× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: aa36f425e08d7bc0b06a833e7cb7d1d60ea319016d7ff80a5d9da32a810dd128
Имя файла: TO Hack 1.0.exe
Показатель выявления: 3 / 63
Дата анализа: 2017-07-12 10:18:31 UTC (1 год, 1 месяц назад) Показать последний анализ
Антивирус Результат Дата обновления
CrowdStrike Falcon (ML) malicious_confidence_77% (D) 20170420
Endgame malicious (moderate confidence) 20170706
Symantec ML.Attribute.HighConfidence 20170712
Ad-Aware 20170712
AegisLab 20170712
AhnLab-V3 20170711
Alibaba 20170712
ALYac 20170712
Antiy-AVL 20170712
Arcabit 20170712
Avast 20170712
AVG 20170712
Avira (no cloud) 20170712
AVware 20170712
Baidu 20170712
BitDefender 20170712
Bkav 20170712
CAT-QuickHeal 20170712
ClamAV 20170712
CMC 20170711
Comodo 20170712
Cylance 20170712
Cyren 20170712
DrWeb 20170712
Emsisoft 20170712
ESET-NOD32 20170712
F-Prot 20170712
F-Secure 20170712
Fortinet 20170629
GData 20170712
Ikarus 20170712
Sophos ML 20170607
Jiangmin 20170712
K7AntiVirus 20170712
K7GW 20170712
Kaspersky 20170712
Kingsoft 20170712
Malwarebytes 20170712
MAX 20170712
McAfee 20170712
McAfee-GW-Edition 20170712
Microsoft 20170712
eScan 20170712
NANO-Antivirus 20170712
nProtect 20170712
Palo Alto Networks (Known Signatures) 20170712
Panda 20170711
Qihoo-360 20170712
Rising 20170712
SentinelOne (Static ML) 20170516
Sophos AV 20170712
SUPERAntiSpyware 20170712
Symantec Mobile Insight 20170712
Tencent 20170712
TheHacker 20170709
TrendMicro 20170712
TrendMicro-HouseCall 20170712
Trustlook 20170712
VBA32 20170711
VIPRE 20170712
ViRobot 20170712
Webroot 20170712
WhiteArmor 20170706
Yandex 20170712
Zillya 20170711
ZoneAlarm by Check Point 20170712
Zoner 20170712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-12 10:08:48
Entry Point 0x004E4900
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegSaveKeyW
ImageList_Add
NetWkstaGetInfo
OleDraw
VariantCopy
SHGetMalloc
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 50
RT_BITMAP 29
RT_RCDATA 19
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_DIALOG 2
RT_MANIFEST 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 56
NEUTRAL 54
ENGLISH NEUTRAL 7
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
3649536

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
176128

EntryPoint
0x4e4900

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2017:07:12 11:08:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1478656

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 aa90146ef0dc9f494a570a1c42dc6f1b
SHA1 b54bf49f49905c7b0c3c90d61017803f5329285d
SHA256 aa36f425e08d7bc0b06a833e7cb7d1d60ea319016d7ff80a5d9da32a810dd128
ssdeep
49152:Yf5o16VA3968o1fth+1TdQd9J9KrLK34XiPMaLnDaC:sHu3oP1fjPdD9X34QfjDaC

authentihash 495972770948e153fe4910ab3e1d304ec31e2238383b209b7367333856b46cdc
imphash 9a66fce0b142e54130a42662f6696f3e
Размер файла 1.6 MБ ( 1654272 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.3%)
Win32 Executable (generic) (7.0%)
Win16/32 Executable Delphi generic (3.2%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-07-12 10:18:31 UTC (1 год, 1 месяц назад)
Last submission 2017-07-12 10:18:31 UTC (1 год, 1 месяц назад)
Имена файлов TO Hack 1.0.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications