× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 1684456a5b7af5d82323a07428ad07f4522304e9674d47821813a9ece8c74bda
Имя файла: goryachaya-tancploschadka-vesennyaya-2017.exe
Показатель выявления: 22 / 60
Дата анализа: 2017-06-02 03:57:19 UTC (1 год, 3 месяцев назад)
Антивирус Результат Дата обновления
Ad-Aware Gen:Variant.Application.Bundler.DlHelper.8 20170602
Arcabit Trojan.Application.Bundler.DlHelper.8 20170602
Avast Win32:Malware-gen 20170602
AVG Generic_r.TED 20170602
Avira (no cloud) TR/Crypt.XPACK.Gen 20170601
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9689 20170601
BitDefender Gen:Variant.Application.Bundler.DlHelper.8 20170602
Comodo MalCrypt.Indus! 20170602
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
DrWeb Trojan.Zadved.769 20170602
Emsisoft Application.AdLoad (A) 20170602
Endgame malicious (moderate confidence) 20170515
ESET-NOD32 a variant of Win32/Kryptik.FSWU 20170602
F-Secure Gen:Variant.Application.Bundler 20170602
Fortinet W32/Kryptik.FRXH!tr 20170602
GData Gen:Variant.Application.Bundler.DlHelper.8 20170602
Ikarus PUA.Win32.Dlhelper 20170601
Sophos ML trojan.win32.skeeyah.a!rfn 20170519
eScan Gen:Variant.Application.Bundler.DlHelper.8 20170602
Panda Trj/Genetic.gen 20170601
Rising Malware.Generic.3!tfe (thunder:3:5YmyvGXOSD) 20170602
VBA32 BScope.Rootkit-Dropper.TDSL.hm 20170601
AegisLab 20170602
AhnLab-V3 20170601
Alibaba 20170602
ALYac 20170602
Antiy-AVL 20170602
AVware 20170602
Bkav 20170601
CAT-QuickHeal 20170601
ClamAV 20170602
CMC 20170531
Cyren 20170602
F-Prot 20170602
Jiangmin 20170602
K7AntiVirus 20170601
K7GW 20170602
Kaspersky 20170602
Kingsoft 20170602
Malwarebytes 20170602
McAfee 20170602
McAfee-GW-Edition 20170602
Microsoft 20170602
NANO-Antivirus 20170602
nProtect 20170602
Palo Alto Networks (Known Signatures) 20170602
Qihoo-360 20170602
SentinelOne (Static ML) 20170516
Sophos AV 20170602
SUPERAntiSpyware 20170602
Symantec 20170601
Symantec Mobile Insight 20170601
Tencent 20170602
TheHacker 20170528
TrendMicro 20170602
TrendMicro-HouseCall 20170602
Trustlook 20170602
VIPRE 20170602
ViRobot 20170602
WhiteArmor 20170601
Yandex 20170601
Zillya 20170601
ZoneAlarm by Check Point 20170602
Zoner 20170602
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signers
[+] K.S-INVEST
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 5/17/2017
Valid to 12:59 AM 2/22/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2FF65BD75FD8A6C1640EF34E8253C478D7C7F5F5
Serial number 00 E4 0A 90 95 EC C1 56 F7 B2 BE 41 38 F5 24 B8 31
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-11 11:15:46
Entry Point 0x00264410
Number of sections 4
PE sections
Overlays
MD5 d1e0aee7df4b9e367181449a609fb5d5
File type data
Offset 6645248
Size 5848
Entropy 7.53
PE imports
CloseServiceHandle
RegDeleteValueW
OpenProcessToken
UnregisterTraceGuids
AllocateAndInitializeSid
GetTraceLoggerHandle
FlatSB_GetScrollInfo
ImageList_SetBkColor
ImageList_LoadImageW
JetRollback
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
SetStretchBltMode
GetNearestColor
GetRgnBox
GetCurrentPositionEx
MaskBlt
GetClipBox
DeleteEnhMetaFile
GetViewportOrgEx
GetBitmapBits
GetObjectType
Polygon
GetBrushOrgEx
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetPixel
EndDoc
GetObjectW
CreateDCW
RealizePalette
GetTextExtentPointW
GetDeviceCaps
GetCurrentObject
BitBlt
IntersectClipRect
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
PlayEnhMetaFile
SelectPalette
GetViewportExtEx
UnrealizeObject
SetTextAlign
ScaleViewportExtEx
CreateCompatibleDC
Escape
SetBrushOrgEx
CreateRectRgn
DeleteObject
SetWindowExtEx
GetEnhMetaFileHeader
GetTextColor
SetWindowOrgEx
DPtoLP
ExtCreatePen
GetMapMode
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
Icmp6CreateFile
GetAdaptersInfo
GetIpStatisticsEx
IcmpCreateFile
GetSystemTime
DeviceIoControl
CopyFileW
ReleaseMutex
VirtualAllocEx
CreateNamedPipeW
GetModuleFileNameW
OpenThread
GetConsoleCP
GetOEMCP
HeapDestroy
ExitProcess
DisableThreadLibraryCalls
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
VirtualQuery
FreeLibrary
HeapSetInformation
GetCurrentProcess
SwitchToThread
GetEnvironmentStrings
GetCurrentProcessId
OpenProcess
GetCommandLineW
WriteConsoleW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
CancelIo
GetCurrentThread
RaiseException
CreateThread
MapViewOfFile
TlsFree
GetDiskFreeSpaceW
GetExitCodeThread
CreateSemaphoreW
FindResourceExW
CreateMutexW
IsProcessorFeaturePresent
GetACP
GetModuleHandleW
SetEvent
GetExitCodeProcess
CreatePipe
GetTempPathW
LoadLibraryW
CreateEventW
HeapCreate
FindResourceW
GlobalAlloc
OutputDebugStringW
GetFileType
SetFileAttributesW
TlsSetValue
GetVersion
GetProcessHeap
VirtualAlloc
GetFileSize
GetLastError
GetThreadLocale
WNetGetUniversalNameW
WNetOpenEnumW
MprConfigInterfaceEnum
MprConfigTransportCreate
MprConfigServerDisconnect
MprConfigInterfaceTransportEnum
MprConfigInterfaceDelete
MprConfigInterfaceTransportRemove
NetServerGetInfo
SafeArrayRedim
SysStringLen
SafeArrayPtrOfIndex
RegisterTypeLib
VarBstrFromCy
VarBstrFromDate
SafeArrayUnaccessData
VarR8FromStr
SysAllocStringLen
SafeArrayCreate
VarBoolFromStr
VarBstrFromBool
SetErrorInfo
VarNeg
VariantInit
SafeArrayGetElement
glDisable
glClearDepth
GetPwrCapabilities
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW
RpcServerInqBindings
RpcAsyncCancelCall
NdrOleAllocate
RpcAsyncInitializeHandle
MesHandleFree
CStdStubBuffer_Connect
RpcServerInqCallAttributesW
CStdStubBuffer_Disconnect
NdrDllUnregisterProxy
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingToStringBindingW
UuidToStringW
RpcServerListen
CStdStubBuffer_DebugServerQueryInterface
RpcBindingFromStringBindingW
RpcServerUseProtseqEpW
RpcStringFreeW
NdrServerCall2
EmptyClipboard
GetMonitorInfoW
GetClassInfoExW
DrawEdge
IntersectRect
IsDlgButtonChecked
EndDialog
BeginPaint
GetClipboardData
EnumWindows
DefWindowProcW
CopyRect
GetCapture
EnableScrollBar
GetDlgCtrlID
GetPropW
CreatePopupMenu
GetDoubleClickTime
MessageBeep
DrawFrameControl
SetWindowPos
GetParent
ShowScrollBar
EnableMenuItem
IsWindow
GetWindowRect
InvertRect
EndDeferWindowPos
GetDialogBaseUnits
LoadCursorW
DialogBoxParamW
GetNextDlgTabItem
AppendMenuW
CharLowerW
SetPropW
AdjustWindowRectEx
SendDlgItemMessageW
GetWindow
PostMessageW
GetSysColor
RegisterClipboardFormatW
GetDC
GetKeyState
GetCursorPos
WaitMessage
GetIconInfo
GetMenu
MonitorFromWindow
HideCaret
BeginDeferWindowPos
IsWindowVisible
DestroyWindow
GetClientRect
SetCursorPos
RemovePropW
DrawTextW
GetWindowPlacement
SetScrollPos
FrameRect
DeleteMenu
GetSubMenu
IsClipboardFormatAvailable
CallWindowProcW
GetKeyboardState
IsDialogMessageW
TranslateMDISysAccel
MonitorFromPoint
SetWindowTextW
GetWindowTextW
SetDlgItemTextW
PostThreadMessageW
LockWindowUpdate
SendMessageTimeoutW
CreateWindowExW
CloseClipboard
SetActiveWindow
SetCursor
SetWindowRgn
PtInRect
mixerGetID
waveInClose
waveInReset
waveOutPause
mmioDescend
waveOutPrepareHeader
waveInUnprepareHeader
waveOutGetDevCapsW
OpenDriver
mmioAscend
mixerClose
waveOutGetPosition
WTHelperProvDataFromStateData
CryptCATAdminReleaseContext
WSASetEvent
WSAConnect
WSACloseEvent
freeaddrinfo
WSALookupServiceEnd
WSALookupServiceNextW
setsockopt
WSAGetLastError
WSAAsyncGetHostByName
ioctlsocket
SCardEstablishContext
SCardListReadersW
PdhGetFormattedCounterValue
Number of PE resources by type
RT_FONT 29
RT_HTML 17
RT_MENU 11
RT_ACCELERATOR 10
RT_ICON 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 68
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:07:11 12:15:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2523648

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
4120576

SubsystemVersion
5.1

EntryPoint
0x264410

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2d47d86b1dea959dba1333850e0269d3
SHA1 8e80f85160d536913bbd8962d54c6fc9efaa84e2
SHA256 1684456a5b7af5d82323a07428ad07f4522304e9674d47821813a9ece8c74bda
ssdeep
49152:avGwy6il1nRxw56DuR8wTYacZZbarb0mKhuCSs/EJq6VQ+GhXmQxRGJTx:avzIw5vhTYb+0RhNS7Jq6VGs0GJt

authentihash e85de1a69b33e9ca3cef50b297d16eb4d7ac0bf52371a1b6525cf7073a139a94
imphash 5d4f698411b612253d26ff49741fa0bf
Размер файла 6.3 MБ ( 6651096 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-06-02 03:57:19 UTC (1 год, 3 месяцев назад)
Last submission 2017-06-02 03:57:19 UTC (1 год, 3 месяцев назад)
Имена файлов goryachaya-tancploschadka-vesennyaya-2017.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications