× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 3bd45aa56781f132e47247bfa4b5412cf110e8e51eaa013a2628b8e5072b0126
Имя файла: n6.exe
Показатель выявления: 11 / 48
Дата анализа: 2013-11-28 13:14:36 UTC (1 год, 8 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
AVG BackDoor.Generic17.CKIM.dropper 20131128
Ad-Aware Dropped:Trojan.Generic.9860611 20131128
BitDefender Dropped:Trojan.Generic.9860611 20131128
Emsisoft Dropped:Trojan.Generic.9860611 (B) 20131128
F-Secure Dropped:Trojan.Generic.9860611 20131128
GData Dropped:Trojan.Generic.9860611 20131128
McAfee BackDoor-FBJR!06ECB99836C5 20131128
McAfee-GW-Edition BackDoor-FBJR!06ECB99836C5 20131127
MicroWorld-eScan Dropped:Trojan.Generic.9860611 20131128
Norman Suspicious_Gen4.FGQTP 20131128
VIPRE Trojan.Win32.Generic!BT 20131128
Agnitum 20131127
AhnLab-V3 20131128
AntiVir 20131128
Antiy-AVL 20131128
Avast 20131128
Baidu-International 20131128
Bkav 20131128
ByteHero 20131127
CAT-QuickHeal 20131128
ClamAV 20131128
Commtouch 20131128
Comodo 20131128
DrWeb 20131128
ESET-NOD32 20131128
F-Prot 20131128
Fortinet 20131128
Ikarus 20131128
Jiangmin 20131128
K7AntiVirus 20131127
K7GW 20131127
Kaspersky 20131128
Kingsoft 20130829
Malwarebytes 20131128
Microsoft 20131128
NANO-Antivirus 20131128
Panda 20131128
Rising 20131128
SUPERAntiSpyware 20131127
Sophos 20131128
Symantec 20131128
TheHacker 20131127
TotalDefense 20131128
TrendMicro 20131128
TrendMicro-HouseCall 20131128
VBA32 20131127
ViRobot 20131128
nProtect 20131128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009

Publisher Microsoft Corporation
Product Microsoft® .Net Support
Original name MakeFile.exe
Internal name MakeFile.exe
File version 5.1.2600.5513
Description Microsoft® .Net Support
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-25 02:52:12
Entry Point 0x00001784
Number of sections 5
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetShortPathNameW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
HeapSetInformation
GetCurrentProcess
SetThreadPriority
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
DeleteFileW
lstrcatW
EncodePointer
GetCurrentThread
LeaveCriticalSection
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetPriorityClass
HeapAlloc
TerminateProcess
ResumeThread
CreateEventW
IsValidCodePage
HeapCreate
CreateFileW
CreateProcessW
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcAddress
GetEnvironmentVariableW
SetLastError
InterlockedIncrement
SHGetSpecialFolderPathW
keybd_event
wsprintfW
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
CHINESE SIMPLIFIED 1
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
326144

ImageVersion
0.0

ProductName
Microsoft .Net Support

FileVersionNumber
5.1.2600.5513

UninitializedDataSize
0

LanguageCode
Unknown (0009)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
MakeFile.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.5513

TimeStamp
2013:10:25 03:52:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MakeFile.exe

FileAccessDate
2013:12:10 00:25:14+01:00

ProductVersion
5.1.2600.5513

FileDescription
Microsoft .Net Support

OSVersion
5.1

FileCreateDate
2013:12:10 00:25:14+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2009

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
19456

FileSubtype
0

ProductVersionNumber
5.1.2600.5513

EntryPoint
0x1784

ObjectFileType
Executable application

File identification
MD5 06ecb99836c510701887b7331db11a46
SHA1 4f87105550290651731ec742a5a421aa081590e8
SHA256 3bd45aa56781f132e47247bfa4b5412cf110e8e51eaa013a2628b8e5072b0126
ssdeep
6144:qrQKBhWR0Jj4VB13kQBYDl7+nS/OT5euTlHG:WQKBhWRfTXYDN+nsc7l

Размер файла 338.5 KБ ( 346624 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-28 13:14:36 UTC (1 год, 8 месяцев назад)
Last submission 2013-12-02 03:13:04 UTC (1 год, 8 месяцев назад)
Имена файлов n6.exe
MakeFile.exe
15bbc6a889b52f4ef551df67deba628edb0cd3b3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections