× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: cbc1a51c0c1c93a97058ec85fc70b860f8f5bc5d981a2ac66ca67acaa7bef393
Имя файла: iMine (2).exe
Показатель выявления: 0 / 63
Дата анализа: 2018-01-03 19:53:44 UTC (7 месяцев, 1 неделя назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20171225
AegisLab 20180103
AhnLab-V3 20180103
Alibaba 20180103
ALYac 20180103
Antiy-AVL 20180103
Arcabit 20180103
Avast 20180103
Avast-Mobile 20180103
AVG 20180103
Avira (no cloud) 20180103
AVware 20180103
Baidu 20180103
BitDefender 20180103
Bkav 20180103
CAT-QuickHeal 20180103
ClamAV 20180103
CMC 20180103
Comodo 20180103
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20180103
DrWeb 20180103
eGambit 20180103
Emsisoft 20180103
Endgame 20171130
ESET-NOD32 20180103
F-Prot 20180103
F-Secure 20180103
Fortinet 20180103
GData 20180103
Sophos ML 20170914
Jiangmin 20180103
K7AntiVirus 20180103
K7GW 20180103
Kingsoft 20180103
Malwarebytes 20180103
MAX 20180103
McAfee 20180102
McAfee-GW-Edition 20180103
Microsoft 20180103
eScan 20180103
nProtect 20180103
Palo Alto Networks (Known Signatures) 20180103
Panda 20180103
Qihoo-360 20180103
Rising 20180103
SentinelOne (Static ML) 20171224
Sophos AV 20180103
SUPERAntiSpyware 20180103
Symantec 20180103
Tencent 20180103
TheHacker 20180103
TrendMicro 20180103
TrendMicro-HouseCall 20180103
Trustlook 20180103
VBA32 20180103
VIPRE 20180103
ViRobot 20180103
Webroot 20180103
WhiteArmor 20171226
Yandex 20171229
Zillya 20180103
ZoneAlarm by Check Point 20180103
Zoner 20180103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, ZIP, embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-02 21:26:47
Entry Point 0x00001290
Number of sections 6
PE sections
Overlays
MD5 35c26f41eb9cdf0ca8f22813b3c3bdfa
File type application/zip
Offset 31744
Size 2659827
Entropy 7.99
PE imports
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
GetLastError
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GetModuleFileNameA
GetCurrentProcess
LockResource
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
CreateMutexA
FindResourceExA
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GlobalMemoryStatusEx
SetEnvironmentVariableA
LocalFree
CreateProcessA
GetEnvironmentVariableA
LoadResource
FormatMessageA
SetLastError
ShellExecuteA
GetWindowThreadProcessId
GetMessageA
FindWindowExA
CreateWindowExA
LoadImageA
TranslateMessage
GetWindowLongA
DispatchMessageA
GetWindowRect
EnumWindows
SendMessageA
SetForegroundWindow
KillTimer
SetTimer
PostQuitMessage
GetWindowTextA
ShowWindow
GetSystemMetrics
UpdateWindow
SetWindowPos
MessageBoxA
__p__fmode
__p__environ
memset
fclose
strcat
atexit
strncat
_setmode
printf
fopen
strlen
strncpy
_cexit
_itoa
puts
strtok
_chdir
_open
_onexit
_findclose
strrchr
_close
strchr
strpbrk
atoi
__getmainargs
_stat
strstr
_read
_findnext
strcmp
_findfirst
strcpy
fwrite
fprintf
__set_app_type
signal
_iob
Number of PE resources by type
RT_RCDATA 12
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:01:02 22:26:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
19456

LinkerVersion
2.22

EntryPoint
0x1290

InitializedDataSize
11264

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
36864

File identification
MD5 08160be373515d04287d01fef9a2423e
SHA1 9679d5b79db003b631a73ecc74309afeb79c2d47
SHA256 cbc1a51c0c1c93a97058ec85fc70b860f8f5bc5d981a2ac66ca67acaa7bef393
ssdeep
49152:bI1Fdt/3f255JrHoqmQ6Z0GJ+OYIdvE18H5IktwPKqmxMnx4p0u8t/9r:kvdtW5jrHhdIJ+OYEvE0NeXeMx4GB

authentihash 86f90ae9ac6c65b9973f8260e0eb676f90f4859be39afcdb30d19d07ed8fcff6
imphash 6011984d7c1f1b97a34d7517a498bff8
Размер файла 2.6 MБ ( 2691571 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-01-02 21:27:54 UTC (7 месяцев, 1 неделя назад)
Last submission 2018-01-03 21:16:16 UTC (7 месяцев, 1 неделя назад)
Имена файлов 1.exe
iMine.exe
iMine (2).exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.