× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b5439
Nome do arquivo: NATIVEEXE
Taxa de detecção: 0 / 61
Data da análise: 2017-04-26 21:57:41 UTC ( 7 meses atrás )
Antivírus Resultado Atualização
Ad-Aware 20170426
AegisLab 20170426
AhnLab-V3 20170426
Alibaba 20170426
ALYac 20170426
Antiy-AVL 20170426
Arcabit 20170426
Avast 20170426
AVG 20170426
Avira (no cloud) 20170426
AVware 20170426
Baidu 20170426
BitDefender 20170426
Bkav 20170426
CAT-QuickHeal 20170426
CMC 20170421
Comodo 20170426
CrowdStrike Falcon (ML) 20170130
Cyren 20170426
DrWeb 20170426
Emsisoft 20170426
Endgame 20170419
ESET-NOD32 20170426
F-Prot 20170426
F-Secure 20170426
Fortinet 20170426
GData 20170426
Ikarus 20170426
Sophos ML 20170413
Jiangmin 20170425
K7AntiVirus 20170426
K7GW 20170426
Kaspersky 20170426
Kingsoft 20170426
Malwarebytes 20170426
McAfee 20170426
McAfee-GW-Edition 20170426
Microsoft 20170426
eScan 20170426
NANO-Antivirus 20170426
nProtect 20170426
Palo Alto Networks (Known Signatures) 20170426
Panda 20170426
Qihoo-360 20170426
Rising 20170426
SentinelOne (Static ML) 20170330
Sophos AV 20170426
SUPERAntiSpyware 20170426
Symantec 20170426
Symantec Mobile Insight 20170426
Tencent 20170426
TheHacker 20170424
TotalDefense 20170426
TrendMicro 20170426
TrendMicro-HouseCall 20170426
Trustlook 20170426
VBA32 20170426
VIPRE 20170426
ViRobot 20170426
Webroot 20170426
WhiteArmor 20170409
Yandex 20170426
Zillya 20170426
ZoneAlarm by Check Point 20170426
Zoner 20170426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2006-2013

Product RegRun Security Suite, UnHackMe
Original name Partizan.exe
Internal name Partizan.exe
File version 1, 0, 0, 9
Description Partizan - First Bootwatch Anti-Rootkit
Comments http://www.greatis.com
Signature verification Signed file, verified signature
Signing date 11:14 AM 12/24/2014
Signers
[+] Greatis Software LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 6/2/2011
Valid to 12:59 AM 6/2/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 119AF5ED3B1B7ACA667C4A13603AA77C9984DE15
Serial number 57 54 25 92 0A 0F A1 10 B2 3C 10 FD 66 9F AE 85
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-24 10:14:32
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 5d6631a62537541a7d76d93307336574
File type data
Offset 36352
Size 3856
Entropy 7.37
PE imports
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
NtQueryKey
_allmul
NtSetInformationFile
memset
NtDisplayString
RtlTimeToTimeFields
swprintf
NtTerminateProcess
NtClose
NtSetSecurityObject
NtFlushKey
RtlAllocateAndInitializeSid
NtDelayExecution
NtSaveKey
RtlCreateHeap
NtReadFile
NtOpenSymbolicLinkObject
NtWriteFile
NtDeleteFile
RtlUpcaseUnicodeString
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
NtOpenFile
RtlCreateSecurityDescriptor
NtLoadKey
memcpy
NtUnloadKey
RtlFreeSid
NtQuerySystemTime
NtCreateFile
RtlFreeHeap
NtFlushBuffersFile
NtQueryAttributesFile
NtDeleteKey
RtlDosPathNameToNtPathName_U
RtlCompareUnicodeString
memmove
NtOpenKey
RtlInitAnsiString
NtEnumerateKey
RtlAdjustPrivilege
NtEnumerateValueKey
NtQueryInformationFile
_chkstk
NtQueryInformationProcess
RtlSetOwnerSecurityDescriptor
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
RUSSIAN 6
PE resources
ExifTool file metadata
LegalTrademarks
Partizan

SubsystemVersion
4.0

Comments
http://www.greatis.com

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Partizan - First Bootwatch Anti-Rootkit

CharacterSet
Unicode

InitializedDataSize
19968

EntryPoint
0x1000

OriginalFileName
Partizan.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006-2013

FileVersion
1, 0, 0, 9

TimeStamp
2014:12:24 11:14:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Partizan.exe

ProductVersion
7.6

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Greatis Software

CodeSize
15360

ProductName
RegRun Security Suite, UnHackMe

ProductVersionNumber
7.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PE resource-wise parents
Compressed bundles
File identification
MD5 d5915a4c454e50d76b343019d9978373
SHA1 d55c1104b66bef529644528723cdced4c24c6f52
SHA256 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b5439
ssdeep
768:xB58AT6F3K3YRsNnpgDGGtY52p3T3bmbXXhYMyr:xBCF3KoEnmI20bnhmr

authentihash e76e521773640d9cc2c3f5cfaa487580cd680e18c9fa3e72acbf976afe43296e
imphash f668496dea200af00faf89e261f17c6e
File size 39.3 KB ( 40208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe via-tor native signed overlay

VirusTotal metadata
First submission 2014-12-30 07:00:56 UTC ( 2 anos, 11 meses atrás )
Last submission 2017-04-26 21:57:41 UTC ( 7 meses atrás )
Nomes do arquivo NOTEELAINE_Part.exe
part.exe
partx1.jpg
file
part.jpg-17Jul15.1017.txt
MICRO1_Part.exe
vt-upload-4m2Q3J
partx1novo.jpg
VRjknXtWFtAkFOA1VzudGPhGg.exe
partizan.exe
ranca.jpg
rock1.jpg
PARTIZAN.EXE
part.jpg.exe
d5915a4c454e50d76b343019d9978373.jpg
Partizan.exe
mdRH_FINANCEIRO-P.exe.vir
NATIVEEXE
att90.jpg
blz1.jpg.exe
d55c1104b66bef529644528723cdced4c24c6f52.exe
blz1.jpg
lol.jpg
part.jpg
PALBERTO-PC32.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!