× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
Имя файла: recpw
Показатель выявления: 51 / 57
Дата анализа: 2016-04-30 23:26:30 UTC (4 дней, 20 часов назад)
Антивирус Результат Дата обновления
ALYac Trojan.GenericKD.1433214 20160430
AVG Crypt2.CCFA 20160430
AVware Trojan.Win32.Sirefef.nb (v) 20160430
Ad-Aware Trojan.GenericKD.1433214 20160430
AhnLab-V3 Worm/Win32.Ngrbot 20160430
Antiy-AVL Trojan/Win32.SGeneric 20160430
Arcabit Trojan.Generic.D15DE7E 20160430
Avast Win32:Malware-gen 20160430
Avira (no cloud) TR/Dorkbot.A.79 20160430
Baidu-International Trojan.Win32.Injector.77 20160430
BitDefender Trojan.GenericKD.1433214 20160430
Bkav W32.CamiteP.Trojan 20160429
CAT-QuickHeal Worm.Dorkbot.A 20160430
CMC Worm.Win32.Ngrbot!O 20160429
Comodo UnclassifiedMalware 20160430
Cyren W32/Trojan.EXON-3429 20160430
DrWeb BackDoor.IRC.NgrBot.42 20160430
ESET-NOD32 Win32/Dorkbot.B 20160430
Emsisoft Trojan.GenericKD.1433214 (B) 20160430
F-Prot W32/Trojan2.OCNV 20160430
F-Secure Trojan.GenericKD.1433214 20160430
Fortinet W32/Ngrbot.BQCG!worm 20160430
GData Trojan.GenericKD.1433214 20160430
Ikarus Worm.Win32.Dorkbot 20160430
Jiangmin Worm/Ngrbot.avb 20160430
K7AntiVirus Trojan ( 0001589d1 ) 20160430
K7GW Trojan ( 0001589d1 ) 20160430
Kaspersky Worm.Win32.Ngrbot.wka 20160430
Malwarebytes Trojan.FakeAlert 20160430
McAfee Generic.dx!8B6BF3920AEE 20160430
McAfee-GW-Edition BehavesLike.Win32.Generic.nc 20160430
eScan Trojan.GenericKD.1433214 20160430
Microsoft Worm:Win32/Dorkbot.I 20160430
NANO-Antivirus Trojan.Win32.NgrBot.cqrfva 20160430
Panda Trj/WLT.A 20160430
Qihoo-360 HEUR/Malware.QVM20.Gen 20160501
Rising Trjoan.Generic-HHFWqiKEdRJ (Cloud) 20160430
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp 20160430
Sophos Mal/Generic-L 20160430
Symantec W32.IRCBot.NG 20160430
Tencent Win32.Worm.Ngrbot.Ecat 20160501
TotalDefense Win32/Dorkbot.KcDKBND 20160430
TrendMicro TROJ_SPNR.0BLB13 20160430
TrendMicro-HouseCall TROJ_SPNR.0BLB13 20160430
VBA32 Trojan.TDSS.01414 20160430
VIPRE Trojan.Win32.Sirefef.nb (v) 20160430
ViRobot Worm.Win32.Ngrbot.101376[h] 20160430
Yandex Worm.Ngrbot!vNXGOzkyciA 20160501
Zillya Worm.Ngrbot.Win32.4423 20160430
Zoner I-Worm.Dorkbot.B 20160430
nProtect Worm/W32.Ngrbot.101376.D 20160429
AegisLab 20160430
Alibaba 20160429
Baidu 20160429
ClamAV 20160430
Kingsoft 20160501
TheHacker 20160430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jemfeque Corp © © 2012

Product Jemfeque INC
Original name recpw.exe
Internal name recpw
File version a 4 RC249.42704019.169c
Description Jemfeque INC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-19 03:18:35
Entry Point 0x00002730
Number of sections 5
PE sections
PE imports
Direct3DCreate8
OsThunkD3dContextCreate
DrawEscape
GetConsoleOutputCP
GetProcessWorkingSetSize
WaitForSingleObject
GetDriveTypeA
lstrlen
GetVolumePathNameA
GetBinaryType
GetLocalTime
GetProcessId
GetConsoleMode
GetLocaleInfoA
OpenFileMappingA
_llseek
CommConfigDialogA
GetFullPathNameA
WriteConsoleOutputA
SetFileTime
SetFileAttributesA
PurgeComm
GetLogicalDriveStringsA
GetEnvironmentVariableA
GetSystemTime
ReadConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
GetModuleFileNameA
OpenWaitableTimerA
LoadLibraryExW
TerminateJobObject
GetProfileSectionA
LZRead
CreateMutexA
SetFilePointer
GetPrivateProfileSectionA
Module32Next
SetUnhandledExceptionFilter
GetProcessPriorityBoost
SetLastConsoleEventActive
ClearCommError
GetSystemDirectoryA
SetEnvironmentVariableA
ReadConsoleA
GetDiskFreeSpaceExA
GlobalAlloc
DeleteAtom
HeapFree
SetCommBreak
GetThreadPriorityBoost
SetTapeParameters
FindVolumeClose
GetExitCodeProcess
GetTickCount
CallNamedPipeA
GetVersionExA
LoadLibraryA
GetConsoleCommandHistoryLengthA
AddAtomA
GetNamedPipeHandleStateA
GetWindowsDirectoryA
GetProcAddress
SetSystemTimeAdjustment
GetProcessHeap
GetFileSizeEx
WaitNamedPipeA
GetComputerNameA
FindNextFileA
GetBinaryTypeA
SetCommTimeouts
SetConsoleInputExeNameA
CreateEventA
GlobalFindAtomA
SetVolumeLabelA
SetMessageWaitingIndicator
PrepareTape
OpenJobObjectA
GetNativeSystemInfo
FlushConsoleInputBuffer
VirtualAllocEx
GetEnvironmentStringsA
UnregisterWaitEx
DefineDosDeviceA
SetProcessShutdownParameters
GetCommState
SetComputerNameExA
CancelWaitableTimer
AddConsoleAliasA
CopyFileExA
ProcessIdToSessionId
GetProcessHeaps
GetCurrentDirectoryA
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RegisterWaitForSingleObjectEx
QueryPerformanceFrequency
ReleaseSemaphore
GetModuleHandleA
SetConsoleCursorMode
PulseEvent
SetConsoleTitleA
CloseHandle
lstrcpynA
PeekConsoleInputA
GetDefaultCommConfigA
IsValidCodePage
UnmapViewOfFile
OpenSemaphoreA
WriteConsoleOutputCharacterA
IsBadStringPtrA
GetFileAttributesExA
IsBadCodePtr
LocalShrink
OpenEventA
glTexCoordPointer
PdhSelectDataSourceW
DrawTextExW
HideCaret
GetClassInfoExA
SetWindowStationUser
GetClipboardOwner
SetWindowsHookA
MessageBoxExA
GetSystemMetrics
SetInternalWindowPos
GetLastInputInfo
PaintMenuBar
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
RegisterShellHookWindow
GetInputDesktop
GetProgmanWindow
SetScrollInfo
InsertMenuItemA
CreateWindowStationA
CharNextExA
UnlockWindowStation
ShowScrollBar
IsServerSideWindow
CreateDialogParamA
SetShellWindowEx
BringWindowToTop
IsHungAppWindow
InSendMessage
GetWindowLongA
SetTimer
TranslateAcceleratorA
DefDlgProcA
AdjustWindowRect
CopyRect
MapVirtualKeyExW
EnumPropsExA
PostThreadMessageA
Number of PE resources by type
Jemfeque 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.68

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
79872

EntryPoint
0x2730

OriginalFileName
recpw.exe

MIMEType
application/octet-stream

LegalCopyright
Jemfeque Corp 2012

FileVersion
a 4 RC249.42704019.169c

TimeStamp
2013:11:19 04:18:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
recpw

ProductVersion
498.57756 RelC

FileDescription
Jemfeque INC

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jemfeque Corp

CodeSize
20480

ProductName
Jemfeque INC

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8b6bf3920aee6ad725cdc06bb815cab7
SHA1 8aabe8e1b6e1e425d8f3f97b115ac28c4a60900f
SHA256 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
ssdeep
3072:KMERCkEVeLZC7tXGZQvGozOVA0PAnrBztx7lDn0K:2EVOC75GyvDzOq8A9zP7pn0K

authentihash a9d8acd1fc9ecfe57f2a0a4cf5b905c42c01189abd3d74be36a0f995e780fb14
imphash b96b49050c358250305bf52b39ca825f
Размер файла 99.0 KБ ( 101376 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-12-01 13:16:37 UTC (2 лет, 5 месяцев назад)
Last submission 2015-08-16 20:34:38 UTC (8 месяцев, 3 недель назад)
Имена файлов DLjfVHTXeLByOXn.exe
6542.exe
007884535
recpw
n.api
recpw.exe
oPYRMDzXxavSUsi.exe
nl.api
8B6BF3920AEE6AD725CDC06BB815CAB7 - ptMlLFRUcQvfnqC.exe_
17702891
output.17702891.txt
Mcnxnj.exe0
67lwi.exe
00PMDU5D.EXE1
ARUnCvd.exe
uonbdkeczladonk.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!