× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: abacc15220b25d00e9905970adcbc5f29e0c754f9b88aa6d33561b75587ceca1
Nome do arquivo: iKaros Application.exe
Taxa de detecção: 4 / 68
Data da análise: 2018-06-19 00:10:51 UTC ( 5 meses atrás )
Antivírus Resultado Atualização
AegisLab Uds.Dangerousobject.Multi!c 20180618
Cyren W32/GenBl.3BCD0B40!Olympus 20180619
Kaspersky UDS:DangerousObject.Multi.Generic 20180618
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180618
Ad-Aware 20180618
AhnLab-V3 20180618
Alibaba 20180615
ALYac 20180618
Antiy-AVL 20180619
Arcabit 20180619
Avast 20180618
Avast-Mobile 20180619
AVG 20180619
Avira (no cloud) 20180619
AVware 20180618
Babable 20180406
Baidu 20180615
BitDefender 20180618
Bkav 20180618
CAT-QuickHeal 20180618
ClamAV 20180619
CMC 20180618
Comodo 20180619
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180619
DrWeb 20180618
eGambit 20180619
Emsisoft 20180618
Endgame 20180612
ESET-NOD32 20180619
F-Prot 20180618
F-Secure 20180619
Fortinet 20180618
GData 20180618
Ikarus 20180618
Sophos ML 20180601
Jiangmin 20180618
K7AntiVirus 20180618
K7GW 20180619
Kingsoft 20180619
Malwarebytes 20180618
MAX 20180619
McAfee 20180618
McAfee-GW-Edition 20180618
Microsoft 20180619
eScan 20180618
NANO-Antivirus 20180618
Palo Alto Networks (Known Signatures) 20180619
Panda 20180618
Qihoo-360 20180619
Rising 20180618
SentinelOne (Static ML) 20180618
Sophos AV 20180618
SUPERAntiSpyware 20180618
Symantec 20180618
Symantec Mobile Insight 20180614
TACHYON 20180618
Tencent 20180619
TheHacker 20180613
TotalDefense 20180618
TrendMicro 20180618
TrendMicro-HouseCall 20180618
Trustlook 20180619
VBA32 20180618
VIPRE 20180619
ViRobot 20180618
Webroot 20180619
Yandex 20180618
Zillya 20180618
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:03:36
Entry Point 0x00003217
Number of sections 5
PE sections
Overlays
MD5 201303f7fd2c328a96f6d53be0a86509
File type data
Offset 49152
Size 1282039
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:11 21:03:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
117760

SubsystemVersion
4.0

EntryPoint
0x3217

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 3bcd0b40c3ff8d2bad97c47561c2e6e4
SHA1 ffe19e51f7941971e86bdd7ffd59cefdfd2b493c
SHA256 abacc15220b25d00e9905970adcbc5f29e0c754f9b88aa6d33561b75587ceca1
ssdeep
24576:AJpPFgNC9XiaFQchyXwa9gk56cII+08rh9O3WFwF0lpF0wlK:sngNCgUlBk56VI+0+9Omwyn6

authentihash 045ef2a132d39b85cc070ac3899e07860d2fcbcde2cb7f3c33bcceb1c58adc8a
imphash 59a4a44a250c4cf4f2d9de2b3fe5d95f
File size 1.3 MB ( 1331191 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-04-30 21:02:03 UTC ( 1 ano, 6 meses atrás )
Last submission 2017-07-27 19:53:17 UTC ( 1 ano, 3 meses atrás )
Nomes do arquivo YaTQA-Setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
iKaros Application.exe
yatqa-setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
YaTQA-Setup_[3.7.2].exe
yatqa-setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
Behaviour characterization
Zemana
dll-injection

Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications