× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 760afb86938de76a0066fd66d8720c2bb013c6b2a5dfe4984d0b7627a458f984
Nome do arquivo: Mypony2.exe
Taxa de detecção: 25 / 46
Data da análise: 2013-04-14 20:09:09 UTC ( 4 anos, 4 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
Yandex Trojan.Eupuds!mjKBumJ9WwU 20130414
AhnLab-V3 Trojan/Win32.Inject 20130414
AntiVir TR/Eupuds.B.5 20130414
Avast Win32:Downloader-SUE [Trj] 20130414
Commtouch W32/Downloader.MNMX-8362 20130414
F-Prot W32/Downldr2.IZCA 20130414
Fortinet W32/Inject.FHKF!tr 20130414
GData Win32:Downloader-SUE 20130414
Ikarus Trojan.Win32.Eupuds 20130414
K7AntiVirus Trojan 20130412
Kaspersky Trojan.Win32.Inject.fhkf 20130414
Malwarebytes Trojan.Agent.AI 20130414
McAfee RDN/Generic.dx!zu 20130414
McAfee-GW-Edition RDN/Generic.dx!zu 20130414
Microsoft Trojan:Win32/Eupuds.B 20130414
NANO-Antivirus Trojan.Win32.Inject.bllkhl 20130414
Norman Troj_Generic.JJJZI 20130414
Panda Trj/CI.A 20130414
Sophos AV Troj/Eupuds-A 20130414
Symantec WS.Reputation.1 20130414
TrendMicro TROJ_EUPUDS.AN 20130414
TrendMicro-HouseCall TROJ_EUPUDS.AN 20130414
VBA32 Trojan.Inject 20130412
VIPRE Trojan.Win32.Generic!BT 20130414
ViRobot Trojan.Win32.A.Bublik.714975[UPX] 20130414
Antiy-AVL 20130414
AVG 20130414
BitDefender 20130414
ByteHero 20130405
CAT-QuickHeal 20130414
ClamAV 20130414
Comodo 20130414
DrWeb 20130414
Emsisoft 20130414
eSafe 20130407
ESET-NOD32 20130414
F-Secure 20130414
Jiangmin 20130414
Kingsoft 20130408
eScan 20130414
nProtect 20130414
PCTools 20130414
Rising 20130412
SUPERAntiSpyware 20130413
TheHacker 20130414
TotalDefense 20130414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 9, 4
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-10 00:11:21
Entry Point 0x00104810
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantCopy
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_RCDATA 3
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 9
NEUTRAL 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
757760

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.3.9.4

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
282624

EntryPoint
0x104810

MIMEType
application/octet-stream

FileVersion
3, 3, 9, 4

TimeStamp
2012:04:10 01:11:21+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 9, 4

MachineType
Intel 386 or later, and compatibles

CodeSize
307200

FileSubtype
0

ProductVersionNumber
3.3.9.4

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 32884422d828628cf962c482514ec291
SHA1 15011df6f8513bad48a7328f982f62c6e00e3198
SHA256 760afb86938de76a0066fd66d8720c2bb013c6b2a5dfe4984d0b7627a458f984
ssdeep
12288:CLmY9vwGP7W2E9o1hx7ZPMybagETrn/S96ahrYh:CZFxG9hyOlvS

authentihash cb5741a3844868f9428deef6a747d5f2f7c588c68de41783b4ae03f57c7a05e6
imphash 8367c1e56060d6b1b2715e99ca951476
File size 573.0 KB ( 586752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-03-22 15:36:36 UTC ( 4 anos, 5 meses atrás )
Last submission 2015-12-12 14:04:25 UTC ( 1 ano, 8 meses atrás )
Nomes do arquivo 760afb86938de76a0066fd66d8720c2bb013c6b2a5dfe4984d0b7627a458f984.vir
760afb86938de76a0066fd66d8720c2bb013c6b2a5dfe4984d0b7627a458f984
Nota-Fiscal-Eletrônica.exe
vti-rescan
760afb86938de76a0066fd66d8720c2bb013c6b2a5dfe4984d0b7627a458f984.exe
Mypony2.exe
sample.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.