject.Multi.Generic 20141210
Malwarebytes Trojan.Agent.ED 20141210
Norman Agent.BLKZL 20141210
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141209
Ad-Aware 20141210
AegisLab 20141210
Yandex 20141210
AhnLab-V3 20141210
ALYac 20141210
Antiy-AVL 20141210
Avast 20141210
Avira (no cloud) 20141210
AVware 20141209
BitDefender 20141210
Bkav 20141210
ByteHero 20141210
CAT-QuickHeal 20141210
ClamAV 20141210
CMC 20141208
Comodo 20141210
Cyren 20141210
DrWeb 20141210
Emsisoft 20141210
F-Prot 20141210
F-Secure 20141210
Fortinet 20141210
GData 20141210
Ikarus 20141210
Jiangmin 20141209
K7AntiVirus 20141210
K7GW 20141210
Kingsoft 20141210
McAfee 20141210
McAfee-GW-Edition 20141210
Microsoft 20141210
eScan 20141210
NANO-Antivirus 20141210
nProtect 20141210
Panda 20141210
Qihoo-360 20141210
Sophos AV 20141210
SUPERAntiSpyware 20141210
Symantec 20141210
Tencent 20141210
TheHacker 20141208
TotalDefense 20141210
TrendMicro 20141210
TrendMicro-HouseCall 20141210
VBA32 20141210
VIPRE 20141210
ViRobot 20141210
Zillya 20141210
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-10 09:56:57
Entry Point 0x0003CC9E
Number of sections 6
PE sections
PE imports
AVIBuildFilterA
AVIBuildFilterW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetDriveTypeW
LCMapStringW
VirtualAllocEx
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
FreeEnvironmentStringsW
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetTickCount
SetHandleCount
GetCPInfo
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetFullPathNameA
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetProcessHeap
SetLastError
LeaveCriticalSection
GetWindowThreadProcessId
MapDialogRect
GetForegroundWindow
GetParent
GetLastActivePopup
MessageBoxIndirectA
GetClientRect
IsZoomed
DeferWindowPos
GetDialogBaseUnits
ChildWindowFromPoint
CreateDialogParamA
IsChild
DestroyWindow
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x0000

MachineType
Intel 386 or later, and compatibles

FileOS
Unknown (0)

TimeStamp
2014:12:10 10:56:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
283648

LinkerVersion
10.0

FileSubtype
0

ProductVersionNumber
1.2.0.0

FileTypeExtension
exe

InitializedDataSize
59392

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileVersionNumber
1.2.0.0

EntryPoint
0x3cc9e

UninitializedDataSize
0

ObjectFileType
Unknown

PCAP parents
File identification
MD5 f94b8b3a3d976e21a8a54a115acc0145
SHA1 2178aeae106b4d9a2ef64001ca1f3631bc6fcfa7
SHA256 5abefb43098f9d49a10d9e89e4068d972f8cf3ee86b71038a80cdc9ae72ce7e6
ssdeep
6144:hovpSLx8y/k4p7VelKcKaTbppy2KDY54Ot:hSSLx8y/k45MlvVA2t54Ot

authentihash 0addc423f2aea1515c2a8b53a051605b72e2e39e926a31f2af077806422af400
imphash 12980fc2c8e56692e0dea9d5b0fa73f2
File size 307.5 KB ( 314880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-10 15:18:59 UTC ( 3 lata, 4 miesiące temu )
Last submission 2014-12-11 15:14:00 UTC ( 3 lata, 4 miesiące temu )
Nazwy plików 2269833.exe
804081fdbf6cf675f9c95b708aec6365d015655f
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.