× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: cca573bc2ae8dab289f569a54c616a955fc90a2cdc106269eca78aa36d7f555d
Имя файла: PatchPae2.exe
Показатель выявления: 0 / 56
Дата анализа: 2015-08-21 05:28:12 UTC (3 лет, 7 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20150821
AegisLab 20150820
Yandex 20150820
AhnLab-V3 20150820
Alibaba 20150821
ALYac 20150821
Antiy-AVL 20150821
Arcabit 20150821
Avast 20150821
AVG 20150821
Avira (no cloud) 20150820
AVware 20150821
Baidu-International 20150820
BitDefender 20150821
Bkav 20150821
ByteHero 20150821
CAT-QuickHeal 20150820
ClamAV 20150821
CMC 20150819
Comodo 20150821
Cyren 20150821
DrWeb 20150821
Emsisoft 20150821
ESET-NOD32 20150821
F-Prot 20150821
F-Secure 20150821
Fortinet 20150821
GData 20150821
Ikarus 20150821
Jiangmin 20150820
K7AntiVirus 20150820
K7GW 20150821
Kaspersky 20150821
Kingsoft 20150821
Malwarebytes 20150821
McAfee 20150821
McAfee-GW-Edition 20150821
Microsoft 20150821
eScan 20150821
NANO-Antivirus 20150821
nProtect 20150820
Panda 20150820
Qihoo-360 20150821
Rising 20150817
Sophos AV 20150821
SUPERAntiSpyware 20150821
Symantec 20150820
Tencent 20150821
TheHacker 20150820
TrendMicro 20150821
TrendMicro-HouseCall 20150821
VBA32 20150820
VIPRE 20150821
ViRobot 20150821
Zillya 20150820
Zoner 20150821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-23 16:29:27
Entry Point 0x00003FB2
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
CopyFileW
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
GetSystemDefaultLangID
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
WriteConsoleW
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
SetLastError
LeaveCriticalSection
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
UnMapAndLoad
MapAndLoad
NtQuerySystemInformation
RtlAllocateHeap
RtlMultiByteToUnicodeSize
RtlUpcaseUnicodeChar
RtlInitializeSListHead
RtlUnicodeToMultiByteN
NtCreateKeyedEvent
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteSize
RtlCreateHeap
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlInterlockedPushEntrySList
RtlUnwind
RtlFindMessage
RtlGetVersion
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:23 17:29:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54272

LinkerVersion
10.0

EntryPoint
0x3fb2

InitializedDataSize
34304

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1568e451c38d2be2ae7a11ef900da2c8
SHA1 ae16dfd949c234412c236331118e72bcee58c1e7
SHA256 cca573bc2ae8dab289f569a54c616a955fc90a2cdc106269eca78aa36d7f555d
ssdeep
1536:THvwcC/qxtkzXE03PQaFmhExnror5PX7AdWnk3:7qWtY3b2B7AdWnk

authentihash 2999e2b617d3b34ead6f9677a509a3a411e0c22415fcf2a48a7a5309fbe74cab
imphash 337bcf544958ecce15fc1685c1c0c544
Размер файла 87.5 KБ ( 89600 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-01 18:56:25 UTC (3 лет, 7 месяцев назад)
Last submission 2016-01-26 20:43:25 UTC (3 лет, 1 месяц назад)
Имена файлов PatchPae2.exe
PatchPae2.exe
PatchPae2.exe
? (59).vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.