× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 992e76e31499679c5415397a5a56f046de7d168d7059865e8f4a2fdd687081ad
Nazwa pliku: C$~Program Files (x86)~FastDataX~FastDataX.exe
Współczynnik wykrycia: 48 / 70
Data analizy: 2018-12-22 18:26:41 UTC ( 5 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Acronis malware 20180726
Ad-Aware Trojan.GenericKD.12794351 20181222
AhnLab-V3 Adware/Win32.Adposhel.C2409961 20181222
ALYac Trojan.GenericKD.12794351 20181222
Arcabit Trojan.Generic.DC339EF 20181222
Avira (no cloud) ADWARE/Agent.nmpsa 20181222
BitDefender Trojan.GenericKD.12794351 20181222
CAT-QuickHeal Trojan.Generic 20181222
Comodo ApplicUnwnt@#2a4s144346p84 20181222
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.f894d0 20180225
Cylance Unsafe 20181222
Cyren W32/Trojan.NAFS-4271 20181222
DrWeb Trojan.DnsChange.8206 20181222
Emsisoft Application.FastData (A) 20181222
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Adware.Adposhel.AM.gen 20181222
F-Secure Trojan.GenericKD.12794351 20181222
Fortinet Riskware/Adposhel 20181222
GData Trojan.GenericKD.12794351 20181222
Ikarus PUA.Adposhel.Am 20181222
Sophos ML heuristic 20181128
Jiangmin AdWare.Adposhel.nh 20181222
K7AntiVirus Adware ( 0052170b1 ) 20181222
K7GW Adware ( 0052170b1 ) 20181222
Kaspersky not-a-virus:HEUR:AdWare.Win32.Generic 20181222
Malwarebytes Adware.Adposhel 20181222
MAX malware (ai score=95) 20181222
McAfee GenericRXDW-IN!B1D8601F894D 20181222
McAfee-GW-Edition GenericRXDW-IN!B1D8601F894D 20181222
Microsoft PUA:Win32/FastDataX 20181222
eScan Trojan.GenericKD.12794351 20181222
NANO-Antivirus Trojan.Win32.DnsChange.ewyvsh 20181222
Panda Generic Malware 20181222
Qihoo-360 Win32/Virus.Adware.b53 20181222
Rising Malware.Undefined!8.C (CLOUD) 20181222
Sophos AV Generic PUA HJ (PUA) 20181222
SUPERAntiSpyware Adware.Adposhel/Variant 20181220
Symantec Trojan.Gen.2 20181222
Tencent Win32.Adware.Generic.Pfsy 20181222
TrendMicro TROJ_GEN.R002C0OHF18 20181222
TrendMicro-HouseCall TROJ_GEN.R002C0OHF18 20181222
VBA32 BScope.Malware-Cryptor.Kidep 20181222
ViRobot Adware.Adposhel.1045144 20181222
Webroot Adware.Fastdata.X 20181222
Yandex PUA.Agent! 20181221
Zillya Adware.Adposhel.Win32.62788 20181222
ZoneAlarm by Check Point not-a-virus:HEUR:AdWare.Win32.Generic 20181222
AegisLab 20181222
Alibaba 20180921
Antiy-AVL 20181222
Avast 20181222
Avast-Mobile 20181222
AVG 20181222
Babable 20180918
Baidu 20181207
Bkav 20181221
ClamAV 20181222
CMC 20181221
eGambit 20181222
F-Prot 20181222
Kingsoft 20181222
Palo Alto Networks (Known Signatures) 20181222
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181215
TACHYON 20181222
TheHacker 20181220
TotalDefense 20181222
Trapmine 20181205
Trustlook 20181222
Zoner 20181222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 2:36 PM 1/8/2018
Signers
[+] PRIVATELY OWNED ENTERPRISE "SINETEKO"
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer thawte SHA256 Code Signing CA
Valid from 12:00 AM 07/28/2017
Valid to 11:59 PM 07/28/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CBB2468CF99CECEA3396F1D268352C24A79901CB
Serial number 19 C0 08 6F BB 66 40 2D 8C 45 EA 8C 7C 6E CD 10
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 11/17/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-08 08:21:09
Entry Point 0x00029D6E
Number of sections 5
PE sections
Overlays
MD5 642a1f0eb3d99b2a9f843ebacbe0b836
File type data
Offset 1039360
Size 5784
Entropy 7.39
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
GetTokenInformation
DuplicateTokenEx
GetUserNameW
RegEnumKeyExW
GetSecurityDescriptorSacl
CreateProcessAsUserW
SetEntriesInAclW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueA
IpRenewAddress
GetNetworkParams
GetAdaptersInfo
IpReleaseAddress
GetPerAdapterInfo
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindFirstFileW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
LocalFree
CreateEventW
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
TlsGetValue
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
FreeLibrary
GetVolumeInformationA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
GetModuleHandleA
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetWindowsDirectoryW
GetFileSize
Process32First
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
CompareStringW
GetModuleFileNameW
FindFirstFileExA
FindNextFileW
ResetEvent
FindNextFileA
IsValidLocale
DuplicateHandle
GetProcAddress
SetEvent
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
GetShortPathNameA
Module32FirstW
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
GetLongPathNameA
Sleep
SafeArrayLock
SafeArrayCreate
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayUnlock
VariantInit
SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SHGetFolderPathW
GetDesktopWindow
PeekMessageW
DispatchMessageW
GetWindowRect
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
getaddrinfo
htonl
accept
WSAStartup
freeaddrinfo
connect
shutdown
htons
select
gethostname
recv
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
WSAEventSelect
gethostbyname
getpeername
WSACleanup
closesocket
socket
bind
recvfrom
sendto
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:11:08 09:21:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
398848

LinkerVersion
14.11

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
643584

SubsystemVersion
5.1

EntryPoint
0x29d6e

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 b1d8601f894d04afe7bc38e734a82255
SHA1 7994bacca80810aaabbef30d36de179f1faf18bb
SHA256 992e76e31499679c5415397a5a56f046de7d168d7059865e8f4a2fdd687081ad
ssdeep
24576:kK4Qle2x5bDl1N+bNJX7MA0c9vxkH3tUZnS:kK4QleYd4fD9a9UZnS

authentihash 2d99db508733a7b9d4ead73fb353dede8f400126098b7858e20728e6c92c6940
imphash 27bbd8f68e4f25bd2e33c42b4d8b210a
File size 1020.6 KB ( 1045144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-01-10 04:32:26 UTC ( 1 rok, 4 miesiące temu )
Last submission 2018-05-25 15:50:46 UTC ( 1 rok temu )
Nazwy plików FastDataX.exe
fastdatax.exe
FASTDA~1.EXE
FastDataX.exe
FastDataX.exe
FastDataX.exe
FastDataX.exe
992e76e31499679c5415397a5a56f046de7d168d7059865e8f4a2fdd687081ad.bin
992e76e31499679c_FastDataX.exe
FastDataX.exe
FastDataX.exe
fastdatax.exe
FASTDA~1.EXE
flareFile
FastDataX.exe
C$~Program Files (x86)~FastDataX~FastDataX.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs