× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: c23783746655bbd42709f9951e449a56b60d7c4bb74c399b7c2e032e754e3c47
Имя файла: CW Elite Hack v2.exe
Показатель выявления: 5 / 46
Дата анализа: 2016-09-02 09:22:24 UTC (2 лет, 4 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Bkav W32.eHeur.Virus02 20160901
ClamAV Win.Trojan.Sality-71541 20160902
CMC Virus.Win32.Sality!O 20160901
Ikarus Trojan.Win32.Spy 20160902
Sophos ML trojan.win32.valcaryx.a 20160830
Ad-Aware 20160902
AegisLab 20160902
AhnLab-V3 20160902
Alibaba 20160901
ALYac 20160902
Antiy-AVL 20160902
Arcabit 20160902
Avast 20160902
AVG 20160902
Avira (no cloud) 20160902
AVware 20160902
Baidu 20160902
BitDefender 20160902
CAT-QuickHeal 20160902
Comodo 20160902
Cyren 20160902
DrWeb 20160902
Emsisoft 20160902
ESET-NOD32 20160902
F-Prot 20160902
F-Secure 20160902
Fortinet 20160902
GData 20160902
Jiangmin 20160902
K7AntiVirus 20160902
K7GW 20160902
Kaspersky 20160902
Kingsoft 20160902
Malwarebytes 20160902
McAfee 20160902
McAfee-GW-Edition 20160902
Microsoft 20160902
eScan 20160902
NANO-Antivirus 20160902
nProtect 20160902
Panda 20160901
Qihoo-360 20160902
Rising 20160902
Sophos AV 20160902
SUPERAntiSpyware 20160901
Symantec 20160902
Tencent 20160902
TheHacker 20160902
TrendMicro 20160902
TrendMicro-HouseCall 20160902
VBA32 20160901
VIPRE 20160831
ViRobot 20160902
Yandex 20160901
Zillya 20160902
Zoner 20160902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-29 07:23:28
Entry Point 0x003D6498
Number of sections 3
PE sections
PE imports
GetProcAddress
GetModuleHandleA
RegCloseKey
ImageList_Add
NetWkstaGetInfo
IsEqualGUID
SysFreeString
ExtractIconW
CharNextW
VerQueryValueW
OpenPrinterW
PE exports
Number of PE resources by type
RT_STRING 34
RT_BITMAP 29
RT_RCDATA 18
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_DIALOG 2
RT_MANIFEST 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 56
NEUTRAL 37
ENGLISH NEUTRAL 7
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
648192

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2016:05:29 08:23:28+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
3314688

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x3d6498

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 94a29f84324c0acc23b46d62d43404c0
SHA1 303628e74ec6633d41e7f1d38e6eae95e56e9b45
SHA256 c23783746655bbd42709f9951e449a56b60d7c4bb74c399b7c2e032e754e3c47
ssdeep
24576:P1p1Kmaqg4Loq9Q5CY6KXGRk1p/ENlBrCovesCLvzJjT1kX/Nu3ep0Z8:PD1KmVLomKiMpSBmovesCDVfqPwe+e

authentihash 79ebedaf56667ec3623fb22135509582f424c4c6f3268f2b41f3fde59d44d30d
imphash 0cb2f080697b86ecb1db618666143a4b
Размер файла 1.1 MБ ( 1189376 bytes )
Тип файла Win32 EXE
Описание
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-30 11:46:06 UTC (2 лет, 7 месяцев назад)
Last submission 2017-04-07 10:35:24 UTC (1 год, 9 месяцев назад)
Имена файлов CONTRACT WARS.exe
CW Elite Hack v2.exe
Project Elite.exe
cw 2017.exe
CW Elite Hack v2(3).exe
CW Elite Hack v2(1).exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
TCP connections
UDP communications