× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 6cedff45c583ed446e1ffce2921dbea7f03e2ea1eed234657ddbd29ba57eb0d6
Имя файла: FWAccountManager.exe
Показатель выявления: 4 / 57
Дата анализа: 2015-05-18 20:19:55 UTC (4 лет назад) Показать последний анализ
Антивирус Результат Дата обновления
Bkav HW32.Packed.5C3A 20150518
DrWeb DLOADER.Trojan 20150518
Tencent Trojan.Win32.YY.Gen.31 20150518
VBA32 suspected of Trojan.Downloader.gen.h 20150517
Ad-Aware 20150518
AegisLab 20150518
Yandex 20150518
AhnLab-V3 20150518
Alibaba 20150518
ALYac 20150524
Antiy-AVL 20150518
Avast 20150518
AVG 20150518
Avira (no cloud) 20150518
AVware 20150518
Baidu-International 20150518
BitDefender 20150518
ByteHero 20150518
CAT-QuickHeal 20150518
ClamAV 20150518
CMC 20150518
Comodo 20150518
Cyren 20150518
Emsisoft 20150518
ESET-NOD32 20150518
F-Prot 20150517
F-Secure 20150518
Fortinet 20150518
GData 20150518
Ikarus 20150518
Jiangmin 20150518
K7AntiVirus 20150518
K7GW 20150518
Kaspersky 20150518
Kingsoft 20150518
Malwarebytes 20150518
McAfee 20150518
McAfee-GW-Edition 20150518
Microsoft 20150518
eScan 20150518
NANO-Antivirus 20150518
Norman 20150518
nProtect 20150518
Panda 20150518
Qihoo-360 20150525
Rising 20150518
Sophos AV 20150518
SUPERAntiSpyware 20150518
Symantec 20150518
TheHacker 20150518
TotalDefense 20150518
TrendMicro 20150518
TrendMicro-HouseCall 20150518
VIPRE 20150518
ViRobot 20150518
Zillya 20150518
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2.0.0.0
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-18 19:28:39
Entry Point 0x00129DB0
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Add
GetOpenFileNameW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
CoInitialize
VariantInit
CommandLineToArgvW
URLDownloadToFileA
VerQueryValueW
Ord(203)
Number of PE resources by type
RT_STRING 16
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
ENGLISH US 15
RUSSIAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
835584

LinkerVersion
5.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

InitializedDataSize
16384

EntryPoint
0x129db0

MIMEType
application/octet-stream

FileVersion
2.0.0.0

TimeStamp
2015:05:18 20:28:39+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
385024

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6a048201ba5986509cd42a49b0832233
SHA1 58ccd97b458fffffa3d46f421d03c494ea7c6846
SHA256 6cedff45c583ed446e1ffce2921dbea7f03e2ea1eed234657ddbd29ba57eb0d6
ssdeep
6144:WwCw7QYtNoIJUi+7HTM9Oc+Tjkq7C1TGMHncMF0:WhktNoa2AYcmkv1Tjn3e

authentihash f2caafd5d3e3a4260c5249006576e634bac8863f72bad5ca2484b5da850a88f9
imphash a19ed6411a77ad08f9c16a47c28bd47c
Размер файла 387.5 KБ ( 396800 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-05-18 20:19:55 UTC (4 лет назад)
Last submission 2016-06-30 03:00:03 UTC (2 лет, 11 месяцев назад)
Имена файлов fwaccountmanager.exe
FWAccountManager.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0502.

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests