× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 3919e71d481ec33025dd689dc9ed2f047c023bc9a8a244bcd2c8da51ea77f3d0
Nome do arquivo: Adobe_ Flash_ Player®..®Adobe.®..®Flash.®..®.®..®Player.®..®_dese...
Taxa de detecção: 20 / 46
Data da análise: 2013-03-01 16:06:08 UTC ( 6 anos, 2 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
AntiVir TR/Crypt.FKM.Gen 20130301
Avast Win32:VB-AFNR [Trj] 20130301
AVG unknown virus Win32/DH{AA8gIg} 20130301
BitDefender Gen:Variant.Graftor.67808 20130301
Emsisoft Gen:Trojan.Heur.VP.bmKfaK2g4vdi (B) 20130301
ESET-NOD32 a variant of Win32/VB.NTK 20130301
F-Secure Gen:Variant.Graftor.67808 20130301
Fortinet W32/VB.NTK!tr 20130301
GData Gen:Variant.Graftor.67808 20130301
Ikarus Trojan.Win32.Cossta 20130226
K7AntiVirus Trojan 20130228
Kaspersky HEUR:Trojan.Win32.Generic 20130301
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.D 20130301
Microsoft TrojanDownloader:Win32/Swity.C 20130301
eScan Gen:Variant.Graftor.67808 20130301
PCTools HeurEngine.ZeroDayThreat 20130301
Rising Suspicious 20130228
Sophos AV Mal/Emogen-O 20130301
SUPERAntiSpyware Adware.Vundo/Variant-MSFake 20130301
TheHacker Posible_Worm32 20130228
Yandex 20130301
AhnLab-V3 20130301
Antiy-AVL 20130301
ByteHero 20130221
CAT-QuickHeal 20130301
ClamAV 20130301
Commtouch 20130301
Comodo 20130301
DrWeb 20130301
eSafe 20130211
F-Prot 20130301
Jiangmin 20130301
Kingsoft 20130225
Malwarebytes 20130301
McAfee 20130301
NANO-Antivirus 20130301
Norman 20130301
nProtect 20130301
Panda 20130301
Symantec 20130301
TotalDefense 20130228
TrendMicro 20130301
TrendMicro-HouseCall 20130301
VBA32 20130228
VIPRE 20130301
ViRobot 20130301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Microsoft
Product Project1
Original name 1234567890.exe
Internal name 1234567890
File version 1.00
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-01 04:32:10
Entry Point 0x00011910
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(619)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
49152

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2013:03:01 04:32:10+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
1234567890

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
1234567890.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
20480

ProductName
Project1

ProductVersionNumber
1.0.0.0

EntryPoint
0x11910

ObjectFileType
Executable application

File identification
MD5 fd6e57e4f0db96e3c6dff5d9475ce31a
SHA1 77f113b4128c4baa5ab239efe5a3f819c785fee3
SHA256 3919e71d481ec33025dd689dc9ed2f047c023bc9a8a244bcd2c8da51ea77f3d0
ssdeep
384:uJvkLxUl/3hXA2kLqMrPmz8rxHsTXrKwfWhYucWwBmoPdeE2wGJGKdyRNrTWTk:uKLOl/3VA9LO8rxsTYDwhVxIJGKEC

File size 22.5 KB ( 23040 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-03-01 16:06:08 UTC ( 6 anos, 2 meses atrás )
Last submission 2013-03-08 09:25:31 UTC ( 6 anos, 2 meses atrás )
Nomes do arquivo 1234567890
1234567890.exe
Adobe_ Flash_ Player®..®Adobe.®..®Flash.®..®.®..®Player.®..®_desenho_download_google.com.exe
fd6e57e4f0db96e3c6dff5d9475ce31a
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
TCP connections
UDP communications