× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: b8f53405692a433f5d311a1bb21f83799c4a759c9e842971e1500c6b35f90f45
Имя файла: cd7f0284f28f0223e49925059eb9bc42.virus
Показатель выявления: 39 / 68
Дата анализа: 2017-11-12 21:27:52 UTC (1 год, 6 месяцев назад)
Антивирус Результат Дата обновления
Ad-Aware Trojan.Agent.CPWE 20171112
ALYac Trojan.Agent.CPWE 20171110
Antiy-AVL Trojan/Win32.TSGeneric 20171112
Arcabit Trojan.Agent.CPWE 20171112
Avast Win32:Malware-gen 20171112
AVG Win32:Malware-gen 20171112
Baidu Win32.Trojan.Kryptik.rb 20171109
BitDefender Trojan.Agent.CPWE 20171112
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171112
DrWeb Trojan.PWS.Panda.11620 20171112
eGambit Unsafe.AI_Score_99% 20171112
Emsisoft Trojan.Agent.CPWE (B) 20171112
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYQP 20171112
F-Secure Trojan.Agent.CPWE 20171112
Fortinet W32/GenKryptik.BCIL!tr.ransom 20171112
GData Trojan.Agent.CPWE 20171112
Ikarus Trojan.Win32.Crypt 20171112
Sophos ML heuristic 20170914
K7GW Trojan ( 0051b22b1 ) 20171112
Kaspersky Trojan.Win32.Refinka.iuq 20171112
MAX malware (ai score=82) 20171112
McAfee Ransomware-GIP!CD7F0284F28F 20171112
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.cc 20171112
Microsoft Trojan:Win32/Skeeyah.A!rfn 20171112
eScan Trojan.Agent.CPWE 20171112
Panda Trj/Genetic.gen 20171112
Qihoo-360 HEUR/QVM19.1.2511.Malware.Gen 20171112
Rising Trojan.Kryptik!1.AE8C (CLASSIC) 20171112
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171112
Symantec Packed.Generic.493 20171112
Tencent Suspicious.Heuristic.Gen.b.0 20171112
TrendMicro TROJ_GEN.R004C0OKC17 20171112
TrendMicro-HouseCall TROJ_GEN.R004C0OKC17 20171112
VIPRE Trojan.Win32.Generic!BT 20171112
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point Trojan.Win32.Refinka.iuq 20171112
AegisLab 20171112
AhnLab-V3 20171112
Alibaba 20170911
Avast-Mobile 20171112
Avira (no cloud) 20171112
AVware 20171111
Bkav 20171111
CAT-QuickHeal 20171111
ClamAV 20171112
CMC 20171109
Comodo 20171112
Cybereason 20171030
Cyren 20171112
F-Prot 20171112
Jiangmin 20171110
K7AntiVirus 20171112
Kingsoft 20171112
Malwarebytes 20171112
NANO-Antivirus 20171112
nProtect 20171112
Palo Alto Networks (Known Signatures) 20171112
SUPERAntiSpyware 20171112
Symantec Mobile Insight 20171110
TheHacker 20171112
TotalDefense 20171112
Trustlook 20171112
VBA32 20171110
ViRobot 20171112
Webroot 20171112
Yandex 20171110
Zillya 20171110
Zoner 20171112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-11 07:05:41
Entry Point 0x0000AC5F
Number of sections 4
PE sections
PE imports
CertFreeCRLContext
CryptHashMessage
CertGetNameStringA
CertDeleteCRLFromStore
CryptMemAlloc
CertFindChainInStore
CertFindAttribute
CertSaveStore
CertFindExtension
CertCreateCRLContext
CertFindCRLInStore
ConnectionRead
ConnectionWrite
ConnectionVer
IsBadStringPtrW
ReadConsoleA
MoveFileA
SearchPathW
LoadLibraryW
GetCurrentProcessId
GetModuleHandleA
GetSystemDirectoryW
lstrcat
GetCommandLineA
GetFileSize
GetStartupInfoW
CreateMailslotA
FindNextFileA
DeleteFileW
GetVersion
GetProcAddress
WaitForSingleObjectEx
GetCurrentThreadId
GetExpandedNameA
drvGetDefaultCommConfigA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
Chkdsk
FormatEx
Recover
SetFocus
wsprintfA
LoadImageW
PeekMessageW
IsDialogMessageW
GetPropW
CreateDesktopW
DispatchMessageW
ShowWindow
DialogBoxParamA
GetWindow
IsCharLowerW
LoadMenuW
GetClassLongA
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:11 08:05:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
60928

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
121344

SubsystemVersion
5.1

EntryPoint
0xac5f

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 cd7f0284f28f0223e49925059eb9bc42
SHA1 c22f70f02eca66bcc59daed2fc9e8d3c086bc962
SHA256 b8f53405692a433f5d311a1bb21f83799c4a759c9e842971e1500c6b35f90f45
ssdeep
3072:omImX2ir7vPs/aQLWjjTWhT6IMqul6AYTxy3D38x:om7X2i3PsSLjehThRo6AQxy3z8

authentihash 69736829e05e48214cd9191d90a07a00a640594b41629da16d3583343b09defd
imphash 32185986a89c96cd5540eb54ccd0260c
Размер файла 179.0 KБ ( 183296 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-12 21:27:52 UTC (1 год, 6 месяцев назад)
Last submission 2017-11-12 21:27:52 UTC (1 год, 6 месяцев назад)
Имена файлов 1032-c22f70f02eca66bcc59daed2fc9e8d3c086bc962
cd7f0284f28f0223e49925059eb9bc42.virus
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs