× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: bde86db4358f96d4df43ca42aa937b853fe788c547505b0eb819933473b7ab19
Имя файла: CFRF.exe
Показатель выявления: 21 / 58
Дата анализа: 2017-02-26 09:21:08 UTC (1 год, 5 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Avast Win32:Evo-gen [Susp] 20170226
AVG Skodna.GameHack.ACOM 20170226
Avira (no cloud) TR/Crypt.XPACK.Gen 20170225
AVware Trojan.Win32.Generic!BT 20170226
Bkav HW32.Packed.3522 20170225
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170130
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/GameHack.AUH potentially unsafe 20170226
Fortinet Riskware/GameHack 20170226
Ikarus Trojan.Win32.VMProtect 20170226
Sophos ML generic.a 20170203
K7GW Unwanted-Program ( 004f89281 ) 20170226
Kaspersky UDS:DangerousObject.Multi.Generic 20170226
Malwarebytes PUP.Optional.Amonetize 20170226
McAfee Packed-GV!3C23B1A667FA 20170225
McAfee-GW-Edition BehavesLike.Win32.PUPXAB.vc 20170226
Qihoo-360 Win32/Trojan.97a 20170226
Rising Malware.Generic.1!tfe (thunder:1:4u7uReay3eG) 20170226
Sophos AV Generic PUA IE (PUA) 20170226
Symantec Trojan.Gen.2 20170226
VIPRE Trojan.Win32.Generic!BT 20170226
Ad-Aware 20170226
AegisLab 20170226
AhnLab-V3 20170225
Alibaba 20170224
ALYac 20170225
Antiy-AVL 20170226
Arcabit 20170226
Baidu 20170224
BitDefender 20170226
CAT-QuickHeal 20170225
ClamAV 20170226
CMC 20170226
Comodo 20170226
Cyren 20170226
DrWeb 20170226
Emsisoft 20170226
F-Prot 20170226
F-Secure 20170226
GData 20170226
Jiangmin 20170226
K7AntiVirus 20170226
Kingsoft 20170226
Microsoft 20170226
eScan 20170226
NANO-Antivirus 20170226
nProtect 20170226
Panda 20170225
SUPERAntiSpyware 20170226
Tencent 20170226
TheHacker 20170223
TrendMicro 20170226
TrendMicro-HouseCall 20170226
Trustlook 20170226
VBA32 20170224
ViRobot 20170225
Webroot 20170226
WhiteArmor 20170222
Yandex 20170225
Zillya 20170224
Zoner 20170226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
ReversingLabs Taggant packer details
Validity
Valid taggant block

Full file hash
Valid

PKI chain
Valid

Packer VMProtect (3.0.447)
User
Validity Valid
Serial Number 061F61EF1808D9D99C44B00CB0C6FAD6
SPV
Validity Valid
Serial Number 25A28E418EF2D55B87EE715B42AFBEDB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-22 18:23:32
Entry Point 0x02279171
Number of sections 7
PE sections
PE imports
CloseServiceHandle
OpenProcessToken
EnumServicesStatusExW
RegQueryValueExA
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
InitCommonControlsEx
GetStockObject
SetThreadAffinityMask
LocalFree
GetCurrentProcess
GetProcessAffinityMask
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
GetLastError
FreeLibrary
ExitProcess
Sleep
SetProcessAffinityMask
GetVersionExA
LoadLibraryA
GetCurrentThread
CoInitialize
ShellExecuteExA
CharUpperBuffW
SetTimer
timeBeginPeriod
closesocket
WTSSendMessageW
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:22 19:23:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14873088

LinkerVersion
2.5

EntryPoint
0x2279171

InitializedDataSize
5632

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 3c23b1a667faa5c94fa259da8bbf32bc
SHA1 840666053a0ef276f3aa7dd06118f975e6b4425a
SHA256 bde86db4358f96d4df43ca42aa937b853fe788c547505b0eb819933473b7ab19
ssdeep
393216:dQY6ghk9edypoGC6XMDXuJ3KfNNmT8G0mPmLnJSIAaVQraT0WH:LwgmMjjIr0mUnU6V7wo

authentihash 2b099d351b2a992041bc5d5ccc276f4dd4105644bb5805897dc96aafbe679492
imphash c0a6dd3fd40a1043d0caf88965d32513
Размер файла 14.2 MБ ( 14879744 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-25 21:07:29 UTC (1 год, 5 месяцев назад)
Last submission 2017-02-26 18:42:51 UTC (1 год, 5 месяцев назад)
Имена файлов CFRF v15.2.exe
CFRF.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files