× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 9b65805fee9e06fa82c57be08e5686f530dde8df51538d324a202d6cfd1865ce
Имя файла: Wormix v66.exe
Показатель выявления: 12 / 62
Дата анализа: 2017-07-26 09:54:02 UTC (1 год назад) Показать последний анализ
Антивирус Результат Дата обновления
Avast Win32:Evo-gen [Susp] 20170726
AVG Win32:Evo-gen [Susp] 20170726
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9932 20170726
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170710
Cylance Unsafe 20170726
Cyren W32/Heuristic-162!Eldorado 20170726
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/Packed.EnigmaProtector.J suspicious 20170726
F-Prot W32/Heuristic-162!Eldorado 20170726
Sophos ML heuristic 20170607
SentinelOne (Static ML) static engine - malicious 20170718
Symantec ML.Attribute.HighConfidence 20170726
Ad-Aware 20170726
AegisLab 20170726
AhnLab-V3 20170726
Alibaba 20170726
ALYac 20170726
Antiy-AVL 20170726
Arcabit 20170726
Avira (no cloud) 20170726
AVware 20170721
BitDefender 20170726
Bkav 20170725
CAT-QuickHeal 20170726
ClamAV 20170726
CMC 20170726
Comodo 20170726
DrWeb 20170726
Emsisoft 20170726
F-Secure 20170726
Fortinet 20170726
GData 20170726
Ikarus 20170726
Jiangmin 20170726
K7AntiVirus 20170726
K7GW 20170726
Kaspersky 20170726
Kingsoft 20170726
Malwarebytes 20170726
MAX 20170726
McAfee 20170726
McAfee-GW-Edition 20170725
Microsoft 20170726
eScan 20170726
NANO-Antivirus 20170726
nProtect 20170726
Palo Alto Networks (Known Signatures) 20170726
Panda 20170725
Qihoo-360 20170726
Rising 20170726
Sophos AV 20170726
SUPERAntiSpyware 20170726
Symantec Mobile Insight 20170726
Tencent 20170726
TheHacker 20170724
TrendMicro 20170726
Trustlook 20170726
VBA32 20170725
VIPRE 20170726
ViRobot 20170726
Webroot 20170726
Yandex 20170725
Zillya 20170725
ZoneAlarm by Check Point 20170726
Zoner 20170726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 66.0.0.0
Description Чит на Вормикс
Packers identified
F-PROT Enigma
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-25 15:17:44
Entry Point 0x00874428
Number of sections 14
PE sections
PE imports
RegCloseKey
InitializeFlatSB
CreateFontA
GetProcAddress
GetModuleHandleA
ExitProcess
LoadLibraryA
NetApiBufferFree
OleUninitialize
SysFreeString
ShellExecuteA
MessageBoxA
GetFileVersionInfoA
OpenPrinterW
PE exports
Number of PE resources by type
RT_STRING 34
RT_BITMAP 29
RT_RCDATA 20
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_DIALOG 2
RT_MANIFEST 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 56
NEUTRAL 39
ENGLISH NEUTRAL 7
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
670720

ImageVersion
0.0

FileVersionNumber
66.0.0.0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
66.0.0.0

TimeStamp
2017:07:25 16:17:44+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
66.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MrMehasha

CodeSize
3538944

FileSubtype
0

ProductVersionNumber
66.0.0.0

EntryPoint
0x874428

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 866231e5f1798ca9ec309ec4d0cbcd55
SHA1 54e39b8ba98f5b00110daff6693075bc958ba432
SHA256 9b65805fee9e06fa82c57be08e5686f530dde8df51538d324a202d6cfd1865ce
ssdeep
49152:oJq7JtWSCbJMxuVD43nbtNUkfNKLU6BeJmS2278ZEF2r94cdhvB+aoNN0k+hltx:oJItCJ43nbjUkfWU6BY4278ZEUpL56NY

authentihash 1d7f82892a0a080f030be34ccf8cfb07dc0eec928bbdf0902311d4ad28346a00
imphash e96fd296a58413afe0095a31808d274e
Размер файла 2.9 MБ ( 3023872 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-26 09:54:02 UTC (1 год назад)
Last submission 2017-10-18 00:22:58 UTC (10 месяцев назад)
Имена файлов Wormix v66.exe
9b65805fee9e06fa_cuckoo-97f83344e97c9a19a7e64be17fc0564906de5c0939bcef4cd77d872e73f018d9.exe
Wormixv66.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.