× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
Имя файла: recpw
Показатель выявления: 49 / 55
Дата анализа: 2015-04-20 04:10:06 UTC (1 день, 14 часов назад)
Антивирус Результат Дата обновления
AVG Crypt2.CCFA 20150420
AVware Trojan.Win32.Sirefef.nb (v) 20150420
Ad-Aware Trojan.GenericKD.1433214 20150420
Agnitum Worm.Ngrbot!vNXGOzkyciA 20150419
AhnLab-V3 Worm/Win32.Ngrbot 20150419
Antiy-AVL Trojan/Win32.SGeneric 20150420
Avast Win32:Malware-gen 20150419
Avira TR/Dorkbot.A.79 20150419
Baidu-International Trojan.Win32.Injector.77 20150419
BitDefender Trojan.GenericKD.1433214 20150420
Bkav HW32.Packed.7511 20150417
CAT-QuickHeal Worm.Dorkbot.A 20150418
Comodo UnclassifiedMalware 20150419
Cyren W32/Trojan.EXON-3429 20150420
DrWeb BackDoor.IRC.NgrBot.42 20150420
ESET-NOD32 Win32/Dorkbot.B 20150420
Emsisoft Trojan.GenericKD.1433214 (B) 20150420
F-Prot W32/Trojan2.OCNV 20150420
F-Secure Trojan.GenericKD.1433214 20150419
Fortinet W32/Ngrbot.BQCG!worm 20150420
GData Trojan.GenericKD.1433214 20150420
Ikarus Worm.Win32.Dorkbot 20150420
Jiangmin Worm/Ngrbot.bhm 20150417
K7AntiVirus Trojan ( 0001589d1 ) 20150419
K7GW Trojan ( 0001589d1 ) 20150419
Kaspersky Worm.Win32.Ngrbot.wka 20150420
Malwarebytes Trojan.FakeAlert 20150419
McAfee Generic.dx!8B6BF3920AEE 20150420
McAfee-GW-Edition BehavesLike.Win32.Trojan.nc 20150419
MicroWorld-eScan Trojan.GenericKD.1433214 20150420
Microsoft Worm:Win32/Dorkbot.I 20150420
NANO-Antivirus Trojan.Win32.NgrBot.cqrfva 20150420
Norman ZAccess.BMKS 20150419
Panda Trj/WLT.A 20150417
Qihoo-360 HEUR/Malware.QVM20.Gen 20150420
Rising PE:Trojan.Win32.Generic.162F2B80!372190080 20150419
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp 20150419
Sophos Mal/Generic-L 20150420
Symantec W32.IRCBot.NG 20150420
Tencent Trojan.Win32.YY.Gen.3 20150420
TotalDefense Win32/Dorkbot.KcDKBND 20150419
TrendMicro TROJ_SPNR.0BLB13 20150420
TrendMicro-HouseCall TROJ_SPNR.0BLB13 20150420
VBA32 Trojan.TDSS.01414 20150418
VIPRE Trojan.Win32.Sirefef.nb (v) 20150420
ViRobot Worm.Win32.Ngrbot.101376[h] 20150420
Zillya Worm.Ngrbot.Win32.4423 20150420
Zoner I-Worm.Dorkbot.B 20150417
nProtect Worm/W32.Ngrbot.101376.D 20150417
AegisLab 20150420
Alibaba 20150420
ByteHero 20150420
CMC 20150418
ClamAV 20150420
Kingsoft 20150420
TheHacker 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Jemfeque Corp © © 2012

Publisher Jemfeque Corp ©
Product Jemfeque INC
Original name recpw.exe
Internal name recpw
File version a 4 RC249.42704019.169c
Description Jemfeque INC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-19 03:18:35
Link date 4:18 AM 11/19/2013
Entry Point 0x00002730
Number of sections 5
PE sections
PE imports
Direct3DCreate8
OsThunkD3dContextCreate
DrawEscape
GetConsoleOutputCP
GetProcessWorkingSetSize
WaitForSingleObject
GetDriveTypeA
lstrlen
GetVolumePathNameA
GetBinaryType
GetLocalTime
GetProcessId
GetConsoleMode
GetLocaleInfoA
OpenFileMappingA
_llseek
CommConfigDialogA
GetFullPathNameA
WriteConsoleOutputA
SetFileTime
SetFileAttributesA
PurgeComm
GetLogicalDriveStringsA
GetEnvironmentVariableA
GetSystemTime
ReadConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
GetModuleFileNameA
OpenWaitableTimerA
LoadLibraryExW
TerminateJobObject
GetProfileSectionA
LZRead
CreateMutexA
SetFilePointer
GetPrivateProfileSectionA
Module32Next
SetUnhandledExceptionFilter
GetProcessPriorityBoost
SetLastConsoleEventActive
ClearCommError
GetSystemDirectoryA
SetEnvironmentVariableA
ReadConsoleA
GetDiskFreeSpaceExA
GlobalAlloc
DeleteAtom
HeapFree
SetCommBreak
GetThreadPriorityBoost
SetTapeParameters
FindVolumeClose
GetExitCodeProcess
GetTickCount
CallNamedPipeA
GetVersionExA
LoadLibraryA
GetConsoleCommandHistoryLengthA
AddAtomA
GetNamedPipeHandleStateA
GetWindowsDirectoryA
GetProcAddress
SetSystemTimeAdjustment
GetProcessHeap
GetFileSizeEx
WaitNamedPipeA
GetComputerNameA
FindNextFileA
GetBinaryTypeA
SetCommTimeouts
SetConsoleInputExeNameA
CreateEventA
GlobalFindAtomA
SetVolumeLabelA
SetMessageWaitingIndicator
PrepareTape
OpenJobObjectA
GetNativeSystemInfo
FlushConsoleInputBuffer
VirtualAllocEx
GetEnvironmentStringsA
UnregisterWaitEx
DefineDosDeviceA
SetProcessShutdownParameters
GetCommState
SetComputerNameExA
CancelWaitableTimer
AddConsoleAliasA
CopyFileExA
ProcessIdToSessionId
GetProcessHeaps
GetCurrentDirectoryA
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RegisterWaitForSingleObjectEx
QueryPerformanceFrequency
ReleaseSemaphore
GetModuleHandleA
SetConsoleCursorMode
PulseEvent
SetConsoleTitleA
CloseHandle
lstrcpynA
PeekConsoleInputA
GetDefaultCommConfigA
IsValidCodePage
UnmapViewOfFile
OpenSemaphoreA
WriteConsoleOutputCharacterA
IsBadStringPtrA
GetFileAttributesExA
IsBadCodePtr
LocalShrink
OpenEventA
glTexCoordPointer
PdhSelectDataSourceW
DrawTextExW
HideCaret
GetClassInfoExA
SetWindowStationUser
GetClipboardOwner
SetWindowsHookA
MessageBoxExA
GetSystemMetrics
SetInternalWindowPos
GetLastInputInfo
PaintMenuBar
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
RegisterShellHookWindow
GetInputDesktop
GetProgmanWindow
SetScrollInfo
InsertMenuItemA
CreateWindowStationA
CharNextExA
UnlockWindowStation
ShowScrollBar
IsServerSideWindow
CreateDialogParamA
SetShellWindowEx
BringWindowToTop
IsHungAppWindow
InSendMessage
GetWindowLongA
SetTimer
TranslateAcceleratorA
DefDlgProcA
AdjustWindowRect
CopyRect
MapVirtualKeyExW
EnumPropsExA
PostThreadMessageA
Number of PE resources by type
Jemfeque 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.68

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
79872

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Jemfeque Corp 2012

FileVersion
a 4 RC249.42704019.169c

TimeStamp
2013:11:19 04:18:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
recpw

ProductVersion
498.57756 RelC

FileDescription
Jemfeque INC

OSVersion
4.0

OriginalFilename
recpw.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jemfeque Corp

CodeSize
20480

ProductName
Jemfeque INC

ProductVersionNumber
3.0.101.3

EntryPoint
0x2730

ObjectFileType
Executable application

File identification
MD5 8b6bf3920aee6ad725cdc06bb815cab7
SHA1 8aabe8e1b6e1e425d8f3f97b115ac28c4a60900f
SHA256 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
ssdeep
3072:KMERCkEVeLZC7tXGZQvGozOVA0PAnrBztx7lDn0K:2EVOC75GyvDzOq8A9zP7pn0K

authentihash a9d8acd1fc9ecfe57f2a0a4cf5b905c42c01189abd3d74be36a0f995e780fb14
imphash b96b49050c358250305bf52b39ca825f
Размер файла 99.0 KБ ( 101376 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-12-01 13:16:37 UTC (1 год, 4 месяцев назад)
Last submission 2015-01-22 00:04:57 UTC (2 месяцев, 4 недель назад)
Имена файлов DLjfVHTXeLByOXn.exe
6542.exe
Mcnxnj.exe0
recpw
n.api
recpw.exe
oPYRMDzXxavSUsi.exe
nl.api
8B6BF3920AEE6AD725CDC06BB815CAB7 - ptMlLFRUcQvfnqC.exe_
17702891
output.17702891.txt
67lwi.exe
00PMDU5D.EXE1
uonbdkeczladonk.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!