× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: f2d3fc880ea7a8f3d7bcd60daf6cbe8500f3295f9581884932661f8f04e14bb9
Nome do arquivo: SetupTFMHacked.exe
Taxa de detecção: 6 / 56
Data da análise: 2016-03-31 04:44:08 UTC ( 1 ano, 2 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
Baidu Win32.Trojan.WisdomEyes.151026.9950.9988 20160330
ClamAV Win.Trojan.Rasftuby-11 20160331
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160331
Panda Trj/Genetic.gen 20160330
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20160331
TrendMicro-HouseCall HT_BLADABINDI_FB24017A.UVPM 20160331
Ad-Aware 20160330
AegisLab 20160331
AhnLab-V3 20160330
Alibaba 20160323
ALYac 20160331
Antiy-AVL 20160330
Arcabit 20160330
Avast 20160331
AVG 20160330
Avira (no cloud) 20160331
AVware 20160331
Baidu-International 20160330
BitDefender 20160330
Bkav 20160330
CAT-QuickHeal 20160330
CMC 20160322
Comodo 20160331
Cyren 20160331
DrWeb 20160331
Emsisoft 20160331
ESET-NOD32 20160331
F-Prot 20160331
F-Secure 20160330
Fortinet 20160330
GData 20160331
Ikarus 20160330
Jiangmin 20160331
K7AntiVirus 20160330
K7GW 20160331
Kaspersky 20160331
Kingsoft 20160331
Malwarebytes 20160331
McAfee 20160331
Microsoft 20160330
eScan 20160331
NANO-Antivirus 20160331
nProtect 20160330
Rising 20160331
Sophos 20160331
SUPERAntiSpyware 20160331
Symantec 20160331
Tencent 20160331
TheHacker 20160330
TrendMicro 20160330
VBA32 20160331
VIPRE 20160331
ViRobot 20160330
Yandex 20160316
Zillya 20160331
Zoner 20160331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-03 11:34:21
Entry Point 0x0001E35B
Number of sections 4
PE sections
Overlays
MD5 d475a9c2e5e6a120e190b85d3dfc5e44
File type data
Offset 228352
Size 36738
Entropy 7.92
PE imports
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
FindClose
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FoldStringW
GetModuleHandleA
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:03 12:34:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
168960

LinkerVersion
9.0

EntryPoint
0x1e35b

InitializedDataSize
58368

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 82ceed7b32ac7c890b489576fbfec612
SHA1 207b0ae8fe3ceb0f17e0c4f13b967a9321008cce
SHA256 f2d3fc880ea7a8f3d7bcd60daf6cbe8500f3295f9581884932661f8f04e14bb9
ssdeep
3072:6r3u1wVtulaOpe//h5KFChxeVQPr3XplqRyVVW3iXYmtihM+0v5NPbIF5Fkj2/vu:w3uYOS9dPr358y3WwqGv5NEL/vt8t1

authentihash e84d7285f5f53e1bde1d912f5051c74f41f8c470bc7c6521ef8db4df2f89d0f7
imphash 9d1f0da408c33eebb70b9bfa17b7fddc
File size 258.9 KB ( 265090 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-31 04:44:08 UTC ( 1 ano, 2 meses atrás )
Last submission 2016-04-01 00:49:00 UTC ( 1 ano, 2 meses atrás )
Nomes do arquivo SetupTFMHacked.exe
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications