× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
Имя файла: recpw
Показатель выявления: 53 / 57
Дата анализа: 2016-06-28 16:01:08 UTC (3 недель, 6 дней назад)
Антивирус Результат Дата обновления
ALYac Trojan.GenericKD.1433214 20160628
AVG Crypt2.CCFA 20160628
AVware Trojan.Win32.Sirefef.nb (v) 20160627
Ad-Aware Trojan.GenericKD.1433214 20160628
AegisLab W32.W.Ngrbot.wka!c 20160628
Yandex Worm.Ngrbot!vNXGOzkyciA 20160626
AhnLab-V3 Worm/Win32.Ngrbot.N1030795480 20160628
Antiy-AVL Trojan/Win32.SGeneric 20160628
Arcabit Trojan.Generic.D15DE7E 20160628
Avast Win32:Malware-gen 20160628
Avira (no cloud) TR/Dorkbot.A.79 20160628
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160628
Baidu-International Trojan.Win32.Injector.77 20160614
BitDefender Trojan.GenericKD.1433214 20160628
Bkav W32.CamiteP.Trojan 20160628
CAT-QuickHeal Worm.Dorkbot.A 20160628
CMC Worm.Win32.Ngrbot!O 20160627
Comodo UnclassifiedMalware 20160628
Cyren W32/Trojan.EXON-3429 20160628
DrWeb BackDoor.IRC.NgrBot.42 20160628
ESET-NOD32 Win32/Dorkbot.B 20160628
Emsisoft Trojan.GenericKD.1433214 (B) 20160628
F-Prot W32/Trojan2.OCNV 20160628
F-Secure Trojan.GenericKD.1433214 20160628
Fortinet W32/Ngrbot.BQCG!worm 20160628
GData Trojan.GenericKD.1433214 20160628
Ikarus Worm.Win32.Dorkbot 20160628
Jiangmin Worm/Ngrbot.avb 20160628
K7AntiVirus Riskware ( 0040eff71 ) 20160628
K7GW Riskware ( 0040eff71 ) 20160628
Kaspersky Worm.Win32.Ngrbot.wka 20160628
Malwarebytes Trojan.FakeAlert 20160628
McAfee Generic.dx!8B6BF3920AEE 20160628
McAfee-GW-Edition BehavesLike.Win32.Backdoor.nc 20160628
eScan Trojan.GenericKD.1433214 20160628
Microsoft Worm:Win32/Dorkbot.I 20160628
NANO-Antivirus Trojan.Win32.NgrBot.cqrfva 20160628
Panda Trj/WLT.A 20160628
Qihoo-360 QVM20.1.Malware.Gen 20160628
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp 20160628
Sophos Mal/Generic-L 20160628
Symantec W32.IRCBot.NG 20160628
Tencent Win32.Worm.Ngrbot.Ecat 20160628
TotalDefense Win32/Dorkbot.KcDKBND 20160628
TrendMicro TROJ_SPNR.0BLB13 20160628
TrendMicro-HouseCall TROJ_SPNR.0BLB13 20160628
VBA32 Trojan.TDSS.01414 20160627
VIPRE Trojan.Win32.Sirefef.nb (v) 20160628
ViRobot Worm.Win32.Ngrbot.101376[h] 20160628
Yandex Worm.Ngrbot!vNXGOzkyciA 20160626
Zillya Worm.Ngrbot.Win32.4423 20160627
Zoner I-Worm.Dorkbot.B 20160628
nProtect Worm/W32.Ngrbot.101376.D 20160628
Alibaba 20160628
ClamAV 20160628
Kingsoft 20160628
TheHacker 20160628
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jemfeque Corp © © 2012

Product Jemfeque INC
Original name recpw.exe
Internal name recpw
File version a 4 RC249.42704019.169c
Description Jemfeque INC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-19 03:18:35
Entry Point 0x00002730
Number of sections 5
PE sections
PE imports
Direct3DCreate8
OsThunkD3dContextCreate
DrawEscape
GetConsoleOutputCP
GetProcessWorkingSetSize
WaitForSingleObject
GetDriveTypeA
lstrlen
GetVolumePathNameA
GetBinaryType
GetLocalTime
GetProcessId
GetConsoleMode
GetLocaleInfoA
OpenFileMappingA
_llseek
CommConfigDialogA
GetFullPathNameA
WriteConsoleOutputA
SetFileTime
SetFileAttributesA
PurgeComm
GetLogicalDriveStringsA
GetEnvironmentVariableA
GetSystemTime
ReadConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
GetModuleFileNameA
OpenWaitableTimerA
LoadLibraryExW
TerminateJobObject
GetProfileSectionA
LZRead
CreateMutexA
SetFilePointer
GetPrivateProfileSectionA
Module32Next
SetUnhandledExceptionFilter
GetProcessPriorityBoost
SetLastConsoleEventActive
ClearCommError
GetSystemDirectoryA
SetEnvironmentVariableA
ReadConsoleA
GetDiskFreeSpaceExA
GlobalAlloc
DeleteAtom
HeapFree
SetCommBreak
GetThreadPriorityBoost
SetTapeParameters
FindVolumeClose
GetExitCodeProcess
GetTickCount
CallNamedPipeA
GetVersionExA
LoadLibraryA
GetConsoleCommandHistoryLengthA
AddAtomA
GetNamedPipeHandleStateA
GetWindowsDirectoryA
GetProcAddress
SetSystemTimeAdjustment
GetProcessHeap
GetFileSizeEx
WaitNamedPipeA
GetComputerNameA
FindNextFileA
GetBinaryTypeA
SetCommTimeouts
SetConsoleInputExeNameA
CreateEventA
GlobalFindAtomA
SetVolumeLabelA
SetMessageWaitingIndicator
PrepareTape
OpenJobObjectA
GetNativeSystemInfo
FlushConsoleInputBuffer
VirtualAllocEx
GetEnvironmentStringsA
UnregisterWaitEx
DefineDosDeviceA
SetProcessShutdownParameters
GetCommState
SetComputerNameExA
CancelWaitableTimer
AddConsoleAliasA
CopyFileExA
ProcessIdToSessionId
GetProcessHeaps
GetCurrentDirectoryA
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RegisterWaitForSingleObjectEx
QueryPerformanceFrequency
ReleaseSemaphore
GetModuleHandleA
SetConsoleCursorMode
PulseEvent
SetConsoleTitleA
CloseHandle
lstrcpynA
PeekConsoleInputA
GetDefaultCommConfigA
IsValidCodePage
UnmapViewOfFile
OpenSemaphoreA
WriteConsoleOutputCharacterA
IsBadStringPtrA
GetFileAttributesExA
IsBadCodePtr
LocalShrink
OpenEventA
glTexCoordPointer
PdhSelectDataSourceW
DrawTextExW
HideCaret
GetClassInfoExA
SetWindowStationUser
GetClipboardOwner
SetWindowsHookA
MessageBoxExA
GetSystemMetrics
SetInternalWindowPos
GetLastInputInfo
PaintMenuBar
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
RegisterShellHookWindow
GetInputDesktop
GetProgmanWindow
SetScrollInfo
InsertMenuItemA
CreateWindowStationA
CharNextExA
UnlockWindowStation
ShowScrollBar
IsServerSideWindow
CreateDialogParamA
SetShellWindowEx
BringWindowToTop
IsHungAppWindow
InSendMessage
GetWindowLongA
SetTimer
TranslateAcceleratorA
DefDlgProcA
AdjustWindowRect
CopyRect
MapVirtualKeyExW
EnumPropsExA
PostThreadMessageA
Number of PE resources by type
Jemfeque 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.68

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
79872

EntryPoint
0x2730

OriginalFileName
recpw.exe

MIMEType
application/octet-stream

LegalCopyright
Jemfeque Corp 2012

FileVersion
a 4 RC249.42704019.169c

TimeStamp
2013:11:19 04:18:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
recpw

ProductVersion
498.57756 RelC

FileDescription
Jemfeque INC

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jemfeque Corp

CodeSize
20480

ProductName
Jemfeque INC

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8b6bf3920aee6ad725cdc06bb815cab7
SHA1 8aabe8e1b6e1e425d8f3f97b115ac28c4a60900f
SHA256 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
ssdeep
3072:KMERCkEVeLZC7tXGZQvGozOVA0PAnrBztx7lDn0K:2EVOC75GyvDzOq8A9zP7pn0K

authentihash a9d8acd1fc9ecfe57f2a0a4cf5b905c42c01189abd3d74be36a0f995e780fb14
imphash b96b49050c358250305bf52b39ca825f
Размер файла 99.0 KБ ( 101376 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-12-01 13:16:37 UTC (2 лет, 7 месяцев назад)
Last submission 2016-06-08 20:14:06 UTC (1 месяц, 2 недель назад)
Имена файлов DLjfVHTXeLByOXn.exe
Naqsqf.exe
007884535
recpw
n.api
recpw.exe
oPYRMDzXxavSUsi.exe
nl.api
8B6BF3920AEE6AD725CDC06BB815CAB7 - ptMlLFRUcQvfnqC.exe_
17702891
output.17702891.txt
Mcnxnj.exe0
67lwi.exe
6542.exe
00PMDU5D.EXE1
ARUnCvd.exe
uonbdkeczladonk.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!