× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 8b473e48ae39c0a1c51395532fe09f216ddbf2c864e55aa51350196e04836f0d
Nome do arquivo: NFE-19882989.exe
Taxa de detecção: 31 / 47
Data da análise: 2014-01-09 14:07:08 UTC ( 4 anos, 7 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
Ad-Aware Gen:Trojan.Heur.Bz0aryUISUcG 20140109
Yandex Suspicious!SA 20140108
AhnLab-V3 Dropper/Win32.Dapato 20140109
AntiVir TR/Spy.Banker.Gen 20140109
Avast Win32:Malware-gen 20140109
AVG Luhe.Fiha.A 20140109
BitDefender Gen:Trojan.Heur.Bz0aryUISUcG 20140109
Bkav HW32.CDB.E4d2 20140109
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.A 20140109
Commtouch W32/Threat-SysVenFak-based!Maxi 20140109
Comodo TrojWare.Win32.Spy.Banker.Gen 20140109
DrWeb Trojan.DownLoader9.8258 20140109
Emsisoft Gen:Trojan.Heur.Bz0aryUISUcG (B) 20140109
ESET-NOD32 a variant of Generik.NDAHHAB 20140109
F-Prot W32/SysVenFak.A.gen!Eldorado 20140109
Fortinet Generik.NDAHHAB!tr 20140109
GData Gen:Trojan.Heur.Bz0aryUISUcG 20140109
Ikarus Trojan.Win32.Spy 20140109
K7AntiVirus Trojan ( 00361abb1 ) 20140109
K7GW Trojan ( 00361abb1 ) 20140109
Kaspersky Trojan-Ransom.Win32.Blocker.divk 20140109
Malwarebytes Spyware.Banker 20140109
McAfee Artemis!C3BCF468575F 20140109
McAfee-GW-Edition Heuristic.LooksLike.Win32.EPO.R 20140109
eScan Gen:Trojan.Heur.Bz0aryUISUcG 20140109
Norman Troj_Generic.RYUHO 20140109
Sophos AV Mal/Banker-U 20140109
Symantec WS.Reputation.1 20140109
TrendMicro TROJ_GENERIK.AV 20140109
TrendMicro-HouseCall TROJ_GENERIK.AV 20140109
VIPRE Trojan.Win32.Generic.pak!cobra 20140109
Antiy-AVL 20140109
Baidu-International 20131213
ByteHero 20131226
CAT-QuickHeal 20140109
Jiangmin 20140109
Kingsoft 20130829
Microsoft 20140109
NANO-Antivirus 20140109
nProtect 20140109
Panda 20140109
Rising 20140109
SUPERAntiSpyware 20140108
TheHacker 20140108
TotalDefense 20140108
VBA32 20140109
ViRobot 20140109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Microsoft Corporation

Product Microsoft Corporation
Original name Microsoft Corporation
Internal name Microsoft Corporation
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x003A6000
Number of sections 6
PE sections
PE imports
InitCommonControls
Number of PE resources by type
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 6
RT_RCDATA 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 45
PORTUGUESE BRAZILIAN 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
161792

EntryPoint
0x3a6000

OriginalFileName
Microsoft Corporation

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Microsoft Corporation

ProductVersion
5.4

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
317952

ProductName
Microsoft Corporation

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c3bcf468575f46ce554b3e8ee96dbdf6
SHA1 ec4a090d062d8b6e850e55a658533131bc4a01b7
SHA256 8b473e48ae39c0a1c51395532fe09f216ddbf2c864e55aa51350196e04836f0d
ssdeep
24576:xXccrSgXmFeP8E8zIZXNwekupOTg3ClpGpmlSWL1UnqiCf3GdA:xX1SgWF3E8zIBKek636p44edA

authentihash 378c3b89626846cdb851316b3ac8862335e22836fb5b2186bb19aeea6779080e
imphash baa93d47220682c04d92f7797d9224ce
File size 1.4 MB ( 1497600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-06 23:52:27 UTC ( 4 anos, 7 meses atrás )
Last submission 2018-03-25 06:13:34 UTC ( 4 meses, 3 semanas atrás )
Nomes do arquivo p77l_gRQa0.dwg
2014-01-06_21-27-16_NFE-19882989.exe.exe.vir
aa
NFE_19882989
Microsoft Corporation
8b473e48ae39c0a1c51395532fe09f216ddbf2c864e55aa51350196e04836f0d
NFE-19882989.exe
ec4a090d062d8b6e850e55a658533131bc4a01b7.exe
NFE_19882989.exe
nfe-19882989.exe
X3ROtV_38b.tar
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Deleted keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections