× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: ec63e67ca7a5285ad252706153bb53d0cb41d4deb9837ecc2529ca102664078d
Nome do arquivo: Baixaki_Windows 10_2052770709.exe
Taxa de detecção: 24 / 71
Data da análise: 2019-03-09 02:18:16 UTC ( 2 meses, 1 semana atrás ) Visualizar últimos
Antivírus Resultado Atualização
Ad-Aware Gen:Variant.Application.Agent.29 20190309
Arcabit Trojan.Application.Agent.29 20190309
Avast FileRepMalware [PUP] 20190309
AVG FileRepMalware [PUP] 20190309
BitDefender Gen:Variant.Application.Agent.29 20190309
CrowdStrike Falcon (ML) win/malicious_confidence_90% (D) 20190212
DrWeb Trojan.InstallCore.3339 20190309
Emsisoft Application.InstallCore (A) 20190309
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/InstallCore.AWT potentially unwanted 20190309
GData Script.Application.InstallCore.LZ 20190308
Sophos ML heuristic 20181128
K7AntiVirus Adware ( 00527b731 ) 20190308
K7GW Adware ( 00527b731 ) 20190308
Malwarebytes PUP.Optional.InstallCore.Generic 20190308
MAX malware (ai score=76) 20190309
McAfee InstallCore 20190309
McAfee-GW-Edition Artemis!PUP 20190308
Microsoft PUA:Win32/InstallCore 20190307
eScan Gen:Variant.Application.Agent.29 20190309
Panda PUP/InstallCore 20190308
Qihoo-360 Win32/Application.165 20190309
Sophos AV Install Core (PUA) 20190309
Symantec ML.Attribute.HighConfidence 20190309
Acronis 20190222
AegisLab 20190309
AhnLab-V3 20190308
Alibaba 20190306
ALYac 20190309
Antiy-AVL 20190309
Avast-Mobile 20190308
Avira (no cloud) 20190308
Babable 20180918
Baidu 20190306
Bkav 20190308
CAT-QuickHeal 20190308
ClamAV 20190308
CMC 20190308
Comodo 20190309
Cybereason 20190109
Cylance 20190309
Cyren 20190309
eGambit 20190309
F-Prot 20190308
F-Secure 20190309
Fortinet 20190308
Ikarus 20190308
Jiangmin 20190309
Kaspersky 20190309
Kingsoft 20190309
NANO-Antivirus 20190309
Palo Alto Networks (Known Signatures) 20190309
Rising 20190309
SentinelOne (Static ML) 20190203
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190309
Tencent 20190309
TheHacker 20190308
TotalDefense 20190308
Trapmine 20190301
TrendMicro 20190309
TrendMicro-HouseCall 20190309
Trustlook 20190309
VBA32 20190307
VIPRE 20190308
ViRobot 20190308
Webroot 20190309
Yandex 20190308
Zillya 20190307
ZoneAlarm by Check Point 20190309
Zoner 20190309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Stub Fast Application

Product Stub File Software
File version
Description Stub File Software Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 3:14 AM 4/7/2019
Signers
[+] NO ZEBRA NETWORK S.A
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 12:00 AM 07/17/2018
Valid to 11:59 PM 07/17/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B2458AADFBDC48C4ECDE587C95FE990A3BE655CB
Serial number 16 79 95 C9 77 7A 34 4C F0 44 84 18 2E D6 DC 00
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 01:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 01:00 AM 11/17/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-29 11:51:48
Entry Point 0x00016478
Number of sections 8
PE sections
Overlays
MD5 bf607ff42355172607eb076d281fd2ae
File type data
Offset 173568
Size 1967480
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Stub File Software Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
86528

EntryPoint
0x16478

MIMEType
application/octet-stream

LegalCopyright
Stub Fast Application

TimeStamp
2012:05:29 13:51:48+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
86016

ProductName
Stub File Software

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 09f99e31122f43eef3ef8584e0faf080
SHA1 109c409eb83f5e0288184087243ad1c8887e9405
SHA256 ec63e67ca7a5285ad252706153bb53d0cb41d4deb9837ecc2529ca102664078d
ssdeep
49152:Tqe59MX+IS+8S7ppTh5AYZ0UrbQ/4DJPF0LvMcfi8CpDYBpnSF9:W0+tNx7jTh5Z0UzDJWffoaXSH

authentihash 9ff47f1195ab2e84992a0bd8b6ea8ef9c7cfee6b5347b5dbebe274d2f18db79d
imphash 483f0c4259a9148c34961abbda6146c1
File size 2.0 MB ( 2141048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (80.3%)
Win32 Executable Delphi generic (10.3%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
OS/2 Executable (generic) (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-03-08 23:49:36 UTC ( 2 meses, 1 semana atrás )
Last submission 2019-03-09 02:54:05 UTC ( 2 meses, 1 semana atrás )
Nomes do arquivo Baixaki_Clean Master_3293497686.exe
Baixaki_Windows 10_0416507966.exe
Baixaki_Windows 10_2052770709.exe
Baixaki_Ganancia Financas Pessoais_1597753239.exe
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs