× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
VirusTotal
SHA256: 12fb5c61383978e55c34ee8952ef694eab552a5a76b60f2e69a963971752c3cf
Nome do arquivo: Rato Agil - TH - Young Geek.EXE
Taxa de detecção: 15 / 54
Data da análise: 2015-12-08 22:42:38 UTC ( 3 anos, 4 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
Yandex HackTool.CheatEngine!h2lP7QG9eRI 20151208
Antiy-AVL Trojan[Packed]/Win32.PolyCrypt 20151208
Avast Win32:Malware-gen 20151208
Baidu-International HackTool.Win32.CheatEngine.aai 20151208
Cyren W32/CheatEngine.B.gen!Eldorado 20151208
ESET-NOD32 a variant of Win32/HackTool.CheatEngine.AF potentially unsafe 20151208
F-Prot W32/CheatEngine.B.gen!Eldorado 20151208
Fortinet W32/Generic.AC.1569906 20151208
Jiangmin TrojanDropper.Injector.bhlg 20151208
K7GW Hacktool ( 655367771 ) 20151208
Malwarebytes HackTool.CheatEngine 20151208
McAfee Artemis!9DCB636990DB 20151208
McAfee-GW-Edition BehavesLike.Win32.Virut.rc 20151208
Qihoo-360 HEUR/QVM41.2.Malware.Gen 20151208
Symantec SAPE.CheatEngine.c 20151208
Ad-Aware 20151208
AegisLab 20151208
AhnLab-V3 20151208
Alibaba 20151208
ALYac 20151208
Arcabit 20151208
AVG 20151208
AVware 20151208
BitDefender 20151208
Bkav 20151208
ByteHero 20151208
CAT-QuickHeal 20151208
ClamAV 20151208
CMC 20151201
Comodo 20151202
DrWeb 20151208
Emsisoft 20151208
F-Secure 20151208
GData 20151208
Ikarus 20151208
K7AntiVirus 20151208
Kaspersky 20151208
Microsoft 20151208
eScan 20151208
NANO-Antivirus 20151208
nProtect 20151208
Panda 20151208
Rising 20151208
Sophos AV 20151208
SUPERAntiSpyware 20151208
Tencent 20151208
TheHacker 20151205
TrendMicro 20151208
TrendMicro-HouseCall 20151208
VBA32 20151208
VIPRE 20151208
ViRobot 20151208
Zillya 20151208
Zoner 20151208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-28 14:45:44
Entry Point 0x000015EB
Number of sections 5
PE sections
PE imports
[+] ADVAPI32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorA
[+] KERNEL32.dll
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
LoadLibraryA
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetConsoleCP
LeaveCriticalSection
LCMapStringW
SetFilePointer
GetTempPathA
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetEnvironmentStrings
CreateProcessA
LCMapStringA
WriteConsoleA
IsValidCodePage
LoadResource
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
[+] SHLWAPI.dll
PathRemoveFileSpecA
PathAddBackslashA
PathStripPathA
[+] USER32.dll
MessageBoxA
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:06:28 15:45:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36352

LinkerVersion
9.0

EntryPoint
0x15eb

InitializedDataSize
4299264

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9dcb636990db62bea9fae4bde94c9caa
SHA1 cb43f1aeced3343bde25c4391ce431183e3525df
SHA256 12fb5c61383978e55c34ee8952ef694eab552a5a76b60f2e69a963971752c3cf
ssdeep
98304:STkt7YYaoGeZCa2DVyX1HIfvO3mDq9iA0DV/Kkqa7hBboaHYAQoicwF:STkqHer2DVSO/DsQYnaLbbZQrD

authentihash 00472eae5d406ed34a6a47c7034ee5c5c846bd3f3f45e1f565587a0c7105f4cb
imphash 8d92fa1956a6a631c642190121740197
File size 4.1 MB ( 4336640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-05 21:03:01 UTC ( 3 anos, 4 meses atrás )
Last submission 2015-12-08 22:42:38 UTC ( 3 anos, 4 meses atrás )
Nomes do arquivo 12fb5c61383978e55c34ee8952ef694eab552a5a76b60f2e69a963971752c3cf.file
Rato Agil - TH - Young Geek.EXE
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0C1H05A816.

F-Secure Deepguard Suspicious:W32/Malware!Online
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!
Mais comentários

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Entrar Junte-se à comunidade
Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Mais votos
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Runtime DLLs
Blog | Twitter | Contact us | Termos de Uso | Política de privacidade