× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 07e2ef1fcbeb6514b232f8a4d36272404e767ba797d3cba97cf27961861a6b96
Имя файла: 07e2ef1fcbeb6514b232f8a4d36272404e767ba797d3cba97cf27961861a6b96
Показатель выявления: 9 / 56
Дата анализа: 2017-01-17 21:35:52 UTC (7 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
AVware Trojan.Win32.Injector.cdgy (v) 20170117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9723 20170117
CrowdStrike Falcon (ML) malicious_confidence_69% (D) 20161024
Sophos ML virus.win32.sality.at 20170111
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170117
Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170117
TrendMicro TROJ_TOBFY.SM1 20170117
TrendMicro-HouseCall TROJ_TOBFY.SM1 20170117
VIPRE Trojan.Win32.Injector.cdgy (v) 20170117
Ad-Aware 20170117
AegisLab 20170117
AhnLab-V3 20170117
Alibaba 20170117
ALYac 20170117
Antiy-AVL 20170117
Arcabit 20170117
Avast 20170117
AVG 20170117
Avira (no cloud) 20170117
BitDefender 20170117
CAT-QuickHeal 20170117
ClamAV 20170117
CMC 20170117
Comodo 20170117
Cyren 20170117
DrWeb 20170117
Emsisoft 20170117
ESET-NOD32 20170117
F-Prot 20170117
F-Secure 20170117
Fortinet 20170117
GData 20170117
Ikarus 20170117
Jiangmin 20170117
K7AntiVirus 20170117
K7GW 20170117
Kaspersky 20170117
Kingsoft 20170117
Malwarebytes 20170117
McAfee 20170117
McAfee-GW-Edition 20170117
Microsoft 20170117
eScan 20170117
NANO-Antivirus 20170117
nProtect 20170117
Panda 20170117
Rising 20170117
Sophos AV 20170117
SUPERAntiSpyware 20170117
Tencent 20170117
TheHacker 20170117
TotalDefense 20170117
Trustlook 20170117
VBA32 20170117
ViRobot 20170117
WhiteArmor 20170117
Yandex 20170117
Zillya 20170117
Zoner 20170117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2003

Product FileSpy Application
Original name FileSpy.EXE
Internal name FileSpy
File version 1, 0, 0, 1
Description FileSpy MFC Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-12 17:09:22
Entry Point 0x00002ADF
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
ExtTextOutA
DeleteCriticalSection
GetModuleHandleA
GetStdHandle
EnterCriticalSection
GetTimeZoneInformation
FindFirstChangeNotificationA
ReadDirectoryChangesW
InitializeCriticalSection
UnmapViewOfFile
WaitForSingleObject
VirtualQuery
UnhandledExceptionFilter
GetStartupInfoA
FindNextChangeNotification
SetCommState
CreateFileA
GetModuleFileNameA
GlobalLock
LeaveCriticalSection
Ord(1775)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(5677)
Ord(3597)
Ord(3495)
Ord(3811)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(1842)
Ord(693)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(5237)
Ord(3402)
Ord(6215)
Ord(6625)
Ord(1725)
Ord(795)
Ord(815)
Ord(2723)
Ord(366)
Ord(922)
Ord(641)
Ord(2494)
Ord(5472)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4402)
Ord(4425)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(6907)
Ord(4823)
Ord(2390)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2091)
Ord(4376)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(3584)
Ord(1727)
Ord(3370)
Ord(823)
Ord(2725)
Ord(1776)
Ord(4998)
Ord(539)
Ord(2879)
Ord(4436)
Ord(4457)
Ord(2582)
Ord(3749)
Ord(4610)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(2627)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(5100)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(924)
Ord(4077)
Ord(3721)
Ord(6336)
Ord(803)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(5252)
Ord(4299)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(3346)
Ord(800)
Ord(4303)
Ord(529)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4960)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(2510)
Ord(2626)
Ord(543)
Ord(4347)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(2396)
Ord(5281)
Ord(3830)
Ord(5103)
Ord(2554)
Ord(2385)
Ord(4613)
Ord(4720)
Ord(2878)
Ord(3079)
Ord(652)
Ord(4387)
Ord(4420)
Ord(2055)
Ord(6054)
Ord(4837)
Ord(4340)
Ord(5241)
Ord(4129)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(2820)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4612)
Ord(5302)
Ord(4543)
Ord(2302)
Ord(4486)
Ord(364)
Ord(1841)
Ord(4529)
Ord(2535)
Ord(4241)
Ord(3640)
Ord(4698)
Ord(3996)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(4242)
Ord(1825)
Ord(860)
Ord(4531)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
__dllonexit
_setmbcp
_beginthread
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_onexit
_adjust_fdiv
__set_app_type
InsertMenuA
EmptyClipboard
GetCaretBlinkTime
UpdateWindow
DrawEdge
EnableWindow
SetCapture
FindWindowW
SendMessageA
GetClientRect
InsertMenuW
ScreenToClient
Number of PE resources by type
RT_STRING 13
RT_ICON 6
RT_GROUP_ICON 3
RT_DIALOG 2
RMVB 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 26
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
106496

ImageVersion
0.0

ProductName
FileSpy Application

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
FileSpy.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2017:01:12 18:09:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FileSpy

ProductVersion
1, 0, 0, 1

FileDescription
FileSpy MFC Application

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2003

MachineType
Intel 386 or later, and compatibles

CodeSize
268443648

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2adf

ObjectFileType
Executable application

File identification
MD5 684d2831ea7e96178adf01251d407b88
SHA1 821742f0ec69ea8f98919b861286f12aadbbc743
SHA256 07e2ef1fcbeb6514b232f8a4d36272404e767ba797d3cba97cf27961861a6b96
ssdeep
3072:7zwFE0LjkCAuZjkjocHk71Rd0+HXPdkn2:7UFEAjkeZYkV

authentihash 34bd4309bbe36d6613d6f4e1dc4ec1709908a52f556d5359b54832050c18c8c1
imphash 35aa2b974d9de7285698747491ff55bd
Размер файла 116.0 KБ ( 118784 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-17 21:35:52 UTC (7 месяцев назад)
Last submission 2017-01-17 23:29:46 UTC (7 месяцев назад)
Имена файлов bcba7abead89c12d870f57db8c97d1ba.exe
bcba7abead89c12d870f57db8c97d1ba.exe
FileSpy
07e2ef1fcbeb6514b232f8a4d36272404e767ba797d3cba97cf27961861a6b96
bcba7abead89c12d870f57db8c97d1ba.exe
bcba7abead89c12d870f57db8c97d1ba.exe
bcba7abead89c12d870f57db8c97d1ba.exe
bcba7abead89c12d870f57db8c97d1ba.exe
bcba7abead89c12d870f57db8c97d1ba.exe
bcba7abead89c12d870f57db8c97d1ba.exe
FileSpy.EXE
Advanced heuristic and reputation engines
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications