× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 5c57de690bf75f039367d17753b9379c3f05b3d2c78358d725a7d882c3b8916f
Имя файла: BF.4-Unlocker.exe
Показатель выявления: 20 / 56
Дата анализа: 2017-02-03 06:23:12 UTC (1 год, 10 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
AVware Trojan.Win32.Generic!BT 20170203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9934 20170125
Bkav [Microsoft Visual C++ 8] 20170203
CrowdStrike Falcon (ML) malicious_confidence_72% (W) 20170130
Cyren W32/Trojan.SAUH-5287 20170202
Emsisoft Riskware.Win32.GameHack (A) 20170203
ESET-NOD32 a variant of Win32/HackTool.CheatEngine.AF potentially unsafe 20170203
Fortinet W32/Generic.AC.17F472!tr 20170203
GData Win32.Riskware.Hacktool.D 20170203
Sophos ML trojan.win32.swrort.a 20170111
Jiangmin TrojanDropper.Injector.aqkx 20170203
K7AntiVirus Unwanted-Program ( 004ba1a41 ) 20170203
K7GW Unwanted-Program ( 004ba1a41 ) 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170203
Malwarebytes CheatTool.CETTrainer 20170203
McAfee Artemis!402834E741EA 20170203
McAfee-GW-Edition BehavesLike.Win32.PUPXAR.rc 20170203
Symantec Trojan.Gen.8 20170202
VIPRE Trojan.Win32.Generic!BT 20170203
Yandex HackTool.CheatEngine!h2lP7QG9eRI 20170203
Ad-Aware 20170203
AegisLab 20170203
AhnLab-V3 20170202
Alibaba 20170122
ALYac 20170203
Antiy-AVL 20170203
Arcabit 20170203
Avast 20170203
AVG 20170202
Avira (no cloud) 20170202
BitDefender 20170203
CAT-QuickHeal 20170202
ClamAV 20170203
CMC 20170202
Comodo 20170203
DrWeb 20170203
F-Prot 20170203
F-Secure 20170203
Ikarus 20170202
Kingsoft 20170203
Microsoft 20170203
eScan 20170203
NANO-Antivirus 20170202
nProtect 20170203
Panda 20170202
Qihoo-360 20170203
Rising 20170203
Sophos AV 20170203
SUPERAntiSpyware 20170203
Tencent 20170203
TheHacker 20170202
TrendMicro 20170203
TrendMicro-HouseCall 20170203
Trustlook 20170203
VBA32 20170202
ViRobot 20170203
WhiteArmor 20170202
Zillya 20170201
Zoner 20170203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-28 14:45:44
Entry Point 0x000015EB
Number of sections 5
PE sections
PE imports
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
LoadLibraryA
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetConsoleCP
LeaveCriticalSection
LCMapStringW
SetFilePointer
GetTempPathA
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetEnvironmentStrings
CreateProcessA
LCMapStringA
WriteConsoleA
IsValidCodePage
LoadResource
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
PathRemoveFileSpecA
PathAddBackslashA
PathStripPathA
MessageBoxA
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:06:28 15:45:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36352

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15eb

InitializedDataSize
5128704

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 402834e741eabc38077e3fda3a3f8023
SHA1 815fc4db5653b9b040c48aa8d7ca2679708c0403
SHA256 5c57de690bf75f039367d17753b9379c3f05b3d2c78358d725a7d882c3b8916f
ssdeep
98304:mfNTfJX3G9lW916Z++9QA0bNIpwnOBvQ8jKp/W/eyjG4B9a89z:mfNLJX3YY9161NMIpqO5Qkk/W/PxB9TJ

authentihash 419bd8f23f22b26ab5908c2bb5082470384456b6c8344eca7d8d3a0572f22ba7
imphash 8d92fa1956a6a631c642190121740197
Размер файла 4.9 MБ ( 5166080 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-26 00:37:24 UTC (2 лет, 1 месяц назад)
Last submission 2018-08-30 13:47:37 UTC (3 месяцев, 2 недель назад)
Имена файлов BF.4-Unlocker.EXE
bf.4-unlocker.exe
BF.4-Unlocker.exe
at.exe
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Runtime DLLs
UDP communications