× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 399067f363b477adf958392afd0add7a9f72afd951fe8b44842b9d8fa2abc7fe
Имя файла: 32bit_Patch_build_9.exe
Показатель выявления: 10 / 65
Дата анализа: 2018-05-13 19:20:38 UTC (1 год назад) Показать последний анализ
Антивирус Результат Дата обновления
Antiy-AVL Trojan[Exploit]/EXE.CVE-2016-0099.Generic 20180513
Avast Win32:Malware-gen 20180513
AVG Win32:Malware-gen 20180513
Bkav HW32.Packed.4F57 20180511
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180418
Cylance Unsafe 20180513
eGambit Unsafe.AI_Score_99% 20180513
ESET-NOD32 NSIS/TrojanDownloader.Agent.NXC 20180513
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazqn5YnYgrXwAFjjVXgk/IWF) 20180513
SentinelOne (Static ML) static engine - malicious 20180225
Ad-Aware 20180513
AegisLab 20180513
AhnLab-V3 20180513
Alibaba 20180511
ALYac 20180513
Arcabit 20180513
Avast-Mobile 20180513
Avira (no cloud) 20180513
AVware 20180428
Babable 20180406
Baidu 20180511
BitDefender 20180513
CAT-QuickHeal 20180513
ClamAV 20180513
CMC 20180513
Comodo 20180513
Cybereason None
Cyren 20180513
Emsisoft 20180513
Endgame 20180507
F-Prot 20180513
F-Secure 20180513
Fortinet 20180513
GData 20180513
Ikarus 20180513
Sophos ML 20180503
Jiangmin 20180513
K7AntiVirus 20180513
K7GW 20180513
Kaspersky 20180513
Kingsoft 20180513
Malwarebytes 20180513
MAX 20180513
McAfee 20180513
McAfee-GW-Edition 20180513
Microsoft 20180513
eScan 20180513
NANO-Antivirus 20180513
nProtect 20180513
Palo Alto Networks (Known Signatures) 20180513
Panda 20180513
Qihoo-360 20180513
Sophos AV 20180513
SUPERAntiSpyware 20180513
Symantec 20180512
Symantec Mobile Insight 20180511
Tencent 20180513
TheHacker 20180509
TrendMicro 20180513
TrendMicro-HouseCall 20180513
Trustlook 20180513
VBA32 20180511
VIPRE 20180513
ViRobot 20180513
Webroot 20180513
Yandex 20180511
Zillya 20180511
ZoneAlarm by Check Point 20180513
Zoner 20180512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-30 03:57:45
Entry Point 0x0000320C
Number of sections 5
PE sections
Overlays
MD5 047773c7805d1a4d30824ce43688a87e
File type data
Offset 323584
Size 2166930
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
RemoveDirectoryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCommandLineA
GetProcAddress
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GlobalLock
SetEnvironmentVariableA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 5
RT_DIALOG 3
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:01:30 04:57:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
6.0

EntryPoint
0x320c

InitializedDataSize
162816

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 be2a9981fdb9a31ab455d152881ee1aa
SHA1 72c1bbba2c7c4537225d7e74eda460ece9c22983
SHA256 399067f363b477adf958392afd0add7a9f72afd951fe8b44842b9d8fa2abc7fe
ssdeep
49152:mjBr7og/RoSE8bV+7KtHRKnhAcceL+U6rdbk8fbXpWi:SgiRoSES+7KtH4hRaUc0i

authentihash 91f0e8f207bfcc0dc54da032210c4fcf93a7e8f4904f15eff168ea9372d73779
imphash 3abe302b6d9a1256e6a915429af4ffd2
Размер файла 2.4 MБ ( 2490514 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe cve-2016-0099 exploit overlay

VirusTotal metadata
First submission 2018-05-13 19:20:38 UTC (1 год назад)
Last submission 2018-05-18 05:45:56 UTC (1 год назад)
Имена файлов 32bit_Patch_build_9.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs