× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 70adf25a4225ce9e28f65044add5c2410197e14318274769c31633e5549e8862
Имя файла: Check Browsers LNK.exe
Показатель выявления: 1 / 60
Дата анализа: 2017-06-22 18:33:41 UTC (1 год, 11 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Avira (no cloud) TR/Crypt.XPACK.Gen 20170622
Ad-Aware 20170622
AegisLab 20170622
AhnLab-V3 20170622
Alibaba 20170622
ALYac 20170622
Antiy-AVL 20170622
Arcabit 20170622
Avast 20170622
AVG 20170622
AVware 20170622
Baidu 20170622
BitDefender 20170622
CAT-QuickHeal 20170622
ClamAV 20170622
CMC 20170619
Comodo 20170622
CrowdStrike Falcon (ML) 20170420
Cyren 20170622
DrWeb 20170622
Emsisoft 20170622
Endgame 20170615
ESET-NOD32 20170622
F-Prot 20170622
F-Secure 20170622
Fortinet 20170622
GData 20170622
Ikarus 20170622
Sophos ML 20170607
Jiangmin 20170622
K7AntiVirus 20170622
K7GW 20170622
Kaspersky 20170622
Kingsoft 20170622
Malwarebytes 20170622
McAfee 20170622
McAfee-GW-Edition 20170622
Microsoft 20170622
eScan 20170622
NANO-Antivirus 20170622
nProtect 20170622
Palo Alto Networks (Known Signatures) 20170622
Panda 20170622
Qihoo-360 20170622
Rising 20170622
SentinelOne (Static ML) 20170516
Sophos AV 20170622
SUPERAntiSpyware 20170622
Symantec 20170622
Symantec Mobile Insight 20170621
Tencent 20170622
TheHacker 20170621
TrendMicro 20170622
TrendMicro-HouseCall 20170622
Trustlook 20170622
VBA32 20170622
VIPRE 20170622
ViRobot 20170622
Webroot 20170622
WhiteArmor 20170616
Yandex 20170622
Zillya 20170622
ZoneAlarm by Check Point 20170622
Zoner 20170622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Alex Dragokas

Product CheckBrowsersLNK
Original name Check Browsers LNK.exe
Internal name Check Browsers LNK
File version 2.2.0.16
Description Программа для проверки ярлыков браузеров на наличие вредоносных ссылок.
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:15 PM 9/30/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-22 18:03:38
Entry Point 0x00009DA4
Number of sections 3
PE sections
Overlays
MD5 879d7c1269a202b6b5c427c8b8f4c732
File type data
Offset 1265664
Size 3240
Entropy 7.36
PE imports
LocalFree
lstrlenW
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaVargObjAddref
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(616)
EVENT_SINK_Invoke
Ord(527)
_adj_fprem
Ord(558)
__vbaAryMove
__vbaObjVar
__vbaForEachVar
__vbaRedimPreserve
Ord(693)
__vbaStopExe
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRefVarAry
__vbaRecDestruct
__vbaCopyBytes
__vbaRaiseEvent
__vbaCyMul
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaUI1I2
__vbaObjSetAddref
__vbaFixstrConstruct
__vbaMidStmtBstr
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
__vbaRecAssign
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaFpCmpCy
__vbaI4Var
Ord(601)
__vbaAryCopy
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
Ord(631)
__vbaVarNot
__vbaStrI2
__vbaStrI4
__vbaBoolErrVar
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(648)
Ord(516)
__vbaStrVarCopy
__vbaR8Cy
Ord(320)
__vbaNextEachVar
__vbaI4Str
Ord(607)
__vbaLenBstr
Ord(525)
__vbaResume
__vbaNextEachCollAd
Ord(594)
Ord(561)
__vbaHresultCheck
__vbaStrToUnicode
Ord(553)
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaI4ErrVar
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaPowerR8
__vbaUbound
Ord(564)
__vbaFreeVar
__vbaBoolVarNull
Ord(556)
__vbaVargVarMove
__vbaLbound
__vbaForEachAry
__vbaFileOpen
__vbaStrCy
Ord(319)
Ord(321)
Ord(526)
__vbaStrR4
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarSetVarAddref
__vbaVarTstEq
Ord(593)
Ord(716)
Ord(539)
Ord(711)
__vbaFpCSngR4
__vbaOnError
_adj_fdivr_m32i
Ord(543)
__vbaInStrVar
__vbaStrCat
__vbaVarDup
__vbaStrLike
__vbaNextEachAry
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaI4Cy
__vbaErase
__vbaBoolVar
__vbaStrComp
Ord(697)
Ord(661)
Ord(710)
Ord(560)
__vbaVarAbs
__vbaAryVarVarg
__vbaFreeObjList
__vbaVarCmpGt
__vbaVarIndexLoad
EVENT_SINK_GetIDsOfNames
Ord(666)
Ord(538)
__vbaFreeVarList
__vbaR4ErrVar
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
Ord(542)
Ord(618)
Zombie_GetTypeInfo
__vbaVarOr
__vbaVarTstNe
__vbaFailedFriend
__vbaLateMemCallLd
__vbaCySub
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaFpCSngR8
Ord(660)
__vbaVarTstGt
__vbaVarIdiv
_CIcos
EVENT_SINK2_AddRef
__vbaDateVar
Ord(685)
Ord(612)
Ord(528)
__vbaR4Cy
__vbaStrErrVarCopy
__vbaExitEachVar
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(537)
__vbaStrCompVar
Ord(698)
Ord(563)
_adj_fdiv_m32
Ord(535)
Ord(712)
__vbaCyI2
__vbaLenVar
__vbaCyI4
__vbaEnd
__vbaVarZero
__vbaPutOwner3
__vbaVarCat
__vbaLateMemSt
__vbaVarIndexStore
_adj_fpatan
EVENT_SINK_AddRef
Ord(547)
__vbaVarIndexLoadRefLock
Ord(652)
__vbaObjIs
__vbaVarVargNofree
Ord(591)
Ord(681)
__vbaFileCloseAll
__vbaCVarAryUdt
__vbaStr2Vec
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVar2Vec
__vbaVarAdd
Ord(100)
Ord(544)
__vbaCastObjVar
Ord(519)
__vbaNextEachCollObj
__vbaUI1I4
__vbaStrBool
_CIsin
_CIsqrt
__vbaVarCopy
__vbaLenBstrB
__vbaStrCopy
__vbaBoolStr
_CIatan
Ord(662)
__vbaLateMemCall
Ord(573)
Ord(529)
__vbaPut3
__vbaObjSet
__vbaVarCmpLt
Ord(644)
__vbaDateR8
__vbaForEachCollAd
EVENT_SINK2_Release
_CIexp
__vbaUnkVar
__vbaStrToAnsi
Ord(632)
_CItan
__vbaFpI4
Ord(598)
Ord(545)
PathRemoveFileSpecW
Number of PE resources by type
CUSTOM 8
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
CodeSize
851968

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
2.2.0.16

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
.

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
409600

EntryPoint
0x9da4

OriginalFileName
Check Browsers LNK.exe

MIMEType
application/octet-stream

LegalCopyright
Alex Dragokas

FileVersion
2.2.0.16

TimeStamp
2017:06:22 19:03:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Check Browsers LNK

ProductVersion
2.2.0.16

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alex Dragokas

LegalTrademarks
Alex Dragokas

ProductName
CheckBrowsersLNK

ProductVersionNumber
2.2.0.16

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dd1fcca18eb2a462c897ec0ce6a6594f
SHA1 fa568dca921651584d90cbcf630a9c5dbcf25494
SHA256 70adf25a4225ce9e28f65044add5c2410197e14318274769c31633e5549e8862
ssdeep
24576:Oz6MA8lMa+uUpHZq9kT7fkj4CKKYcXezLSH6w456IMjBgqBnv6v7t:q6QlMaV9kT7fkj4C6xz2re7

authentihash 81c12b98a5f2ce529cb83996098321a99f9b53a30664bb6c3bc47b643bed27b5
imphash 6854c641df432adaea0f029815db6adf
Размер файла 1.2 MБ ( 1268904 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (62.9%)
Win32 Executable MS Visual C++ (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
OS/2 Executable (generic) (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-06-22 18:33:41 UTC (1 год, 11 месяцев назад)
Last submission 2018-09-30 15:15:23 UTC (7 месяцев, 3 недель назад)
Имена файлов check-browsers-lnk_2.2.0.16.exe
594f.vir
check-browsers-lnk_2.2.0.16.exe
check-browsers-lnk_2.2.0.16.exe
70ADF25A4225CE9E28F65044ADD5C2410197E14318274769C31633E5549E8862.exe
Check Browsers LNK
check-browsers-lnk_2.2.0.16.exe
check-browsers-lnk_2.2.0.16 (1).exe
Check Browsers LNK.exe
check-browsers-lnk_2.2.0.16.exe
Check_browsers_LNK.exe
dd1fcca18eb2a462c897ec0ce6a6594f.vir
Check_Browsers_LNK.exe
check-browsers-lnk_2.2.0.16.exe
Check Browsers LNK.exe
check-browsers-lnk_2.2.0.16.exe
check-browsers-lnk_2.2.0.16.exe
check-browsers-lnk_2.2.0.16.exe
check-browsers-lnk_2.2.0.16.exe
check-browsers-lnk_2.2.0.16.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications