× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 71398a67621234332cbcf0ac7e49b550243aa183d8595c5e230681e3cf5e37f3
Имя файла: driverpack-online.exe
Показатель выявления: 3 / 57
Дата анализа: 2015-01-13 18:03:42 UTC (4 лет назад) Показать последний анализ
Антивирус Результат Дата обновления
ClamAV Win.Trojan.Android-3 20150113
Jiangmin TrojanSpy.Zbot.hhfh 20150112
Symantec WS.Reputation.1 20150113
Ad-Aware 20150113
AegisLab 20150113
Yandex 20150113
AhnLab-V3 20150113
Alibaba 20150113
ALYac 20150113
Antiy-AVL 20150112
Avast 20150113
AVG 20150113
Avira (no cloud) 20150110
AVware 20150113
Baidu-International 20150113
BitDefender 20150113
Bkav 20150113
ByteHero 20150113
CAT-QuickHeal 20150113
CMC 20150113
Comodo 20150113
Cyren 20150113
DrWeb 20150113
Emsisoft 20150113
ESET-NOD32 20150113
F-Prot 20150113
F-Secure 20150113
Fortinet 20150111
GData 20150113
Ikarus 20150113
K7AntiVirus 20150113
K7GW 20150113
Kaspersky 20150113
Kingsoft 20150113
Malwarebytes 20150113
McAfee 20150113
McAfee-GW-Edition 20150113
Microsoft 20150113
eScan 20150113
NANO-Antivirus 20150113
Norman 20150113
nProtect 20150113
Panda 20150113
Qihoo-360 20150113
Rising 20150113
Sophos AV 20150113
SUPERAntiSpyware 20150113
Tencent 20150113
TheHacker 20150112
TotalDefense 20150113
TrendMicro 20150113
TrendMicro-HouseCall 20150113
VBA32 20150113
VIPRE 20150113
ViRobot 20150113
Zillya 20150112
Zoner 20150112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:54 AM 8/28/2014
Signers
[+] Kuzyakov Artur Vyacheslavovich IP
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 2/28/2012
Valid to 12:59 AM 2/28/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F19E8477FBA1F3DAC2752E511B3EC1D506D74C1F
Serial number 00 8E D5 EE 3D 98 5B 31 93 6D A2 4E 4A 4C C3 44 19
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-30 08:50:02
Entry Point 0x000168BF
Number of sections 4
PE sections
Overlays
MD5 10b4e95d566a8b9b33c71f4914b34d68
File type data
Offset 322048
Size 14302488
Entropy 8.00
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
PtInRect
DispatchMessageW
CopyImage
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 17
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:12:30 09:50:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90624

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
230912

SubsystemVersion
4.0

EntryPoint
0x168bf

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b4b346a375ddefe993d70c822124f187
SHA1 a35d11d9d318c43495a545d7b9e01d2acce44496
SHA256 71398a67621234332cbcf0ac7e49b550243aa183d8595c5e230681e3cf5e37f3
ssdeep
393216:ZSMISEscrcEUYglqv/ZRvCkTI6v378jxY4rsKF:pZEscrc5q5NCkT78ji4

authentihash 2518846f6873332baab3e2e755d6d98476a6d2ad3b06225f4fe78b16099e46a7
imphash 1d1577d864d2da06952f7affd8635371
Размер файла 13.9 MБ ( 14624536 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe overlay signed software-collection

VirusTotal metadata
First submission 2014-08-29 08:03:49 UTC (4 лет, 4 месяцев назад)
Last submission 2018-09-21 13:37:19 UTC (3 месяцев, 3 недель назад)
Имена файлов DriverPack-Online.exe
driverpack_online.exe
file-7473656_exe
driver pack - online (ws.reputation.1) (+).exe
DriverPack-Online[1].exe
DriverPack-Online для SAMSUNG.exe
DriverPack-Online (1).exe
filename
DriverPack-Online.exe
DriverPack-Online (1).exe
DriverPack-Online.exe
DriverPack-Online.exe
DriverPack-Online(автоматическая установка и обновление всех драйверов компа).exe
DriverPack-Online.exe
DriverPack-Online.exe
DriverPack-Online.exe
DriverPack-Online.exe
driverpack-solution-online.exe
__www_download_gg__DriverPack-Online.exe
DriverPack-Online.exe
[TN]Agent.bd96aeaa__
driverpack-solution-online.exe
DriverPack-Online.exe
driverpack-online.exe
DriverPack-Online.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications