× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956a
Nome do arquivo: localfile~
Taxa de detecção: 53 / 65
Data da análise: 2017-10-02 11:18:06 UTC ( 11 meses, 3 semanas atrás )
Antivírus Resultado Atualização
Ad-Aware Gen:Variant.Zusy.148905 20171002
AegisLab Troj.Downloader.W32.Dofoil.brhe!c 20171002
AhnLab-V3 Trojan/Win32.Kovter.R156317 20171002
ALYac Trojan.Agent.Kovter 20171002
Antiy-AVL Trojan/Win32.SGeneric 20171002
Arcabit Trojan.Zusy.D245A9 20171002
Avast Win32:Malware-gen 20171002
AVG Win32:Malware-gen 20171002
Avira (no cloud) TR/Crypt.ZPACK.3300 20171002
AVware Trojan.Win32.Generic!BT 20171002
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170930
BitDefender Gen:Variant.Zusy.148905 20171002
Bkav W32.ArtemisKovter.Trojan 20170928
CAT-QuickHeal Trojan.Generic.B4 20170930
ClamAV Win.Trojan.Agent-1307418 20171002
Comodo UnclassifiedMalware 20171002
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171002
DrWeb Trojan.DownLoader14.19037 20171002
Emsisoft Gen:Variant.Zusy.148905 (B) 20171002
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Kovter.C 20171002
F-Secure Gen:Variant.Zusy.148905 20171002
Fortinet W32/Kovter.C!tr 20170929
GData Gen:Variant.Zusy.148905 20171002
Ikarus Trojan.Win32.Kovter 20171002
Sophos ML heuristic 20170914
Jiangmin TrojanDownloader.Dofoil.ajv 20171002
K7AntiVirus Riskware ( 0040eff71 ) 20171002
K7GW Riskware ( 0040eff71 ) 20171002
Kaspersky HEUR:Trojan.Win32.Generic 20171002
MAX malware (ai score=80) 20171002
McAfee GenericR-DWS!6CA41538AE9C 20171002
McAfee-GW-Edition GenericR-DWS!6CA41538AE9C 20171002
Microsoft Trojan:Win32/Kovter!rfn 20171002
eScan Gen:Variant.Zusy.148905 20171002
NANO-Antivirus Trojan.Win32.Dwn.dtmbva 20171002
Palo Alto Networks (Known Signatures) generic.ml 20171002
Panda Trj/Genetic.gen 20171001
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20171002
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/Kovter-Z 20171002
Symantec Ransom.Kovter 20171002
Tencent Win32.Trojan-downloader.Dofoil.Wsam 20171002
TheHacker Trojan/Kovter.c 20170928
TrendMicro TROJ_KOVTER.XA 20171002
TrendMicro-HouseCall TROJ_KOVTER.XA 20171002
VBA32 TrojanDownloader.Dofoil 20171002
VIPRE Trojan.Win32.Generic!BT 20171002
Webroot Trojan.Dropper.Gen 20171002
Yandex Trojan.Kovter!4IR+n0/Kvc8 20170908
Zillya Trojan.Kovter.Win32.208 20171002
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171002
Alibaba 20170911
Avast-Mobile 20171002
CMC 20171002
Cyren 20171002
F-Prot 20171002
Kingsoft 20171002
Malwarebytes 20171002
nProtect 20171002
Rising 20171002
SUPERAntiSpyware 20171002
Symantec Mobile Insight 20170928
Trustlook 20171002
ViRobot 20171002
WhiteArmor 20170927
Zoner 20171002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-01 21:19:58
Entry Point 0x00004DCF
Number of sections 4
PE sections
Overlays
MD5 99fecbca308922c50bf352f9b27909ce
File type data
Offset 520192
Size 55
Entropy 5.64
PE imports
ImageList_ReplaceIcon
InitCommonControlsEx
CertFindChainInStore
CreateEllipticRgn
CreateRectRgn
SetBkMode
SetViewportOrgEx
TextOutA
CreateFontIndirectA
CombineRgn
SelectClipRgn
DeleteObject
LoadResource
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
SizeofResource
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
LockResource
lstrlenW
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoW
SetStdHandle
HeapSetInformation
RaiseException
UnhandledExceptionFilter
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetFileInformationByHandle
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindResourceA
TerminateProcess
GetEnvironmentStrings
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
WriteConsoleW
InterlockedIncrement
SHGetFileInfoA
SHGetFolderPathW
StrChrA
InitializeSecurityContextA
AcquireCredentialsHandleA
QueryContextAttributesA
AcceptSecurityContext
FreeCredentialsHandle
IsNetworkAlive
SetFocus
GetForegroundWindow
EndDialog
BeginPaint
EnumWindowStationsW
DefWindowProcA
SetWindowPos
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
LoadImageA
SetWindowTextA
DestroyIcon
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
MessageBoxW
InvalidateRect
CreateWindowExA
LoadCursorA
ShowCursor
IsWindowUnicode
GetWindowTextA
SetCursor
InternetGetLastResponseInfoW
Ord(176)
Ord(50)
PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterW
PdhOpenQueryA
PdhCollectQueryData
Number of PE resources by type
RT_GROUP_CURSOR 15
RT_CURSOR 11
RT_STRING 8
RT_BITMAP 8
RT_DIALOG 4
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 52
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:07:01 22:19:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
417280

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
101888

SubsystemVersion
5.1

EntryPoint
0x4dcf

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6ca41538ae9c25b259e6fcfce565b89b
SHA1 20f0aeb437f871bc102109c7de166c4288cacf7c
SHA256 0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956a
ssdeep
12288:pSE6PKmBAb1l4F5i1+j/aQkh6YwMwRE9zPd0HJ:q01l4F5rj/anh6YJ4Edd0HJ

authentihash 849d03241b38b92ba503364fc8d874d2ea701444abb6be5483bf9f667cfb7ec3
imphash 976b00382cbb63c03e8fcd6677e4f973
File size 508.1 KB ( 520247 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-03 15:27:24 UTC ( 3 anos, 2 meses atrás )
Last submission 2017-10-02 11:18:06 UTC ( 11 meses, 3 semanas atrás )
Nomes do arquivo 0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956a.exe
6ca41538ae9c25b259e6fcfce565b89b_976b00382cbb63c03e8fcd6677e4f973_Kovter.kaf
6ca41538ae9c25b259e6fcfce565b89b_976b00382cbb63c03e8fcd6677e4f973_Kovter[1].exe
0D0A07D32295B94FD665AC39D4755014A00381C6B06C2B4A6AEFFA0344AC956.EXE
0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956.exe
0D0A07D32295B94FD665AC39D4755014A00381C6B06C2B4A6AEFFA0344AC956.EXE
0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956.exe
0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956.exe
0D0A07D32295B94FD665AC39D4755014A00381C6B06C2B4A6AEFFA0344AC956.EXE
localfile~
0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956.exe
0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956.exe
6ca41538ae9c25b259e6fcfce565b89b_976b00382cbb63c03e8fcd6677e4f973_Kovter.exe
0D0A07D32295B94FD665AC39D4755014A00381C6B06C2B4A6AEFFA0344AC956.EXE
0d0a07d32295b94fd665ac39d4755014a00381c6b06c2b4a6aeffa0344ac956.exe
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs