× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 14dec42f6dc32f5ab48b144bd136a4eda3228517c35eac6e3c6cb57331aa1176
Имя файла: televizor.appx.exe
Показатель выявления: 14 / 57
Дата анализа: 2015-02-27 12:50:43 UTC (4 лет, 2 месяцев назад)
Антивирус Результат Дата обновления
Antiy-AVL Trojan/Win32.TSGeneric 20150227
Avast Win32:Adware-CIV [PUP] 20150227
AVG Generic.249 20150227
Avira (no cloud) APPL/Downloader.Gen7 20150227
AVware Amonetize (fs) 20150226
DrWeb Trojan.DownLoader12.19548 20150227
ESET-NOD32 a variant of Win32/Dlhelper.C potentially unwanted 20150227
K7AntiVirus Unwanted-Program ( 0040fa1b1 ) 20150227
K7GW Unwanted-Program ( 0040fa1b1 ) 20150227
NANO-Antivirus Trojan.Win32.Agent.dnqqwx 20150227
TotalDefense Win32/Tnega.FPReKdC 20150227
VBA32 Downloader.Agent 20150227
VIPRE Amonetize (fs) 20150227
Zillya Downloader.Agent.Win32.237223 20150226
Ad-Aware 20150227
AegisLab 20150227
Yandex 20150226
AhnLab-V3 20150227
Alibaba 20150225
ALYac 20150227
Baidu-International 20150227
BitDefender 20150227
Bkav 20150227
ByteHero 20150227
CAT-QuickHeal 20150227
ClamAV 20150227
CMC 20150227
Comodo 20150227
Cyren 20150227
Emsisoft 20150227
F-Prot 20150227
F-Secure 20150227
Fortinet 20150227
GData 20150227
Ikarus 20150227
Jiangmin 20150226
Kaspersky 20150227
Kingsoft 20150227
Malwarebytes 20150227
McAfee 20150227
McAfee-GW-Edition 20150227
Microsoft 20150227
eScan 20150227
Norman 20150227
nProtect 20150227
Panda 20150227
Qihoo-360 20150227
Rising 20150227
Sophos AV 20150227
SUPERAntiSpyware 20150227
Symantec 20150227
Tencent 20150227
TheHacker 20150225
TrendMicro 20150227
TrendMicro-HouseCall 20150227
ViRobot 20150227
Zoner 20150227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher BERSHNET LLC
File version 1.7.0.0
Signature verification Signed file, verified signature
Signers
[+] BERSHNET LLC
Status Valid
Issuer None
Valid from 1:00 AM 2/6/2015
Valid to 12:59 AM 2/7/2016
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 8FD9B51AF78DAE3486467C5A56E87D16B143C738
Serial number 00 9E CD 8B F5 AA 82 9B C5 1F 2B 42 45 45 EC 46 18
[+] COMODO RSA Code Signing CA
Status Valid
Issuer None
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.12
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO
Status Valid
Issuer None
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm 1.2.840.113549.1.1.12
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-01 11:56:36
Entry Point 0x00344190
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
IsValidSid
ImageList_Add
AlphaBlend
IsEqualGUID
VariantCopy
ShellExecuteW
VerQueryValueW
InternetOpenW
timeGetTime
Number of PE resources by type
RT_STRING 48
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_RCDATA 6
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 53
ENGLISH US 25
PE resources
ExifTool file metadata
UninitializedDataSize
2113536

InitializedDataSize
98304

ImageVersion
0.0

FileVersionNumber
1.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

FileVersion
1.7.0.0

TimeStamp
2015:02:01 12:56:36+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.7.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1310720

FileSubtype
0

ProductVersionNumber
1.7.0.0

EntryPoint
0x344190

ObjectFileType
Executable application

File identification
MD5 335f59a7b6406e3e5e7f09a0f0f4b024
SHA1 929f0de226cd079af6672b27057abbc88d5ecde7
SHA256 14dec42f6dc32f5ab48b144bd136a4eda3228517c35eac6e3c6cb57331aa1176
ssdeep
24576:RoGWY3BPU4MaESg3d5/3kHchOu01SRVdLLB9Ei7RVdg/BAJDT18KE2o:JWsES85/3Jhz0QRDIilVdXJvWKEr

authentihash f5cd8323d568505a305613df15f3ea2678d4ffc744aeaee26bc68d24a820e03c
imphash f138e2e5ed3bec4e24108a37f8210cf0
Размер файла 1.3 MБ ( 1410552 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (45.1%)
Win32 EXE Yoda's Crypter (39.2%)
Win32 Executable (generic) (6.6%)
Win16/32 Executable Delphi generic (3.0%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx signed

VirusTotal metadata
First submission 2015-02-27 12:50:43 UTC (4 лет, 2 месяцев назад)
Last submission 2015-02-27 12:50:43 UTC (4 лет, 2 месяцев назад)
Имена файлов televizor.appx.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications