× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 85e16956c07f2a710c5e7a10b8916c70aeff4846f42f28812133c984a20593c2
Имя файла: stinger32 downld 10-4-2014.exe
Показатель выявления: 1 / 54
Дата анализа: 2014-10-04 15:33:18 UTC (3 лет, 3 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
CMC Trojan.Win32.VBKrypt!O 20141004
Ad-Aware 20141004
AegisLab 20141004
Yandex 20141003
AhnLab-V3 20141004
Antiy-AVL 20141004
Avast 20141004
AVG 20141004
Avira (no cloud) 20141004
AVware 20141004
Baidu-International 20141004
BitDefender 20141004
Bkav 20141003
ByteHero 20141004
CAT-QuickHeal 20141004
ClamAV 20141004
Comodo 20141004
Cyren 20141004
DrWeb 20141004
Emsisoft 20141004
ESET-NOD32 20141004
F-Prot 20141004
F-Secure 20141004
Fortinet 20141004
GData 20141004
Ikarus 20141004
Jiangmin 20141003
K7AntiVirus 20141004
K7GW 20141004
Kaspersky 20141004
Kingsoft 20141004
Malwarebytes 20141004
McAfee 20141004
McAfee-GW-Edition 20141003
Microsoft 20141004
eScan 20141004
NANO-Antivirus 20141004
Norman 20141004
nProtect 20141002
Panda 20141004
Qihoo-360 20141004
Rising 20141003
Sophos AV 20141004
SUPERAntiSpyware 20141004
Symantec 20141004
Tencent 20141004
TheHacker 20141001
TotalDefense 20141001
TrendMicro 20141004
VBA32 20141004
VIPRE 20141004
ViRobot 20141004
Zillya 20141003
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright© 2014, McAfee, Inc. All Rights Reserved.

Product McAfee Stinger
Original name Stinger.exe
Internal name Stinger.exe
File version 12.1.0.1123
Description McAfee Stinger
Signature verification Signed file, verified signature
Signing date 7:41 AM 10/3/2014
Signers
[+] McAfee
Status Valid
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/5/2014
Valid to 12:59 AM 3/5/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D37F61D57CB0481F3D77EDAC7DE72196C4314E2C
Serial number 5D C9 8B 9A DD 1B 30 09 09 83 CB E5 3B 9E 64 06
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-03 06:35:25
Entry Point 0x01434547
Number of sections 3
PE sections
Overlays
MD5 fa5187d97cc512ad83e8637c1a249547
File type data
Offset 11042304
Size 6512
Entropy 7.30
PE imports
IsValidSid
ImageList_Destroy
Ord(20)
LPtoDP
ImmGetContext
GetProcAddress
GetModuleHandleA
AlphaBlend
LresultFromObject
SafeArrayGetElemsize
UuidCreate
Ord(165)
PathIsUNCW
IsAppThemed
PlaySoundW
OpenPrinterW
WinVerifyTrust
GdipFree
DoDragDrop
OleUIBusyW
PE exports
Number of PE resources by type
RT_RCDATA 22
RT_CURSOR 16
RT_GROUP_CURSOR 15
PNG 15
RT_STRING 13
RT_HTML 7
RT_ICON 5
RT_DIALOG 4
GIF 3
RT_BITMAP 3
RT_MANIFEST 1
RT_MENU 1
CSS 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 108
PE resources
ExifTool file metadata
SpecialBuild
5610-1040

SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.1.0.1123

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
McAfee Stinger

CharacterSet
Unicode

InitializedDataSize
15669248

EntryPoint
0x1434547

OriginalFileName
Stinger.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014, McAfee, Inc. All Rights Reserved.

FileVersion
12.1.0.1123

TimeStamp
2014:10:03 07:35:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Stinger.exe

ProductVersion
12.1.0.1123

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
McAfee Inc

CodeSize
5493248

ProductName
McAfee Stinger

ProductVersionNumber
12.1.0.1123

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 233de9aa08c97ae71566460d9a6d04aa
SHA1 020576fd381d3671e7f12cbbd092ad588c55b4d9
SHA256 85e16956c07f2a710c5e7a10b8916c70aeff4846f42f28812133c984a20593c2
ssdeep
196608:d00B1hy7/b04Z0g9k7YMiQi65tOxdF+m8RBs1FyS/xcZk1vE1xqrGUgN:+0B1WA4Z0g6SQi65tSvB8RB2/xB1AWGh

authentihash 19dfc93bc67913597c0da6b2bcbdf17d4efe7cbb0d3cf4b8adb2c29e0ed352ed
imphash eccc826d3dd6d5bc5e66e06fe8b2774f
Размер файла 10.5 MБ ( 11048816 bytes )
Тип файла Win32 EXE
Описание
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-10-03 12:30:38 UTC (3 лет, 3 месяцев назад)
Last submission 2014-10-06 14:28:00 UTC (3 лет, 3 месяцев назад)
Имена файлов stinger32.exe
Stinger.exe
stinger32 downld 10-4-2014.exe
stinger32.exe
stinger32 (1).exe
file-7546009_exe
stinger32.exe
stinger32.exe
stinger32.exe
stinger32(1).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.