× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 693f6883a87e765eb4758d1aff3090aad712b6e7594758aa8f6c58a42afaff45
Nazwa pliku: Office_app.exe.dat
Współczynnik wykrycia: 3 / 56
Data analizy: 2015-09-14 14:49:10 UTC ( 3 lata, 7 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
GData Win32.Trojan.Emotet.R 20150914
Malwarebytes Trojan.Dropper.SFX 20150914
Zoner Trojan. 20150914
Ad-Aware 20150914
AegisLab 20150914
Yandex 20150914
AhnLab-V3 20150914
Alibaba 20150914
ALYac 20150914
Antiy-AVL 20150914
Arcabit 20150914
Avast 20150914
AVG 20150914
Avira (no cloud) 20150914
AVware 20150914
Baidu-International 20150914
BitDefender 20150914
Bkav 20150912
ByteHero 20150914
CAT-QuickHeal 20150914
ClamAV 20150914
CMC 20150910
Comodo 20150914
Cyren 20150914
DrWeb 20150914
Emsisoft 20150914
ESET-NOD32 20150914
F-Prot 20150914
F-Secure 20150914
Fortinet 20150914
Ikarus 20150914
Jiangmin 20150913
K7AntiVirus 20150914
K7GW 20150914
Kaspersky 20150914
Kingsoft 20150914
McAfee 20150914
McAfee-GW-Edition 20150914
Microsoft 20150914
eScan 20150914
NANO-Antivirus 20150914
nProtect 20150914
Panda 20150914
Qihoo-360 20150914
Rising 20150913
Sophos AV 20150914
SUPERAntiSpyware 20150912
Symantec 20150913
Tencent 20150914
TheHacker 20150914
TrendMicro 20150914
TrendMicro-HouseCall 20150914
VBA32 20150914
VIPRE 20150914
ViRobot 20150914
Zillya 20150914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Internet Explorer
Original name WEXTRACT.EXE .MUI
Internal name Wextract
File version 11.00.9600.16384 (winblue_rtm.130821-1623)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT CAB, UTF-8, SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-22 04:01:48
Entry Point 0x000067CC
Number of sections 5
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
Ord(23)
Ord(20)
Ord(21)
Ord(22)
GetDeviceCaps
GetLastError
IsDBCSLeadByte
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
TerminateThread
GetDiskFreeSpaceA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LockResource
SetEvent
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
LocalFileTimeToFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
_llseek
GetProcAddress
GetSystemInfo
CreateMutexA
GetModuleHandleA
GetTempPathA
CreateThread
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
OutputDebugStringA
SetUnhandledExceptionFilter
WriteFile
_lopen
_lclose
CompareStringA
GetTempFileNameA
EnumResourceLanguagesA
FindNextFileA
GetSystemDirectoryA
GlobalLock
GetModuleHandleW
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
GetDriveTypeA
LocalFree
TerminateProcess
CreateProcessA
GetModuleFileNameA
GetExitCodeProcess
ResetEvent
GetWindowsDirectoryA
LoadResource
GlobalAlloc
CreateEventA
FindClose
Sleep
FormatMessageA
GetTickCount
CreateFileA
GetCurrentThreadId
GetVersion
FindResourceA
SetCurrentDirectoryA
CloseHandle
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_cexit
?terminate@@YAXXZ
_vsnprintf
_ismbblead
__p__fmode
_exit
_acmdln
memset
__p__commode
_errno
_amsg_exit
exit
_XcptFilter
__setusermatherr
__getmainargs
_initterm
_controlfp
memcpy
__set_app_type
Number of PE resources by type
RT_RCDATA 14
RT_DIALOG 6
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 29
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
6.3

FileSubtype
0

FileVersionNumber
11.0.9600.16384

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2178048

EntryPoint
0x67cc

OriginalFileName
WEXTRACT.EXE .MUI

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.16384 (winblue_rtm.130821-1623)

TimeStamp
2013:08:22 05:01:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
11.00.9600.16384

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
6.3

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
26112

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.16384

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 504e0594dcce6acbdcdfbb844521be5f
SHA1 ecd4b568e72cc4a170d63dacddf501e62f6f5349
SHA256 693f6883a87e765eb4758d1aff3090aad712b6e7594758aa8f6c58a42afaff45
ssdeep
49152:UQsHM6G5pGuduWyOvqdLC0+n7QUP8hYJuoI9Hu5OW:ceGo9PvqZC0I7NJuB2OW

authentihash a812a0d07c092eb181ac2b6022991dda838bc3c001bddf74e1f278d1b15f1702
imphash bc70c4fa605f17c85050b7c7b6d42e44
File size 2.1 MB ( 2205184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (86.7%)
Win32 Executable MS Visual C++ (generic) (8.9%)
Win32 Dynamic Link Library (generic) (1.8%)
Win32 Executable (generic) (1.2%)
Generic Win/DOS Executable (0.5%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-14 14:49:10 UTC ( 3 lata, 7 miesięcy temu )
Last submission 2015-09-15 22:34:03 UTC ( 3 lata, 7 miesięcy temu )
Nazwy plików office_app.exe
Office_app.exe
1.exe
d462080683e0e329dae2937717207468c4233dac
Office_app.exe.dat
Wextract
WEXTRACT.EXE .MUI
1 (2).exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.