× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
Имя файла: recpw
Показатель выявления: 50 / 57
Дата анализа: 2015-08-25 09:02:52 UTC (1 неделя назад)
Антивирус Результат Дата обновления
ALYac Trojan.GenericKD.1433214 20150825
AVG Crypt2.CCFA 20150825
AVware Trojan.Win32.Sirefef.nb (v) 20150825
Ad-Aware Trojan.GenericKD.1433214 20150825
Agnitum Worm.Ngrbot!vNXGOzkyciA 20150822
AhnLab-V3 Worm/Win32.Ngrbot 20150825
Antiy-AVL Trojan/Win32.SGeneric 20150825
Arcabit Trojan.Generic.D15DE7E 20150825
Avast Win32:Malware-gen 20150825
Avira TR/Dorkbot.A.79 20150825
Baidu-International Trojan.Win32.Injector.77 20150825
BitDefender Trojan.GenericKD.1433214 20150825
Bkav W32.CamiteP.Trojan 20150824
CAT-QuickHeal Worm.Dorkbot.A 20150825
Comodo UnclassifiedMalware 20150825
Cyren W32/Trojan.EXON-3429 20150825
DrWeb BackDoor.IRC.NgrBot.42 20150825
ESET-NOD32 Win32/Dorkbot.B 20150825
Emsisoft Trojan.GenericKD.1433214 (B) 20150825
F-Prot W32/Trojan2.OCNV 20150825
F-Secure Trojan.GenericKD.1433214 20150825
Fortinet W32/Ngrbot.BQCG!worm 20150825
GData Trojan.GenericKD.1433214 20150825
Ikarus Worm.Win32.Dorkbot 20150825
Jiangmin Worm/Ngrbot.bhm 20150823
K7AntiVirus Trojan ( 0001589d1 ) 20150825
K7GW Trojan ( 0001589d1 ) 20150825
Kaspersky Worm.Win32.Ngrbot.wka 20150825
Malwarebytes Trojan.FakeAlert 20150825
McAfee Generic.dx!8B6BF3920AEE 20150825
McAfee-GW-Edition BehavesLike.Win32.Trojan.nc 20150825
MicroWorld-eScan Trojan.GenericKD.1433214 20150825
Microsoft Worm:Win32/Dorkbot.I 20150824
NANO-Antivirus Trojan.Win32.NgrBot.cqrfva 20150825
Panda Trj/WLT.A 20150824
Qihoo-360 HEUR/Malware.QVM20.Gen 20150825
Rising PE:Trojan.Win32.Generic.162F2B80!372190080[F1] 20150824
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp 20150825
Sophos Mal/Generic-L 20150825
Symantec W32.IRCBot.NG 20150824
Tencent Win32.Worm.Ngrbot.Ecat 20150825
TotalDefense Win32/Dorkbot.KcDKBND 20150825
TrendMicro TROJ_SPNR.0BLB13 20150825
TrendMicro-HouseCall TROJ_SPNR.0BLB13 20150825
VBA32 Trojan.TDSS.01414 20150822
VIPRE Trojan.Win32.Sirefef.nb (v) 20150825
ViRobot Worm.Win32.Ngrbot.101376[h] 20150825
Zillya Worm.Ngrbot.Win32.4423 20150825
Zoner I-Worm.Dorkbot.B 20150825
nProtect Worm/W32.Ngrbot.101376.D 20150825
AegisLab 20150825
Alibaba 20150825
ByteHero 20150825
CMC 20150825
ClamAV 20150825
Kingsoft 20150825
TheHacker 20150824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jemfeque Corp © © 2012

Publisher Jemfeque Corp ©
Product Jemfeque INC
Original name recpw.exe
Internal name recpw
File version a 4 RC249.42704019.169c
Description Jemfeque INC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-19 03:18:35
Link date 4:18 AM 11/19/2013
Entry Point 0x00002730
Number of sections 5
PE sections
PE imports
Direct3DCreate8
OsThunkD3dContextCreate
DrawEscape
GetConsoleOutputCP
GetProcessWorkingSetSize
WaitForSingleObject
GetDriveTypeA
lstrlen
GetVolumePathNameA
GetBinaryType
GetLocalTime
GetProcessId
GetConsoleMode
GetLocaleInfoA
OpenFileMappingA
_llseek
CommConfigDialogA
GetFullPathNameA
WriteConsoleOutputA
SetFileTime
SetFileAttributesA
PurgeComm
GetLogicalDriveStringsA
GetEnvironmentVariableA
GetSystemTime
ReadConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
GetModuleFileNameA
OpenWaitableTimerA
LoadLibraryExW
TerminateJobObject
GetProfileSectionA
LZRead
CreateMutexA
SetFilePointer
GetPrivateProfileSectionA
Module32Next
SetUnhandledExceptionFilter
GetProcessPriorityBoost
SetLastConsoleEventActive
ClearCommError
GetSystemDirectoryA
SetEnvironmentVariableA
ReadConsoleA
GetDiskFreeSpaceExA
GlobalAlloc
DeleteAtom
HeapFree
SetCommBreak
GetThreadPriorityBoost
SetTapeParameters
FindVolumeClose
GetExitCodeProcess
GetTickCount
CallNamedPipeA
GetVersionExA
LoadLibraryA
GetConsoleCommandHistoryLengthA
AddAtomA
GetNamedPipeHandleStateA
GetWindowsDirectoryA
GetProcAddress
SetSystemTimeAdjustment
GetProcessHeap
GetFileSizeEx
WaitNamedPipeA
GetComputerNameA
FindNextFileA
GetBinaryTypeA
SetCommTimeouts
SetConsoleInputExeNameA
CreateEventA
GlobalFindAtomA
SetVolumeLabelA
SetMessageWaitingIndicator
PrepareTape
OpenJobObjectA
GetNativeSystemInfo
FlushConsoleInputBuffer
VirtualAllocEx
GetEnvironmentStringsA
UnregisterWaitEx
DefineDosDeviceA
SetProcessShutdownParameters
GetCommState
SetComputerNameExA
CancelWaitableTimer
AddConsoleAliasA
CopyFileExA
ProcessIdToSessionId
GetProcessHeaps
GetCurrentDirectoryA
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RegisterWaitForSingleObjectEx
QueryPerformanceFrequency
ReleaseSemaphore
GetModuleHandleA
SetConsoleCursorMode
PulseEvent
SetConsoleTitleA
CloseHandle
lstrcpynA
PeekConsoleInputA
GetDefaultCommConfigA
IsValidCodePage
UnmapViewOfFile
OpenSemaphoreA
WriteConsoleOutputCharacterA
IsBadStringPtrA
GetFileAttributesExA
IsBadCodePtr
LocalShrink
OpenEventA
glTexCoordPointer
PdhSelectDataSourceW
DrawTextExW
HideCaret
GetClassInfoExA
SetWindowStationUser
GetClipboardOwner
SetWindowsHookA
MessageBoxExA
GetSystemMetrics
SetInternalWindowPos
GetLastInputInfo
PaintMenuBar
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
RegisterShellHookWindow
GetInputDesktop
GetProgmanWindow
SetScrollInfo
InsertMenuItemA
CreateWindowStationA
CharNextExA
UnlockWindowStation
ShowScrollBar
IsServerSideWindow
CreateDialogParamA
SetShellWindowEx
BringWindowToTop
IsHungAppWindow
InSendMessage
GetWindowLongA
SetTimer
TranslateAcceleratorA
DefDlgProcA
AdjustWindowRect
CopyRect
MapVirtualKeyExW
EnumPropsExA
PostThreadMessageA
Number of PE resources by type
Jemfeque 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.68

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
79872

EntryPoint
0x2730

OriginalFileName
recpw.exe

MIMEType
application/octet-stream

LegalCopyright
Jemfeque Corp 2012

FileVersion
a 4 RC249.42704019.169c

TimeStamp
2013:11:19 04:18:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
recpw

ProductVersion
498.57756 RelC

FileDescription
Jemfeque INC

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jemfeque Corp

CodeSize
20480

ProductName
Jemfeque INC

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8b6bf3920aee6ad725cdc06bb815cab7
SHA1 8aabe8e1b6e1e425d8f3f97b115ac28c4a60900f
SHA256 98fcde0d5647463b93b156cd3b04ae45d855d6deb862d66816bd752f334879ed
ssdeep
3072:KMERCkEVeLZC7tXGZQvGozOVA0PAnrBztx7lDn0K:2EVOC75GyvDzOq8A9zP7pn0K

authentihash a9d8acd1fc9ecfe57f2a0a4cf5b905c42c01189abd3d74be36a0f995e780fb14
imphash b96b49050c358250305bf52b39ca825f
Размер файла 99.0 KБ ( 101376 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-12-01 13:16:37 UTC (1 год, 9 месяцев назад)
Last submission 2015-08-16 20:34:38 UTC (2 недель, 1 день назад)
Имена файлов DLjfVHTXeLByOXn.exe
6542.exe
007884535
recpw
n.api
recpw.exe
oPYRMDzXxavSUsi.exe
nl.api
8B6BF3920AEE6AD725CDC06BB815CAB7 - ptMlLFRUcQvfnqC.exe_
17702891
output.17702891.txt
Mcnxnj.exe0
67lwi.exe
00PMDU5D.EXE1
ARUnCvd.exe
uonbdkeczladonk.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!