× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: c51154244acdb68981a001dfbf145aa0f42e42deea34378a297e5c8589b71ff2
Имя файла: Nickmancraft.exe
Показатель выявления: 1 / 68
Дата анализа: 2018-12-02 13:19:59 UTC (1 неделя, 1 день назад) Показать последний анализ
Антивирус Результат Дата обновления
McAfee-GW-Edition BehavesLike.Win32.Downloader.vc 20181202
Ad-Aware 20181202
AegisLab 20181202
AhnLab-V3 20181202
Alibaba 20180921
ALYac 20181202
Antiy-AVL 20181202
Arcabit 20181202
Avast 20181202
Avast-Mobile 20181202
AVG 20181202
Avira (no cloud) 20181202
Babable 20180918
Baidu 20181130
BitDefender 20181202
Bkav 20181129
CAT-QuickHeal 20181202
ClamAV 20181202
CMC 20181202
Comodo 20181202
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181202
Cyren 20181202
DrWeb 20181202
eGambit 20181202
Emsisoft 20181202
Endgame 20181108
ESET-NOD32 20181202
F-Prot 20181202
F-Secure 20181202
Fortinet 20181202
GData 20181202
Ikarus 20181202
Sophos ML 20181128
Jiangmin 20181202
K7AntiVirus 20181202
K7GW 20181202
Kaspersky 20181202
Kingsoft 20181202
Malwarebytes 20181202
MAX 20181202
McAfee 20181202
Microsoft 20181202
eScan 20181202
NANO-Antivirus 20181202
Palo Alto Networks (Known Signatures) 20181202
Panda 20181202
Qihoo-360 20181202
Rising 20181202
SentinelOne (Static ML) 20181011
Sophos AV 20181202
SUPERAntiSpyware 20181128
Symantec 20181201
Symantec Mobile Insight 20181121
TACHYON 20181202
Tencent 20181202
TheHacker 20181129
Trapmine 20181128
TrendMicro 20181202
TrendMicro-HouseCall 20181202
Trustlook 20181202
VBA32 20181130
ViRobot 20181202
Webroot 20181202
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181202
Zoner 20181202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP, embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-22 21:08:50
Entry Point 0x00001290
Number of sections 6
PE sections
Overlays
MD5 ace3731bd8a25d4648f89039b775d290
File type application/zip
Offset 81920
Size 2588969
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
GetLastError
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GetModuleFileNameA
GetCurrentProcess
LockResource
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
CreateMutexA
FindResourceExA
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GlobalMemoryStatusEx
SetEnvironmentVariableA
LocalFree
CreateProcessA
GetEnvironmentVariableA
LoadResource
FormatMessageA
SetLastError
ShellExecuteA
GetWindowThreadProcessId
GetMessageA
FindWindowExA
CreateWindowExA
LoadImageA
TranslateMessage
GetWindowLongA
DispatchMessageA
GetWindowRect
EnumWindows
SendMessageA
SetForegroundWindow
KillTimer
SetTimer
PostQuitMessage
GetWindowTextA
ShowWindow
GetSystemMetrics
UpdateWindow
SetWindowPos
MessageBoxA
__p__fmode
__p__environ
memset
fclose
strcat
atexit
strncat
_setmode
printf
fopen
strlen
strncpy
_cexit
_itoa
puts
strtok
_chdir
_open
_onexit
_findclose
strrchr
_close
strchr
strpbrk
atoi
__getmainargs
_stat
strstr
_read
_findnext
strcmp
_findfirst
strcpy
fwrite
fprintf
__set_app_type
signal
_iob
Number of PE resources by type
RT_RCDATA 11
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:22 22:08:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
2.22

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x1290

InitializedDataSize
56832

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
36352

File identification
MD5 b103444aae22dee7bca715ac151635b4
SHA1 46933d29d71dd20e4ce8c33589a2a7de166ab91a
SHA256 c51154244acdb68981a001dfbf145aa0f42e42deea34378a297e5c8589b71ff2
ssdeep
49152:SMfdcR44MZgLTfjswHjdB/52Y3/nJLT1xfREzYgMKlXXEWDlsVTT4A:SM1wfwy6YvnJXfREJJlXUWD2VX4A

authentihash 85f664a62ab303a1b105a2b95a8e41d15170d702fc805ed9925e441dc27e10e6
imphash 6011984d7c1f1b97a34d7517a498bff8
Размер файла 2.5 MБ ( 2670889 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-02 13:19:59 UTC (1 неделя, 1 день назад)
Last submission 2018-12-02 13:19:59 UTC (1 неделя, 1 день назад)
Имена файлов Nickmancraft.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.