× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: ae129465303e3cec3a02372caa8fc1a4dbe2ae70d1083f1e01971f8ff2e4ab46
Nazwa pliku: BankDocuments_FE0274A4593F58683C1949896834F3293985983594769465329...
Współczynnik wykrycia: 7 / 47
Data analizy: 2014-01-07 16:56:46 UTC ( 5 lat, 3 miesiące temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Bkav W32.Clod571.Trojan.fe35 20140107
ESET-NOD32 a variant of Win32/Injector.AUVV 20140107
Malwarebytes Trojan.Agent.ED 20140107
McAfee PWSZbot-FMU!8F24720E4D08 20140107
McAfee-GW-Edition Artemis!8F24720E4D08 20140107
Norman Upatre.AY 20140107
Sophos AV Mal/Generic-S 20140107
Ad-Aware 20140107
Yandex 20140107
AhnLab-V3 20140107
AntiVir 20140107
Antiy-AVL 20140107
Avast 20140107
AVG 20140107
Baidu-International 20131213
BitDefender 20140107
ByteHero 20131227
CAT-QuickHeal 20140107
ClamAV 20140107
Commtouch 20140107
Comodo 20140107
DrWeb 20140107
Emsisoft 20140107
F-Prot 20140107
Fortinet 20140107
GData 20140107
Ikarus 20140107
Jiangmin 20140107
K7AntiVirus 20140107
K7GW 20140107
Kaspersky 20140107
Kingsoft 20130829
Microsoft 20140107
eScan 20140107
NANO-Antivirus 20140107
nProtect 20140107
Panda 20140107
Rising 20140107
SUPERAntiSpyware 20140107
Symantec 20140106
TheHacker 20140107
TotalDefense 20140107
TrendMicro 20140107
TrendMicro-HouseCall 20140107
VBA32 20140105
VIPRE 20140107
ViRobot 20140107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-06 09:49:41
Entry Point 0x00001FA0
Number of sections 5
PE sections
PE imports
GetModuleFileNameA
CreateFileW
Ord(3820)
Ord(4726)
Ord(4525)
Ord(5276)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(1719)
Ord(4880)
Ord(527)
Ord(2980)
Ord(3386)
Ord(6371)
Ord(3907)
Ord(2486)
Ord(3394)
Ord(5237)
Ord(4891)
Ord(5208)
Ord(4073)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5006)
Ord(3733)
Ord(5736)
Ord(2244)
Ord(4934)
Ord(4523)
Ord(5247)
Ord(5727)
Ord(4362)
Ord(5303)
Ord(3744)
Ord(1822)
Ord(3449)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(978)
Ord(3917)
Ord(4717)
Ord(2392)
Ord(1833)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2717)
Ord(5236)
Ord(4418)
Ord(6228)
Ord(2382)
Ord(2388)
Ord(5277)
Ord(5256)
Ord(6144)
Ord(6222)
Ord(6332)
Ord(4343)
Ord(2502)
Ord(6372)
Ord(3345)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2559)
Ord(6195)
Ord(4381)
Ord(338)
Ord(1724)
Ord(6264)
Ord(794)
Ord(4955)
Ord(561)
Ord(4526)
Ord(4234)
Ord(5473)
Ord(825)
Ord(4932)
Ord(4604)
Ord(5710)
Ord(641)
Ord(2390)
Ord(4146)
Ord(4401)
Ord(2242)
Ord(2874)
Ord(540)
Ord(6050)
Ord(3076)
Ord(2503)
Ord(1716)
Ord(4335)
Ord(4692)
Ord(4886)
Ord(1767)
Ord(384)
Ord(4831)
Ord(4480)
Ord(4229)
Ord(5055)
Ord(344)
Ord(823)
Ord(6267)
Ord(6048)
Ord(2047)
Ord(4537)
Ord(4954)
Ord(813)
Ord(2504)
Ord(5257)
Ord(800)
Ord(5157)
Ord(4852)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(4334)
Ord(1934)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(554)
Ord(3729)
Ord(324)
Ord(2619)
Ord(2575)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(1718)
Ord(4714)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(796)
Ord(4957)
Ord(674)
Ord(4527)
Ord(5070)
Ord(4236)
Ord(2746)
Ord(2618)
Ord(657)
Ord(4606)
Ord(3715)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(2535)
Ord(2560)
Ord(4414)
Ord(2410)
Ord(858)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(686)
Ord(3476)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2857)
Ord(4397)
Ord(2640)
Ord(303)
Ord(2109)
Ord(3298)
Ord(4421)
Ord(6226)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4434)
Ord(4451)
Ord(2421)
Ord(5193)
Ord(5273)
Ord(4582)
Ord(2878)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(5249)
Ord(296)
Ord(2391)
Ord(5296)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(5097)
Ord(3826)
Ord(3252)
Ord(2971)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5255)
Ord(5094)
Ord(4420)
Ord(3220)
Ord(520)
Ord(4364)
Ord(4435)
Ord(1172)
Ord(4267)
Ord(4830)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(3743)
Ord(6617)
Ord(2536)
Ord(986)
Ord(5813)
Ord(4239)
Ord(3054)
Ord(975)
Ord(6113)
Ord(4958)
Ord(3131)
Ord(4154)
Ord(364)
Ord(5059)
Ord(1841)
Ord(617)
__CxxFrameHandler
malloc
fread
fseek
fclose
__dllonexit
_onexit
ftell
rewind
fopen
RedrawWindow
SetWindowLongW
SendMessageW
GetWindowRect
InflateRect
EnableWindow
UpdateWindow
GetWindowLongW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:01:06 10:49:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1fa0

InitializedDataSize
90112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8f24720e4d08c986c0fe07a66ccf8380
SHA1 c50f4e747ade2962332186090443a38f829630f9
SHA256 ae129465303e3cec3a02372caa8fc1a4dbe2ae70d1083f1e01971f8ff2e4ab46
ssdeep
1536:CPH5J/PGBCBQnZd3V5iKLmWUWFD43FJLdYYteWvCCMW2dCeXZIu/9b:C/5NtGoCU46L+Ytek2ddZIulb

authentihash 970b089d7291adcc21fd8dbcdce9d231e885d5a1868799f94258084529b72f4b
imphash 12a0954febc90a6e0d6e2102974ca2dc
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-07 15:15:43 UTC ( 5 lat, 3 miesiące temu )
Last submission 2018-10-09 11:06:29 UTC ( 6 miesięcy, 1 tydzień temu )
Nazwy plików BankDocuments_FE0274A4593F58683C1949896834F32939859835947694653298321744361597236489231640913264.pdf.exe
c-4c764-1250-1389107701
bank.exe
BankDocuments_FE0274A4593F58683C1949896834F32939859835947694653298321744361597236489231640913264.pdf.exe
BankDocuments_FE0274A4593F58683C1949896834F32939859835947694653298321744361597236489231640913264.pdf[6696704].exe
8f24720e4d08c986c0fe07a66ccf8380.malware
8f24720e4d08c986c0fe07a66ccf8380.PE_
ae129465303e3cec3a02372caa8fc1a4dbe2ae70d1083f1e01971f8ff2e4ab46
BankDocuments_FE0274A4593F58683C1949896834F32939859835947694653298321744361597236489231640913264.pdf.exe-2014-01-08.04-56-01.txt
file-6447642_exe
ebe9a540b34ba8a3a1baacd7bf34de60b7bfb15a
BankDocuments_FE0274A4593F58683C1949896834F32939859835947694653298321744361597236489231640913264.pdf.exe
Upatre.vxe
BankDocuments_FE0274A4593F58683C1949896834F32939859835947694653298321744361597236489231640913264.pdf.exee
C50F4E747ADE2962332186090443A38F829630F9.vvv
8f24720e4d08c986c0fe07a66ccf8380.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications