× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 922bf517c0bc117c416e879f746815b438d3a5d3b851d0c6f503468067718591
Имя файла: 11.exe
Показатель выявления: 1 / 50
Дата анализа: 2014-02-17 16:57:27 UTC (3 лет, 9 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Qihoo-360 Malware.QVM05.Gen 20140217
Ad-Aware 20140217
Yandex 20140216
AhnLab-V3 20140217
AntiVir 20140217
Antiy-AVL 20140217
Avast 20140217
AVG 20140217
Baidu-International 20140217
BitDefender 20140217
Bkav 20140217
ByteHero 20140217
CAT-QuickHeal 20140217
ClamAV 20140217
CMC 20140213
Commtouch 20140217
Comodo 20140217
DrWeb 20140217
Emsisoft 20140217
ESET-NOD32 20140217
F-Prot 20140215
F-Secure 20140216
Fortinet 20140217
GData 20140217
Ikarus 20140217
Jiangmin 20140217
K7AntiVirus 20140217
K7GW 20140217
Kaspersky 20140217
Kingsoft 20140217
Malwarebytes 20140217
McAfee 20140217
McAfee-GW-Edition 20140217
Microsoft 20140217
eScan 20140217
NANO-Antivirus 20140216
Norman 20140217
nProtect 20140216
Panda 20140217
Rising 20140217
Sophos AV 20140217
SUPERAntiSpyware 20140217
Symantec 20140217
TheHacker 20140217
TotalDefense 20140217
TrendMicro 20140217
TrendMicro-HouseCall 20140217
VBA32 20140217
VIPRE 20140217
ViRobot 20140217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000107AC
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetDIBits
GetObjectA
SetROP2
DeleteDC
SetBkMode
MoveToEx
GetStockObject
CreateBrushIndirect
BitBlt
CreateSolidBrush
GetDIBits
SelectObject
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
StretchDIBits
GetLastError
GetStdHandle
EnterCriticalSection
lstrlenA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
GetWindowsDirectoryA
GetCommandLineA
FormatMessageA
GetModuleHandleA
GetTempPathA
RaiseException
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemDirectoryA
LocalFree
InitializeCriticalSection
lstrcpyA
VirtualQuery
VirtualFree
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetCurrentThreadId
VirtualAlloc
GetFileSize
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
VariantCopyInd
VariantClear
SetFocus
GetMessageA
GetForegroundWindow
SetPropA
DestroyWindow
GetCapture
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
PostMessageA
MessageBoxA
GetWindowDC
CopyImage
wvsprintfA
TranslateMessage
IsWindowEnabled
GetSysColor
GetDC
GetKeyState
ReleaseDC
RemovePropA
SetWindowTextA
DestroyIcon
LoadStringA
IsZoomed
SendMessageA
CreateWindowExA
IsIconic
RegisterClassA
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
FillRect
DestroyAcceleratorTable
CallWindowProcA
GetFocus
GetClassInfoA
GetKeyboardType
SetCursor
Number of PE resources by type
RT_STRING 2
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64000

LinkerVersion
2.25

EntryPoint
0x107ac

InitializedDataSize
23040

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 46b34b0239e81ab3ad487b0d73723360
SHA1 d0dabd76ccfac25aa7cb1674733988ab811d29f0
SHA256 922bf517c0bc117c416e879f746815b438d3a5d3b851d0c6f503468067718591
ssdeep
1536:Qeq8EByscY9CNOqTUMZkMMBVo35T/N4E/bvk2w7s:PHKCFZkR035TKmus

authentihash 92ee194927b93dc707fd47d5cd5ba29ad7576a191b020a17322cfebf3b32d5db
imphash 7ce96842ee9ea3d3d290362cc307577b
Размер файла 86.0 KБ ( 88064 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 5 (61.7%)
Win32 Executable Borland Delphi 3 (35.9%)
Win32 Dynamic Link Library (generic) (0.8%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-17 16:57:27 UTC (3 лет, 9 месяцев назад)
Last submission 2016-08-17 11:32:29 UTC (1 год, 3 месяцев назад)
Имена файлов 31.exe
15.exe
1.exe
11.exe
60.exe
60.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
DNS requests