× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 9a68506bfdf81989ab8d4a68e5bf9fd96f5938d28411c7ed3a15b36619b6805d
Имя файла: umms.exe_
Показатель выявления: 15 / 54
Дата анализа: 2014-11-12 10:24:08 UTC (4 лет, 6 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware Trojan.Generic.12037556 20141112
BitDefender Trojan.Generic.12037556 20141112
Bkav HW32.Packed.94EB 20141112
CAT-QuickHeal (Suspicious) - DNAScan 20141112
Emsisoft Trojan.Generic.12037556 (B) 20141112
F-Secure Trojan.Generic.12037556 20141112
GData Trojan.Generic.12037556 20141112
Ikarus Trojan.SuspectCRC 20141112
McAfee Artemis!5C2A5CB26B15 20141112
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20141112
eScan Trojan.Generic.12037556 20141112
nProtect Trojan.Generic.12037556 20141111
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20141111
Symantec WS.Reputation.1 20141112
TrendMicro-HouseCall TROJ_GEN.R047H09K614 20141112
AegisLab 20141112
Yandex 20141111
AhnLab-V3 20141111
Antiy-AVL 20141112
Avast 20141112
AVG 20141112
Avira (no cloud) 20141112
AVware 20141112
Baidu-International 20141107
ByteHero 20141112
ClamAV 20141112
CMC 20141110
Comodo 20141112
Cyren 20141112
DrWeb 20141112
ESET-NOD32 20141112
F-Prot 20141111
Fortinet 20141112
Jiangmin 20141111
K7AntiVirus 20141111
K7GW 20141112
Kaspersky 20141112
Kingsoft 20141112
Malwarebytes 20141112
Microsoft 20141112
NANO-Antivirus 20141112
Norman 20141112
Panda 20141110
Qihoo-360 20141112
Sophos AV 20141112
SUPERAntiSpyware 20141112
Tencent 20141112
TheHacker 20141111
TotalDefense 20141112
TrendMicro 20141112
VBA32 20141112
ViRobot 20141112
Zillya 20141111
Zoner 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-15 12:59:38
Entry Point 0x0020FD77
Number of sections 7
PE sections
PE imports
CreateServiceA
DnsQuery_A
LocalFree
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
VirtualQuery
ExitProcess
LoadLibraryA
GetModuleFileNameA
CommandLineToArgvW
MessageBoxW
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:15 13:59:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
223744

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
159744

SubsystemVersion
5.1

EntryPoint
0x20fd77

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 5c2a5cb26b15697e71047d00b0b973b8
SHA1 ac3e6a9af261cc14a8387cdfcbf100c69cbf6e5f
SHA256 9a68506bfdf81989ab8d4a68e5bf9fd96f5938d28411c7ed3a15b36619b6805d
ssdeep
24576:CtjNELAf8pGKLw1eoOu9tccSG1u898ZVDo5y:UuAf6M4bOtoG1v98ZVey

authentihash 5ebbf2fab362f12508debbd7e5b673ab90f3b0fad2b916a84e5cecc8cf397bf1
imphash 5e985607ee309df293b2edb620dd2ae8
Размер файла 985.5 KБ ( 1009152 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-24 08:36:07 UTC (4 лет, 7 месяцев назад)
Last submission 2016-09-02 16:35:34 UTC (2 лет, 8 месяцев назад)
Имена файлов umms.exe
um1.exe
urnmmms.exe
5c2a5cb26b15697e71047d00b0b973b8.exe
umms.exe_
2.exe_
5C2A5CB26B15697E71047D00B0B973B8
umms.exe_
07Oe324ih.msi
5C2A5CB26B15697E71047D00B0B973B8
5C2A5CB26B15697E71047D00B0B973B8.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections