× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: ebba01c5a7f74b7dd084723a5747139cd9930ca9e14fa416f5f7b9284572c0f5
Nazwa pliku: vti-rescan
Współczynnik wykrycia: 32 / 46
Data analizy: 2013-08-19 14:24:47 UTC ( 5 lat, 9 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Yandex Rootkit.Avatar!pjqpSiZfi/E 20130819
AhnLab-V3 Backdoor/Win32.Avatar 20130819
AntiVir TR/Crypt.Xpack.24949 20130819
Antiy-AVL Trojan/Win32.Avatar 20130819
Avast Win32:Malware-gen 20130819
AVG Generic33.CEZS 20130819
BitDefender Gen:Variant.Kazy.224808 20130819
CAT-QuickHeal Trojan.Meredrop 20130819
Commtouch W32/Trojan.PXOT-8501 20130819
Comodo UnclassifiedMalware 20130819
DrWeb Trojan.Siggen5.35969 20130819
Emsisoft Gen:Variant.Kazy.224808 (B) 20130819
ESET-NOD32 Win32/Rootkit.Avatar 20130819
F-Secure Gen:Variant.Kazy.224879 20130819
Fortinet W32/Kryptik.BC!tr 20130819
GData Gen:Variant.Kazy.224808 20130819
Ikarus Trojan.Win32.Meredrop 20130819
Kaspersky Rootkit.Win32.Avatar.j 20130819
Malwarebytes Trojan.Agent 20130819
McAfee RDN/Generic Dropper!qh 20130819
McAfee-GW-Edition RDN/Generic Dropper!qh 20130819
Microsoft Trojan:Win32/Meredrop 20130819
eScan Gen:Variant.Kazy.224808 20130819
Norman Suspicious_Gen4.EKOCW 20130819
nProtect Trojan/W32.Rootkit.149504.E 20130816
Panda Trj/CI.A 20130819
Sophos AV Mal/Generic-S 20130819
Symantec WS.Reputation.1 20130819
TrendMicro TROJ_SPNR.15HD13 20130819
TrendMicro-HouseCall TROJ_SPNR.15HD13 20130819
VBA32 Rootkit.Avatar 20130819
VIPRE Lookslike.Win32.Sirefef.wa (v) 20130819
ByteHero 20130814
ClamAV 20130819
F-Prot 20130819
Jiangmin 20130819
K7AntiVirus 20130817
K7GW 20130816
Kingsoft 20130723
NANO-Antivirus 20130819
PCTools 20130819
Rising 20130819
SUPERAntiSpyware 20130819
TheHacker 20130819
TotalDefense 20130816
ViRobot 20130819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MolyINCER © SoftWare © 2012

Product MolyINCER © SoftWare
Original name fzndtnu.exe
Internal name fzndtnu
File version a 6 RC214.177530114.215
Description MolyINCER © SoftWare
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-22 00:57:11
Entry Point 0x0000353D
Number of sections 6
PE sections
PE imports
DirectPlay8Create
GetTextColor
GetTextFaceA
SetFilePointer
HeapSize
GetSystemWindowsDirectoryA
EnumUILanguagesA
GetShortPathNameW
VirtualAllocEx
FindNextVolumeA
GetProcessWorkingSetSize
SetPriorityClass
GetEnvironmentStringsA
PurgeComm
QueryPerformanceCounter
UnregisterWaitEx
ReplaceFileA
GetVolumePathNameA
ReadConsoleOutputCharacterA
EndUpdateResourceA
GetVersionExA
LockFile
GetConsoleKeyboardLayoutNameA
UpdateResourceA
HeapSetInformation
GetCurrentProcess
UnlockFile
LockFileEx
GetConsoleMode
ChangeTimerQueueTimer
CopyFileExA
GetConsoleCursorInfo
SetVolumeMountPointA
SetupComm
GetCurrentDirectoryA
SetErrorMode
MultiByteToWideChar
EnumTimeFormatsA
GetVolumePathNamesForVolumeNameA
GetFileInformationByHandle
GetConsoleTitleA
QueryDosDeviceA
GetConsoleCharType
OpenMutexA
SetStdHandle
GetCommModemStatus
GetModuleHandleA
GetTempPathA
VerifyVersionInfoA
ReleaseSemaphore
GetThreadIOPendingFlag
OpenProcess
WriteConsoleOutputA
lstrcmpA
ExpungeConsoleCommandHistoryA
ReadFile
WritePrivateProfileStructA
GlobalAddAtomA
lstrcpyA
GetCommTimeouts
ResetEvent
CreateWaitableTimerA
UnlockFileEx
DuplicateHandle
GetDiskFreeSpaceA
GetEnvironmentVariableA
SetEnvironmentVariableA
ReadConsoleA
GetSystemTimeAdjustment
GetDefaultCommConfigA
GetDiskFreeSpaceExA
AllocConsole
SetCommConfig
GetProcessShutdownParameters
GetTimeZoneInformation
ResetWriteWatch
WriteConsoleOutputCharacterA
FindAtomA
DeleteTimerQueue
SetEndOfFile
ReadFileEx
IsBadCodePtr
SetMailslotInfo
IsBadReadPtr
VirtualAlloc
HeapCreate
CloseHandle
glEdgeFlagPointer
RedrawWindow
ChangeDisplaySettingsA
PostQuitMessage
SetMenuItemInfoA
CharUpperBuffA
RegisterShellHookWindow
GetMessageTime
OpenWindowStationA
GetMenuItemID
LockWorkStation
DefFrameProcA
ToAscii
AllowSetForegroundWindow
SetMenuDefaultItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
DrawFrame
GetActiveWindow
EnumPropsExW
LoadImageA
ScrollWindow
GetWindowTextA
EnumPropsExA
DestroyWindow
GetKeyNameTextA
GetCursorInfo
CallMsgFilterA
CreateCaret
GetClassInfoExA
GetRawInputDeviceList
ShowWindow
RegisterUserApiHook
UnregisterUserApiHook
GetTabbedTextExtentA
EnableWindow
LockWindowUpdate
GetDlgItemTextA
TranslateMessage
InsertMenuItemA
EditWndProc
PaintDesktop
AllowForegroundActivation
CloseWindow
DrawMenuBar
EnumDisplaySettingsExA
OpenDesktopA
GetWindowLongA
IsChild
IsDialogMessageA
SetFocus
DrawAnimatedRects
BeginPaint
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
SetMenuContextHelpId
QuerySendMessage
MapWindowPoints
CharLowerA
DialogBoxIndirectParamAorW
SetWindowLongA
SetSysColorsTemp
DrawIconEx
GetRawInputData
CreateDialogParamA
UnloadKeyboardLayout
FindWindowExA
GetLayeredWindowAttributes
UnregisterMessagePumpHook
GetScrollRange
GetCapture
SetWinEventHook
PrivateExtractIconsA
MessageBoxExA
DrawFrameControl
RegisterClipboardFormatA
MoveWindow
CascadeChildWindows
LockWindowStation
CopyImage
SystemParametersInfoA
UpdateLayeredWindow
SetClassWord
GetAltTabInfoA
CreateMDIWindowA
UnpackDDElParam
FrameRect
GetCursor
CloseClipboard
GetAncestor
Number of PE resources by type
VARION 4
RT_VERSION 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.71

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
137728

EntryPoint
0x353d

OriginalFileName
fzndtnu.exe

MIMEType
application/octet-stream

LegalCopyright
MolyINCER SoftWare 2012

FileVersion
a 6 RC214.177530114.215

TimeStamp
2013:06:22 01:57:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
fzndtnu

ProductVersion
1208.8296 RelC

FileDescription
MolyINCER SoftWare

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MolyINCER SoftWare

CodeSize
10752

ProductName
MolyINCER SoftWare

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8dc955fa572fb8ad9d253e344c041bc0
SHA1 4b8a61e4eb1e9bdd67d5e82a4c6c71ce842c9710
SHA256 ebba01c5a7f74b7dd084723a5747139cd9930ca9e14fa416f5f7b9284572c0f5
ssdeep
3072:6nmV8t52fzGY7rOCenXhXhgVhv36SkNz2WkM8+i/IO8jqvUQ0rN9Yti3MV:X+UzGYfoRXhgPxoDCWjYW9Yi3

authentihash 2674d16b49a323b15243d9b6fee6b8bf5518cd5d279eb32cc573b8bdf6924843
imphash 92138e3367495cfb6b010a20e3bd2212
File size 146.0 KB ( 149504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-11 13:57:01 UTC ( 5 lat, 10 miesięcy temu )
Last submission 2017-08-12 01:47:18 UTC ( 1 rok, 9 miesięcy temu )
Nazwy plików virussign.com_8dc955fa572fb8ad9d253e344c041bc0.vir
av_02.exe
fzndtnu
8dc955fa572fb8ad9d253e344c041bc0_dropper1
3.exe
8dc955fa572fb8ad9d253e344c041bc0.virobj
007028976
EBBA01C5A7F74B7DD084723A5747139CD9930CA9E14FA416F5F7B9284572C0F5.dat
vti-rescan
Rootkit.Win32.Avatar.j.exe
8dc955fa572fb8ad9d253e344c041bc0.4b8a61e4eb1e9bdd67d5e82a4c6c71ce842c9710
fzndtnu.exe
2.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!