× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 68d3e89cbe6094f41062d3c4176ac83cb432e30d13722f92cb2bc13002ed63b4
Имя файла: FT Like.exe
Показатель выявления: 0 / 46
Дата анализа: 2013-04-03 09:55:07 UTC (4 лет, 4 месяцев назад)
Антивирус Результат Дата обновления
Yandex 20130402
AhnLab-V3 20130402
AntiVir 20130403
Antiy-AVL 20130403
Avast 20130403
AVG 20130402
BitDefender 20130403
ByteHero 20130322
CAT-QuickHeal 20130403
ClamAV 20130403
Commtouch 20130403
Comodo 20130403
DrWeb 20130403
Emsisoft 20130403
eSafe 20130328
ESET-NOD32 20130403
F-Prot 20130403
F-Secure 20130403
Fortinet 20130403
GData 20130403
Ikarus 20130403
Jiangmin 20130331
K7AntiVirus 20130402
Kaspersky 20130403
Kingsoft 20130401
Malwarebytes 20130403
McAfee 20130403
McAfee-GW-Edition 20130403
Microsoft 20130403
eScan 20130403
NANO-Antivirus 20130403
Norman 20130403
nProtect 20130403
Panda 20130402
PCTools 20130403
Rising 20130403
Sophos AV 20130403
SUPERAntiSpyware 20130403
Symantec 20130403
TheHacker 20130402
TotalDefense 20130403
TrendMicro 20130403
TrendMicro-HouseCall 20130403
VBA32 20130402
VIPRE 20130403
ViRobot 20130403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product FT Like
Original name FT Like
Internal name FT Like
File version 1.0.0.0
Description http://freelancers-tools.com
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00204FB0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawDibEnd
RegFlushKey
ImageList_Add
PrintDlgA
SaveDC
OleDraw
VariantCopy
DragFinish
VerQueryValueA
PlaySoundA
OpenPrinterA
Number of PE resources by type
RT_BITMAP 52
RT_STRING 31
RT_RCDATA 17
RT_GROUP_CURSOR 11
RT_CURSOR 11
RT_ICON 10
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 76
ENGLISH US 60
PE resources
ExifTool file metadata
CodeSize
643072

InitializedDataSize
106496

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FT Like

SubsystemVersion
4.0

UninitializedDataSize
1474560

OSVersion
4.0

FileOS
Win32

MachineType
Intel 386 or later, and compatibles

FileSubtype
0

ProductVersionNumber
5.7.1.32767

EntryPoint
0x204fb0

ObjectFileType
Executable application

File identification
MD5 0030a3b48da2879ab854992632cdeeff
SHA1 8151f084ef52cabf100805015ffac1e8f4db29ba
SHA256 68d3e89cbe6094f41062d3c4176ac83cb432e30d13722f92cb2bc13002ed63b4
ssdeep
24576:pgheEzRSx9oD6AyEg5ydzcrjCpe406jxhAl5D:pghXolANVdosi

Размер файла 773.6 KБ ( 792146 bytes )
Тип файла Win32 EXE
Описание
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda's Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-03 09:55:07 UTC (4 лет, 4 месяцев назад)
Last submission 2013-04-03 09:55:07 UTC (4 лет, 4 месяцев назад)
Имена файлов FT Like
FT Like.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Code injections in the following processes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications