× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: a03c2d4bb8de09bd57d349ae9727fd4cd579758388d59428c36aecd54f838872
Имя файла: cy.exe
Показатель выявления: 32 / 46
Дата анализа: 2013-04-14 18:12:32 UTC (4 лет, 4 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Yandex Trojan.Genome!/1qiDkxJRhM 20130414
AhnLab-V3 Trojan/Win32.Genome 20130414
AntiVir TR/Offend.7016513 20130414
Antiy-AVL Trojan/Win32.Genome.gen 20130414
Avast Win32:Malware-gen 20130414
BitDefender Trojan.Generic.7016513 20130414
Commtouch W32/SecRisk-ProcessPatcher-based!Maximus 20130413
Comodo UnclassifiedMalware 20130414
DrWeb Trojan.PWS.Siggen.32063 20130414
Emsisoft Trojan.Generic.7016513 (B) 20130414
F-Prot W32/SecRisk-ProcessPatcher-based!Maximus 20130413
F-Secure Trojan.Generic.7016513 20130414
Fortinet Dx.BCL4!tr 20130414
GData Trojan.Generic.7016513 20130414
Ikarus Trojan.Win32.Genome 20130414
Jiangmin Trojan/Genome.bpdl 20130414
K7AntiVirus Trojan 20130412
Kaspersky Trojan.Win32.Genome.acddx 20130414
McAfee Artemis!9A69C3B85E05 20130414
McAfee-GW-Edition Artemis!9A69C3B85E05 20130414
eScan Trojan.Generic.7016513 20130414
NANO-Antivirus Trojan.Win32.Siggen.mjzlk 20130414
Norman Suspicious_Gen2.UWYNL 20130414
nProtect Trojan.Generic.7016513 20130414
Panda Trj/CI.A 20130414
PCTools Trojan.Gen 20130414
Symantec Trojan.Gen 20130414
TheHacker Trojan/Genome.acddx 20130414
TrendMicro TROJ_GEN.R3ACEL6 20130414
TrendMicro-HouseCall TROJ_GEN.R3ACEL6 20130414
VBA32 Trojan.Genome.ac 20130412
VIPRE RiskTool.Win32.ProcessPatcher.Nor!cobra (v) (not malicious) 20130414
AVG 20130414
ByteHero 20130405
CAT-QuickHeal 20130414
ClamAV 20130414
eSafe 20130407
ESET-NOD32 20130414
Kingsoft 20130408
Malwarebytes 20130414
Microsoft 20130414
Rising 20130412
Sophos AV 20130414
SUPERAntiSpyware 20130413
TotalDefense 20130414
ViRobot 20130414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-07 12:58:42
Entry Point 0x00001F18
Number of sections 3
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControlsEx
GetLastError
HeapFree
GetStdHandle
LCMapStringW
VirtualAllocEx
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
CreateRemoteThread
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
WriteProcessMemory
OpenProcess
GetCurrentDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetThreadContext
SuspendThread
SetFilePointer
VirtualProtectEx
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetStartupInfoA
CloseHandle
SetStdHandle
GetACP
HeapReAlloc
GetStringTypeW
SetThreadContext
TerminateProcess
ResumeThread
CreateProcessA
SetHandleCount
HeapCreate
FlushInstructionCache
VirtualFree
Sleep
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
GetWindowThreadProcessId
FindWindowA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:09:07 13:58:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileAccessDate
2014:04:15 23:07:06+01:00

EntryPoint
0x1f18

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:15 23:07:06+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9a69c3b85e053e921bb45c14f5a39eaf
SHA1 a3c1fdbc437a84587768a51f74c6d795fbb2a74c
SHA256 a03c2d4bb8de09bd57d349ae9727fd4cd579758388d59428c36aecd54f838872
ssdeep
384:l3MUnzuEuB/GyjJW0QTWUSYeFlLMmGwmlyBoXQSsalF8gtzD1X5oq:lpnzuEuZGOjqWUA7lrfKFtF1Jo

imphash 1cfaf9335d76c7c0e58a81d167480ba7
Размер файла 32.0 KБ ( 32768 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-12-06 17:48:02 UTC (5 лет, 8 месяцев назад)
Last submission 2014-04-15 22:06:47 UTC (3 лет, 4 месяцев назад)
Имена файлов aa
9a69c3b85e053e921bb45c14f5a39eaf.exe
cy.exe
bVr5r.xltm
das-12-11-2682.mal
9a69c3b85e053e921bb45c14f5a39eaf
jWIn_I.vbs
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes