× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 1d2471d9b53900884b9f25c31dee81e3b98d98844cae7fb5b95d1f8b27a6deb3
Имя файла: atasciipad.exe
Показатель выявления: 1 / 47
Дата анализа: 2013-11-03 15:54:00 UTC (5 лет, 1 месяц назад) Показать последний анализ
Антивирус Результат Дата обновления
Rising Trojan.Win32.Kryptik.m 20131101
Yandex 20131103
AhnLab-V3 20131103
AntiVir 20131103
Antiy-AVL 20131101
Avast 20131103
AVG 20131102
Baidu-International 20131103
BitDefender 20131103
Bkav 20131102
ByteHero 20131028
CAT-QuickHeal 20131103
ClamAV 20131103
Commtouch 20131103
Comodo 20131103
DrWeb 20131103
Emsisoft 20131103
ESET-NOD32 20131103
F-Prot 20131103
F-Secure 20131103
Fortinet 20131103
GData 20131103
Ikarus 20131103
Jiangmin 20131103
K7AntiVirus 20131101
K7GW 20131101
Kaspersky 20131101
Kingsoft 20130829
Malwarebytes 20131103
McAfee 20131103
McAfee-GW-Edition 20131103
Microsoft 20131103
eScan 20131028
NANO-Antivirus 20131103
Norman 20131103
nProtect 20131101
Panda 20131103
Sophos AV 20131103
SUPERAntiSpyware 20131103
Symantec 20131103
TheHacker 20131103
TotalDefense 20131101
TrendMicro 20131103
TrendMicro-HouseCall 20131103
VBA32 20131102
VIPRE 20131103
ViRobot 20131103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-03 05:51:20
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add
GetOpenFileNameA
GetSaveFileNameA
TextOutA
CreateFontIndirectA
GetTextMetricsA
RemoveFontMemResourceEx
SetStretchBltMode
GetObjectType
GetDeviceCaps
CreateDCA
DeleteDC
GdiGetBatchLimit
SetBkMode
SetPixel
GetPixel
BitBlt
CreateDIBSection
GdiSetBatchLimit
SetTextColor
GetObjectA
CreateBitmap
CreateFontA
GetStockObject
AddFontMemResourceEx
CreateBrushIndirect
GetDIBits
SetTextAlign
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
CreateRectRgn
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
HeapFree
EnterCriticalSection
GlobalFree
FreeLibrary
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
GlobalUnlock
LoadLibraryA
GlobalSize
DeleteCriticalSection
GetCurrentProcessId
DeleteFileA
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
SetFilePointer
ReadFile
InterlockedExchange
WriteFile
MulDiv
HeapReAlloc
GlobalLock
InitializeCriticalSection
HeapCreate
GlobalAlloc
Sleep
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
CloseHandle
strncmp
malloc
sscanf
pow
memset
fclose
strcat
_stricmp
abort
fprintf
_setjmp3
fflush
fopen
strlen
strncpy
fputc
fabs
floor
fwrite
abs
_snprintf
sprintf
memcmp
exit
sin
__p__iob
fread
longjmp
ferror
gmtime
free
ceil
getenv
memcpy
cos
strcpy
fmod
_strnicmp
strcmp
OleUninitialize
CoInitialize
OleInitialize
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
DragQueryFileA
RedrawWindow
GetForegroundWindow
DrawStateA
DestroyMenu
GetMessagePos
SetWindowPos
DispatchMessageA
EndPaint
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetWindowTextLengthA
GetActiveWindow
LoadImageA
MsgWaitForMultipleObjects
GetWindowTextA
RegisterClassExA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
GetPropA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
CharLowerA
RegisterClassA
DrawFocusRect
CreateWindowExA
FillRect
GetSysColorBrush
GetUpdateRect
CreateAcceleratorTableA
IsChild
MapWindowPoints
PostMessageA
BeginPaint
SetFocus
TrackMouseEvent
ClipCursor
DefWindowProcA
GetSystemMetrics
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
RemovePropA
SetWindowTextA
GetWindowLongA
DrawIconEx
CreateMenu
ScreenToClient
LoadCursorA
LoadIconA
DestroyAcceleratorTable
ValidateRect
GetAsyncKeyState
IntersectRect
GetWindowThreadProcessId
AppendMenuA
SetMenu
MoveWindow
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
SetCursorPos
FrameRect
InvalidateRect
DefFrameProcA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
SetCursor
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:03 06:51:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
169472

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
62976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 af99eff28dea22c8e5ebf7c17eac3a58
SHA1 2bcbfd961160bf4afe0e045ab70acb37c4ea9865
SHA256 1d2471d9b53900884b9f25c31dee81e3b98d98844cae7fb5b95d1f8b27a6deb3
ssdeep
3072:9/wJUJ8HZMlsdAiQyCgTh/6j4s5cAYzZHQ6Lm+LdHvNgbkH2VyTBfCCKL:pwqJ8SNynTJzzhQ6KoH1gbrVyTBqC

authentihash 1517015819ffff690dd3e3c0798ae98fa938eacc98e5161243ede47aa0334ab0
imphash b23b99735eb5958d8fdedfecbdf14dfb
Размер файла 226.0 KБ ( 231424 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-03 15:54:00 UTC (5 лет, 1 месяц назад)
Last submission 2018-01-29 16:09:02 UTC (10 месяцев, 2 недель назад)
Имена файлов eff24342-050d-11e8-8c15-201a06f9a87d
atasciipad.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications