× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 5d5e36d9359992c300b78e6b1b02aa10dc098d5adda8036f6a28d6c08e1b352d
Имя файла: AvitoPoster 3FF.exe
Показатель выявления: 3 / 51
Дата анализа: 2014-03-24 18:47:23 UTC (3 лет, 8 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Avast Win32:Packed-F [Heur] 20140324
Bkav HW32.CDB.53f7 20140324
Rising PE:Malware.Packed!1.9C4E 20140324
Ad-Aware 20140324
AegisLab 20140324
Yandex 20140324
AhnLab-V3 20140324
AntiVir 20140324
Antiy-AVL 20140324
AVG 20140324
Baidu-International 20140324
BitDefender 20140324
ByteHero 20140324
CAT-QuickHeal 20140324
ClamAV 20140324
CMC 20140319
Commtouch 20140324
Comodo 20140324
DrWeb 20140324
Emsisoft 20140324
ESET-NOD32 20140324
F-Prot 20140324
F-Secure 20140324
Fortinet 20140324
GData 20140324
Ikarus 20140324
Jiangmin 20140324
K7AntiVirus 20140324
K7GW 20140324
Kaspersky 20140324
Kingsoft 20140324
Malwarebytes 20140324
McAfee 20140324
McAfee-GW-Edition 20140324
Microsoft 20140324
eScan 20140324
NANO-Antivirus 20140324
Norman 20140324
nProtect 20140324
Panda 20140324
Qihoo-360 20140324
Sophos AV 20140324
SUPERAntiSpyware 20140324
Symantec 20140324
TheHacker 20140323
TotalDefense 20140324
TrendMicro 20140324
TrendMicro-HouseCall 20140324
VBA32 20140324
VIPRE 20140324
ViRobot 20140324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
SHGetFolderPathW
SHGetFolderPathA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetThreadContext
GetLocaleInfoW
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GetStringTypeExW
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetStringTypeExA
SetLastError
WriteProcessMemory
RemoveDirectoryW
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
GetFullPathNameW
GetSystemDirectoryW
GetSystemDirectoryA
SetThreadContext
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GetCPInfo
DeleteFileW
GetProcAddress
VirtualProtectEx
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindFirstFileA
CreateDirectoryW
ResetEvent
GetTempFileNameA
FindNextFileA
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
VirtualAllocEx
lstrlenA
FindResourceW
GetThreadLocale
RemoveDirectoryA
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindNextFileW
lstrcpynA
GetACP
GetVersion
FreeResource
IsBadStringPtrW
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
CompareStringA
ZwProtectVirtualMemory
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatCurrentUserKeyPath
RtlInitAnsiString
LdrGetProcedureAddress
LdrLoadDll
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
PathMatchSpecW
CharLowerBuffW
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperW
MessageBoxA
CharLowerW
CharUpperBuffW
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 5
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
RUSSIAN 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
426496

LinkerVersion
2.25

EntryPoint
0x1000

InitializedDataSize
445952

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6038d2da290c8d2dd3153ddced8d5d6d
SHA1 cf083afe4c61f2e64638d073129eeb20e41ad36a
SHA256 5d5e36d9359992c300b78e6b1b02aa10dc098d5adda8036f6a28d6c08e1b352d
ssdeep
98304:z6UKxAk5mN1D4GK/8OE1yp1T0OwiAG+GUGtcDHwAy2vX:z6UmLEN1DLWE1yptJwVGLtNA

authentihash 6db6d360b18128d69d181fc97071227acd214ce53c8cb4d62e98088bc56acab6
imphash 25c0914e1e7dc7c3bb957d88e787a155
Размер файла 3.6 MБ ( 3742720 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-24 18:47:23 UTC (3 лет, 8 месяцев назад)
Last submission 2015-02-26 00:40:36 UTC (2 лет, 9 месяцев назад)
Имена файлов AvitoPoster 3FF.exe
AVITOPOSTER 3FF.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.