× В вашем браузере отключены куки (cookie). Для полноценной работы веб-сайта необходимо включить сохранение файлов cookie.
SHA256: 594f0676ec35311955a49a3dcc6cd9dfb61a9a82477bcf2fda70a1d5271b8612
Имя файла: 42032e91596b619d5683e39afc7a4c2a
Показатель выявления: 25 / 46
Дата анализа: 2013-02-21 11:52:01 UTC (1 год, 1 месяц назад) Показать последний анализ
Антивирус Результат Дата обновления
AVG Generic31.BNDC 20130221
AhnLab-V3 Trojan/Win32.Tepfer 20130220
AntiVir TR/Kazy.140619.101 20130221
Avast Win32:Malware-gen 20130221
BitDefender Gen:Variant.Kazy.140619 20130221
ESET-NOD32 a variant of Win32/Kryptik.AUQH 20130221
Emsisoft Gen:Variant.Barys.52 (B) 20130221
F-Secure Gen:Variant.Kazy.140619 20130221
Fortinet W32/Kryptik.XUW!tr 20130221
GData Gen:Variant.Kazy.140619 20130221
Ikarus Backdoor.Win32.Kelihos 20130221
Kaspersky Trojan-Downloader.Win32.Agent.xttr 20130221
Malwarebytes Malware.Packer.DLR3 20130221
McAfee Artemis!42032E91596B 20130221
McAfee-GW-Edition Artemis!42032E91596B 20130221
MicroWorld-eScan Gen:Variant.Kazy.140619 20130221
Microsoft Trojan:Win32/Dynamer!dtc 20130221
Norman Kelihos.KEW 20130221
PCTools Email-Worm.Waledac 20130219
Panda Trj/CI.A 20130221
Sophos Mal/Generic-S 20130221
Symantec W32.Waledac.D!gen4 20130221
TrendMicro TROJ_GEN.FFFCBBI 20130221
TrendMicro-HouseCall TROJ_GEN.FFFCBBI 20130221
VIPRE Trojan.Win32.Generic!BT 20130221
Agnitum 20130220
Antiy-AVL 20130220
ByteHero 20130221
CAT-QuickHeal 20130221
ClamAV 20130221
Commtouch 20130221
Comodo 20130221
DrWeb 20130221
F-Prot 20130221
Jiangmin 20130221
K7AntiVirus 20130220
Kingsoft 20130204
NANO-Antivirus 20130221
Rising 20130205
SUPERAntiSpyware 20130221
TheHacker 20130221
TotalDefense 20130221
VBA32 20130221
ViRobot 20130221
eSafe 20130211
nProtect 20130221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher 8ABxT
Product busMzJX
Original name VBNb9GxAGBQ
Internal name udrEwyGM8
File version 194.232.51949.15694
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-22 11:53:41
Link date 12:53 PM 4/22/2012
Entry Point 0x0000229C
Number of sections 4
PE sections
PE imports
_mbsset
_ismbblead
_spawnle
memset
abort
strftime
__mb_cur_max_dll
wcsxfrm
_osversion_dll
strpbrk
_tempnam
_mbsupr
sqrt
modf
_setsystime
free
_commit
_mbscat
strncpy
GetLastError
SetHandleCount
GetOverlappedResult
HeapSummary
SetConsoleMaximumWindowSize
GetTickCount
IsBadWritePtr
GetFileAttributesW
LockFile
GlobalUnfix
EnumSystemLocalesA
DebugActiveProcessStop
GetNamedPipeHandleStateA
CreateDirectoryW
GetUserDefaultLCID
GetProfileIntA
CompareStringW
FindFirstVolumeW
LoadLibraryW
GetExitCodeThread
WaitNamedPipeA
EnumResourceTypesW
FindNextFileA
SetLocalTime
SetHandleInformation
CmdBatNotification
GetFileAttributesExW
GlobalFlags
GlobalHandle
BaseCheckAppcompatCache
GetStringTypeExA
SetLastError
SetVolumeMountPointW
?Clear@SC@mmcerror@@QAEXXZ
?AddRef@CMMCStrongReferences@@SGKXZ
?FormatErrorString@@YGXPBGVSC@mmcerror@@IPAGH@Z
??BSC@mmcerror@@QBE_NXZ
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
??8SC@mmcerror@@QBE_NJ@Z
?Lock@CEventBuffer@@QAEXXZ
?GetHelpID@SC@mmcerror@@QAEKXZ
?GetCode@SC@mmcerror@@QBEJXZ
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?FormatErrorShort@@YGXVSC@mmcerror@@IPAG@Z
LsEnumLine
LsdnFinishDeleteAll
LsdnGetCurTabInfo
LsPointUV2FromPointUV1
LssbGetNumberDnodesInSubline
LsGetRubyLsimethods
LsdnGetDup
LsQueryTextCellDetails
LsEnumSubline
LsSetCompression
LsQueryLineDup
LsSqueezeSubline
LsdnSetAbsBaseLine
LsDestroyLine
LsGetTatenakayokoLsimethods
LsLwMultDivR
LsFindNextBreakSubline
LsGetMinDurBreaks
LsSetExpansion
LsSetDoc
LsdnQueryObjDimRange
LsCreateLine
LsQueryPointPcpSubline
LsFinishCurrentSubline
LsModifyLineHeight
LsdnSubmitSublines
LsGetSpecialEffectsSubline
LsQueryCpPpointSubline
LsdnResetObjDim
LsPointXYFromPointUV
_winminor
wcstoul
__wargv
__p__acmdln
??_Fbad_typeid@@QAEXXZ
_CIcosh
_amsg_exit
_mbsrchr
_control87
_mbscmp
_wcsnicoll
_chgsign
??_Ebad_cast@@UAEPAXI@Z
exit
_filelength
_mbsspnp
__p__commode
_splitpath
ceil
_putw
__getmainargs
_wsetlocale
perror
fabs
_getdllprocaddr
_sys_nerr
_adj_fdivr_m32i
_beginthreadex
__set_app_type
SaslEnumerateProfilesW
ApplyControlToken
LsaUnregisterPolicyChangeNotification
ImpersonateSecurityContext
GetUserNameExA
LsaGetLogonSessionData
QueryContextAttributesA
LsaCallAuthenticationPackage
QueryCredentialsAttributesW
LsaLookupAuthenticationPackage
LsaLogonUser
CredUnmarshalTargetInfo
SetContextAttributesA
SealMessage
EnumerateSecurityPackagesA
TranslateNameW
SaslInitializeSecurityContextW
ImportSecurityContextA
AcquireCredentialsHandleA
GetComputerObjectNameA
SecpFreeMemory
EncryptMessage
FreeCredentialsHandle
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
Extend
Format
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
??0NTFS_MFT_FILE@@QAE@XZ
??0NTFS_FRS_STRUCTURE@@QAE@XZ
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
??0NTFS_REFLECTED_MASTER_FILE_TABLE@@QAE@XZ
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
??1NTFS_LOG_FILE@@UAE@XZ
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
??0NTFS_UPCASE_FILE@@QAE@XZ
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
??1NTFS_MFT_INFO@@UAE@XZ
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ
EndDialog
Number of PE resources by type
RT_STRING 4
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
JAPANESE NEUTRAL 3
DANISH NEUTRAL 1
ENGLISH CAN 1
FRENCH 1
FRENCH SWISS 1
NEUTRAL DEFAULT 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.0.29488.10580

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
18432

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

FileVersion
194.232.51949.15694

TimeStamp
2012:04:22 12:53:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
udrEwyGM8

ProductVersion
235.237.9370.63789

SubsystemVersion
5.0

OSVersion
5.0

OriginalFilename
VBNb9GxAGBQ

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
8ABxT

CodeSize
26112

ProductName
busMzJX

ProductVersionNumber
15.0.29488.10580

EntryPoint
0x229c

ObjectFileType
Executable application

File identification
MD5 42032e91596b619d5683e39afc7a4c2a
SHA1 dd1e514e8e4732afe13be8d569a0472ecdf4ac23
SHA256 594f0676ec35311955a49a3dcc6cd9dfb61a9a82477bcf2fda70a1d5271b8612
ssdeep
768:Seg08j3l1wyy9G9aEfbhQUcq0+VQ2U9SlYwklgfN:kfwyy9GQ6KUXfVdU9mkl4N

File size 44.5 KБ ( 45568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-18 21:13:07 UTC (1 год, 2 месяцев назад)
Last submission 2013-10-28 20:41:56 UTC (5 месяцев, 3 недель назад)
Имена файлов 42032e91596b619d5683e39afc7a4c2a
faf7f7401913b28761d1c3ce65650951b2e2cc4e
VBNb9GxAGBQ
42032e91596b619d5683e39afc7a4c2a
vti-rescan
udrEwyGM8
Нет комментариев. Из участников сообщества VirusTotal пока ещё никто не оставил комментарий по поводу данного анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Пока ещё никто не проголосовал за данный анализ. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications