Antivirus scan for b6adcb09b1eee8c63a8f64dc8e98102cb200206f0eb3eabd410fe3073af2aed9 at 2014-11-28 23:55:33 UTC

Антивирус	Результат	Дата обновления
Norman	Heuristic_Suspicious.gen!r	20141128
Qihoo-360	HEUR/QVM19.1.Malware.Gen	20141129
Rising	PE:Malware.XPACK-LNR/Heur!1.5594	20141126
Symantec	WS.Reputation.1	20141129
TheHacker	Trojan/CryptX.gen	20141124
TrendMicro-HouseCall	Suspicious_GEN.F47V1122	20141128
Ad-Aware		20141128
AegisLab		20141128
Yandex		20141128
AhnLab-V3		20141128
ALYac		20141128
Antiy-AVL		20141128
Avast		20141128
AVG		20141128
Avira (no cloud)		20141128
AVware		20141121
Baidu-International		20141128
BitDefender		20141128
Bkav		20141127
ByteHero		20141129
CAT-QuickHeal		20141128
ClamAV		20141128
CMC		20141127
Comodo		20141128
Cyren		20141128
DrWeb		20141128
Emsisoft		20141128
ESET-NOD32		20141128
F-Prot		20141128
F-Secure		20141128
Fortinet		20141128
GData		20141128
Ikarus		20141129
Jiangmin		20141127
K7AntiVirus		20141128
K7GW		20141128
Kaspersky		20141129
Kingsoft		20141129
Malwarebytes		20141129
McAfee		20141129
McAfee-GW-Edition		20141129
Microsoft		20141129
eScan		20141129
NANO-Antivirus		20141128
nProtect		20141128
Panda		20141128
Sophos AV		20141128
SUPERAntiSpyware		20141128
Tencent		20141129
TotalDefense		20141129
TrendMicro		20141129
VBA32		20141128
VIPRE		20141128
ViRobot		20141128
Zillya		20141127
Zoner		20141127

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product kaskad

Internal name kaskad

File version 1.0

Description kaskad Application

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2014-11-22 02:21:13

Entry Point 0x006A1814

Number of sections 8

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 5369856 5367296 8.00 297d488ef2f5810aa818fd71ef9eac23

.text1 5373952 4096 512 7.57 76b6cdbc9e2e93580b3e69d5b02ee22f

.rdata 5378048 229376 226304 8.00 67be49225f0dfe1ca4b92f665f7af03d

.data 5607424 380928 101376 8.00 0a89245b49745b5a23161352e5a80a64

.data1 5988352 12288 11264 7.98 fc79d67814c43837453a879525ec2de9

.trace 6000640 12288 10752 7.98 77d461659e90f1bd1420840635b4ca01

.rsrc 6012928 24576 24576 5.19 61109fcafdf0acbc4ad16ff0604ec281

.idata 6037504 3276800 3275264 7.96 dad87d49a3efc490af3c4ee5ca3d4e54

PE imports

Number of PE resources by type

RT_ICON 6

RT_DIALOG 1

RT_MANIFEST 1

RT_STRING 1

RT_VERSION 1

RT_GROUP_ICON 1

Number of PE resources by language

ENGLISH US 10

NEUTRAL 1

PE resources

1fcc771647cd2aad4d379283103da358730e40def126651b1386c8d631cefc19 data

21d35aa40e8a55ffd168cdc870a04ebc291d89123aa597374118cf5f1548bc79 data

49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e ASCII text

4a2d022975e1b62b89e1e757b73f563b68b21b71edf8cac8dbbf062b2cb2d2fe data

5ff3ead1b101708ad179b5088bd8efee53fb6e25d061c1a265e88763b3d5cee1 data

647d31b483409858b219d68fec91c6e344991fc836523b12b6fbd1178d787f7f data

6ea75dffb0e7fed2f6b927a9353ae39f64c01da6b2d55bdc4c402e155f8b4645 data

73ba4fd34c6048a23e3771f329a346093b00ef8fba2b530fc6d97b55144f9e64 ASCII text

9385f97659fc1689c6b87f0f0d5bd18f596870b2da67c87ab360f58d3b4a75e9 data

9696099d2d093181e12839ba00a5fb20a34cff035694620d7d82d414858ed216 data

ExifTool file metadata

SubsystemVersion

5.0

LinkerVersion

9.0

ImageVersion

0.0

FileSubtype

FileVersionNumber

1.0.0.0

UninitializedDataSize

3276800

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

CharacterSet

Windows, Latin1

InitializedDataSize

374272

EntryPoint

0x6a1814

MIMEType

application/octet-stream

FileVersion

1.0

TimeStamp

2014:11:22 03:21:13+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

kaskad

ProductVersion

1.0

FileDescription

kaskad Application

OSVersion

5.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

My Company

CodeSize

5367808

ProductName

kaskad

ProductVersionNumber

1.0.0.0

FileTypeExtension

exe

ObjectFileType

Executable application

Compressed bundles

This file was also submitted to VirusTotal in the following compressed file bundles.

082be7a9079237a51f07f66ec4d27f9eeb5491eb10c48b357f23a93a7f6fa8e3

File identification

MD5 78ced501374d39f03b7dc5e4a27ad78e

SHA1 bba6d02ddc9098ed35bb68d1af6209e48c9296c3

SHA256 b6adcb09b1eee8c63a8f64dc8e98102cb200206f0eb3eabd410fe3073af2aed9

ssdeep

196608:Qrhd4UI53XtEvBPqOxT+iBN2qN4nTaq9j7x5m1ai:ahdBTBjbKTaq954s

authentihash 1095a59527aa4c5c34b59527beda19836853834bf18ab43a2649b1b63723f470

imphash 5e6e032642d9488117e403d00fc21f47

Размер файла 8.6 MБ ( 9021440 bytes )

Тип файла Win32 EXE

Описание

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Executable (generic) (52.9%) Generic Win/DOS Executable (23.5%) DOS Executable Generic (23.5%)

VirusTotal metadata

First submission 2014-11-22 19:49:16 UTC (2 лет, 8 месяцев назад)

Last submission 2016-01-27 18:53:01 UTC (1 год, 5 месяцев назад)

Имена файлов

print-lk242.EXE
kaskad

Advanced heuristic and reputation engines

Symantec reputation Suspicious.Insight

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Вход Вступить в сообщество

SHA256:	b6adcb09b1eee8c63a8f64dc8e98102cb200206f0eb3eabd410fe3073af2aed9
Имя файла:	print-lk242.EXE
Показатель выявления:	6 / 56
Дата анализа:	2014-11-28 23:55:33 UTC (2 лет, 7 месяцев назад) Показать последний анализ

Ciphered bundle