× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 070bfa4fb2427be7ed9166e7d6b8fe67046a0768c225812f20d7173d2b4248c0
Имя файла: Loader.exe
Показатель выявления: 41 / 67
Дата анализа: 2018-07-04 07:52:38 UTC (10 месяцев, 3 недель назад) Показать последний анализ
Антивирус Результат Дата обновления
AegisLab Troj.W32.Inject.tngm 20180704
Antiy-AVL Trojan/Win32.Genome 20180704
Avast FileRepMalware 20180704
AVG FileRepMalware 20180704
Avira (no cloud) HEUR/AGEN.1024036 20180703
AVware Trojan.Win32.Generic!BT 20180704
Babable Malware.HighConfidence 20180406
Bkav W32.eHeur.Malware14 20180703
CAT-QuickHeal Trojan.Mauvaise.SL1 20180704
Comodo TrojWare.Win32.Genome.GNA 20180704
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.2a889e 20180225
Cylance Unsafe 20180704
Cyren W32/Downloader-Web-based!Maximu 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/HackTool.Patcher.N potentially unsafe 20180704
F-Prot W32/Downloader-Web-based!Maximu 20180704
Fortinet Riskware/Patcher 20180704
GData Win32.Trojan.Agent.DLEEA8 20180704
Ikarus Trojan.SuspectCRC 20180703
Sophos ML heuristic 20180601
Jiangmin Trojan/Genome.clxq 20180703
K7AntiVirus Trojan ( 004edf451 ) 20180704
K7GW Trojan ( 004edf451 ) 20180704
MAX malware (ai score=99) 20180704
McAfee PUP-XEM-XT 20180704
McAfee-GW-Edition BehavesLike.Win32.Ipamor.mh 20180704
Microsoft Trojan:Win32/Bitrep.A 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Panda Trj/CI.A 20180703
Qihoo-360 Win32/Trojan.4c1 20180704
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazqvtPnlraroIRWPYtw3mHJA) 20180704
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Generic PUA NJ (PUA) 20180704
Symantec Trojan.Gen.2 20180704
TACHYON Trojan/W32.Inject.23040.AC 20180704
TrendMicro TROJ_GEN.R014C0OE418 20180704
TrendMicro-HouseCall TROJ_GEN.R014C0OE418 20180704
VIPRE Trojan.Win32.Generic!BT 20180704
Webroot W32.Malware.Heur 20180704
Yandex Riskware.HackTool!xPzBubcZIk4 20180703
Ad-Aware 20180704
AhnLab-V3 20180703
Alibaba 20180704
ALYac 20180704
Arcabit 20180704
Avast-Mobile 20180704
Baidu 20180704
BitDefender 20180704
CMC 20180703
DrWeb 20180704
eGambit 20180704
Emsisoft 20180704
F-Secure 20180704
Kaspersky 20180704
Kingsoft 20180704
Malwarebytes 20180704
eScan 20180704
NANO-Antivirus 20180704
SUPERAntiSpyware 20180704
Tencent 20180704
TheHacker 20180628
Trustlook 20180704
VBA32 20180629
ViRobot 20180704
Zillya 20180703
ZoneAlarm by Check Point 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-13 14:57:44
Entry Point 0x00001702
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetOpenFileNameA
WriteProcessMemory
UnmapViewOfFile
lstrlenA
lstrcmpiA
ExitProcess
GetVersionExA
FlushFileBuffers
LoadLibraryA
GetModuleFileNameA
SizeofResource
RtlZeroMemory
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
DeleteFileA
ReadProcessMemory
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetTempPathA
CreateThread
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CreateFileMappingA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
TerminateProcess
ResumeThread
CreateProcessA
LoadResource
WriteFile
VirtualFree
RtlMoveMemory
FindClose
Sleep
CreateFileA
FindResourceA
VirtualAlloc
SetCurrentDirectoryA
CloseHandle
ShellExecuteA
MessageBoxA
Number of PE resources by type
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:04:13 16:57:44+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
14848

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1702

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 100f21c2a889e18cb93f29464ea37ada
SHA1 d9b20cf2c0f9d6a7ee47bdba56d2aea874e01e2d
SHA256 070bfa4fb2427be7ed9166e7d6b8fe67046a0768c225812f20d7173d2b4248c0
ssdeep
384:GwHfL9GNaX7NWGD01VreKEZkeFQ0Q3TSu5yadZYwQbW:zSahTD0HyF7FQVcadZYf

authentihash 7219778ec1d8046a61ce3e9c4ffcc17013f0a05b18e44b47ab8964905b6bc206
imphash 6c81cd28aebf69535c2bc314d2e209e8
Размер файла 22.5 KБ ( 23040 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-04 01:24:45 UTC (1 год назад)
Last submission 2019-03-12 22:52:03 UTC (2 месяцев, 1 неделя назад)
Имена файлов ldrStampRemover.exe
Loader.exe
Loader.exe
RemoverMarcaD'agua.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs