× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: c788dc8de086abb7402683185566813e15a7ff757c3a968c50de2a513049f185
Nazwa pliku: przegladarka.exe
Współczynnik wykrycia: 6 / 45
Data analizy: 2013-03-20 19:41:01 UTC ( 6 lat, 2 miesiące temu )
Antywirus Wynik Uaktualnij
Comodo TrojWare.Win32.Hupigon.ogkx 20130320
Jiangmin Hoax.BAT.ak 20130320
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.J 20130320
TheHacker Posible_Worm32 20130320
TrendMicro PAK_Generic.001 20130320
TrendMicro-HouseCall PAK_Generic.001 20130320
Yandex 20130320
AhnLab-V3 20130320
AntiVir 20130320
Antiy-AVL 20130317
Avast 20130320
AVG 20130320
BitDefender 20130320
ByteHero 20130320
CAT-QuickHeal 20130320
ClamAV 20130320
Commtouch 20130320
DrWeb 20130320
Emsisoft 20130320
eSafe 20130319
ESET-NOD32 20130320
F-Prot 20130320
F-Secure 20130320
Fortinet 20130320
GData 20130320
Ikarus 20130320
K7AntiVirus 20130320
Kaspersky 20130320
Kingsoft 20130318
Malwarebytes 20130320
McAfee 20130320
Microsoft 20130320
eScan 20130320
NANO-Antivirus 20130320
Norman 20130320
nProtect 20130320
Panda 20130320
PCTools 20130320
Sophos AV 20130320
SUPERAntiSpyware 20130320
Symantec 20130320
TotalDefense 20130320
VBA32 20130320
VIPRE 20130320
ViRobot 20130320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-08 13:12:07
Entry Point 0x00016070
Number of sections 3
PE sections
PE imports
InitCommonControls
SetBkColor
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CoInitialize
ShellExecuteExA
PathQuoteSpacesA
IsChild
Number of PE resources by type
RT_ICON 4
RT_RCDATA 3
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:11:08 13:12:07+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
2.5

EntryPoint
0x16070

InitializedDataSize
36864

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
69632

File identification
MD5 75637ed26e2fbec94752cdc23bb5eec6
SHA1 7fbbc85299a45b91f8b9134a72a57ba30cdb323e
SHA256 c788dc8de086abb7402683185566813e15a7ff757c3a968c50de2a513049f185
ssdeep
768:/mOhplcsHvKWzX6HJmFqda7koinbcuyD7U7xL3g9/ZcnO:OOhplcsHv1X6n0Ynouy8d3c2nO

File size 53.0 KB ( 54272 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-03-20 19:10:44 UTC ( 6 lat, 2 miesiące temu )
Last submission 2013-03-20 19:41:01 UTC ( 6 lat, 2 miesiące temu )
Nazwy plików przegladarka.exe
Kubigo Browser.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.