× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 364994b1554a46d6447615de2a05c218446c3067535f4def585732ff2ae1bdb7
Nome do arquivo: UFE.exe
Taxa de detecção: 1 / 51
Data da análise: 2014-03-24 06:49:06 UTC ( 5 anos atrás )
Antivírus Resultado Atualização
Ikarus Trojan-Dropper.Win32.Injector 20140324
Ad-Aware 20140324
AegisLab 20140324
Yandex 20140323
AhnLab-V3 20140323
AntiVir 20140324
Antiy-AVL 20140324
Avast 20140324
AVG 20140324
Baidu-International 20140323
BitDefender 20140324
Bkav 20140322
ByteHero 20140324
CAT-QuickHeal 20140323
ClamAV 20140324
CMC 20140319
Commtouch 20140324
Comodo 20140324
DrWeb 20140324
Emsisoft 20140324
ESET-NOD32 20140324
F-Prot 20140324
F-Secure 20140323
Fortinet 20140324
GData 20140324
Jiangmin 20140324
K7AntiVirus 20140321
K7GW 20140321
Kaspersky 20140324
Kingsoft 20140324
Malwarebytes 20140324
McAfee 20140324
McAfee-GW-Edition 20140323
Microsoft 20140324
eScan 20140324
NANO-Antivirus 20140324
Norman 20140323
nProtect 20140323
Panda 20140323
Qihoo-360 20140324
Rising 20140322
Sophos AV 20140324
SUPERAntiSpyware 20140323
Symantec 20140324
TheHacker 20140323
TotalDefense 20140323
TrendMicro 20140324
TrendMicro-HouseCall 20140324
VBA32 20140321
VIPRE 20140324
ViRobot 20140324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
NalDinHoO All Rights Reserved.

Publisher Naldinho Dev
Internal name UFE
File version 2.2.4.12
Description Ultimate File Edit
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-24 06:09:22
Entry Point 0x00268DB0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegFlushKey
ImageList_Add
GetSaveFileNameW
IsEqualGUID
VariantCopy
SHChangeNotify
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 23
RT_BITMAP 11
RT_GROUP_CURSOR 8
RT_RCDATA 8
RT_CURSOR 8
RT_DIALOG 2
RT_ICON 1
VCLSTYLE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 32
ENGLISH US 32
PE resources
ExifTool file metadata
UninitializedDataSize
1826816

InitializedDataSize
16384

ImageVersion
0.0

FileVersionNumber
2.2.5194.15659

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ultimate File Edit

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2.4.12

TimeStamp
2014:03:24 07:09:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UFE

FileAccessDate
2014:03:24 07:49:14+01:00

ProductVersion
2.2

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:03:24 07:49:14+01:00

FileOS
Win32

LegalCopyright
NalDinHoO All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Naldinho Dev

CodeSize
696320

FileSubtype
0

ProductVersionNumber
2.2.0.0

EntryPoint
0x268db0

ObjectFileType
Executable application

File identification
MD5 95fb10183ee6717dade5649b472716c6
SHA1 aa0db826ced4b1cab785552a4a00338e7c5fbc9a
SHA256 364994b1554a46d6447615de2a05c218446c3067535f4def585732ff2ae1bdb7
ssdeep
12288:BIn64z9lbrTvM9EHGEnz4n92j1B/hi/pHLATKvWDH+DoxqzY/P3WvZTpCuMpakm:gPPTvwGGEn0gZBkRye2H+1IPGBTpCud

imphash 048ec459ee74997576e58019f6905eab
File size 693.5 KB ( 710144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-03-24 06:49:06 UTC ( 5 anos atrás )
Last submission 2014-03-24 06:49:06 UTC ( 5 anos atrás )
Nomes do arquivo UFE.exe
UFE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.