× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: d3629ff47d2ad9a3f505857f81844ad9a0ce9eea80696dcd3186308becf4d32c
Имя файла: KBZ II v57.exe
Показатель выявления: 1 / 56
Дата анализа: 2016-10-23 11:10:18 UTC (2 месяцев, 3 недель назад) Показать последний анализ
Антивирус Результат Дата обновления
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20161023
ALYac 20161023
AVG 20161023
AVware 20161023
Ad-Aware 20161023
AegisLab 20161023
AhnLab-V3 20161022
Alibaba 20161022
Antiy-AVL 20161023
Arcabit 20161023
Avast 20161023
Avira (no cloud) 20161022
Baidu 20161022
BitDefender 20161023
Bkav 20161022
CAT-QuickHeal 20161022
CMC 20161023
ClamAV 20161023
Comodo 20161023
CrowdStrike Falcon (ML) 20160725
Cyren 20161023
DrWeb 20161023
ESET-NOD32 20161023
Emsisoft 20161023
F-Prot 20161023
F-Secure 20161022
Fortinet 20161023
GData 20161023
Ikarus 20161023
Invincea 20161018
Jiangmin 20161023
K7AntiVirus 20161023
K7GW 20161023
Kaspersky 20161023
Kingsoft 20161023
Malwarebytes 20161023
McAfee 20161023
McAfee-GW-Edition 20161023
eScan 20161023
Microsoft 20161023
NANO-Antivirus 20161023
Panda 20161023
Rising 20161023
SUPERAntiSpyware 20161023
Sophos 20161023
Symantec 20161023
Tencent 20161023
TheHacker 20161022
TrendMicro 20161023
TrendMicro-HouseCall 20161023
VBA32 20161022
VIPRE 20161023
ViRobot 20161023
Yandex 20161022
Zillya 20161022
Zoner 20161023
nProtect 20161023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 53.0.0.0
Comments By VLAGISLAV
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-21 20:53:03
Entry Point 0x00654680
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegSaveKeyW
ImageList_Add
ChooseColorW
OleDraw
VariantCopy
SHGetMalloc
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 50
RT_BITMAP 29
RT_RCDATA 24
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_DIALOG 2
RT_MANIFEST 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 59
ENGLISH US 56
ENGLISH NEUTRAL 7
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
4472832

Comments
By VLAGISLAV

InitializedDataSize
28672

ImageVersion
0.0

FileVersionNumber
53.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

EntryPoint
0x654680

MIMEType
application/octet-stream

FileVersion
53.0.0.0

TimeStamp
2016:10:21 21:53:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
53.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
hack-games-vk.ru

CodeSize
2162688

FileSubtype
0

ProductVersionNumber
53.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b208a3402e023e3311d0fe2d9474a89d
SHA1 d79faf3e8767959228b8f778d0d41e59b36159e5
SHA256 d3629ff47d2ad9a3f505857f81844ad9a0ce9eea80696dcd3186308becf4d32c
ssdeep
49152:Zqw7JMh92/JXE4rKp9REcA7uyJZXWGa78noT4sZl:IPItrKr7+uWmGauoT4

authentihash c0085d0d8cf9c1a0308b03953245bbef435c0e118df19a164b970231a512747b
imphash 10ae4c4547429410b5e614344e091c21
Размер файла 2.1 MБ ( 2188288 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-10-23 11:10:18 UTC (2 месяцев, 3 недель назад)
Last submission 2016-11-19 23:34:43 UTC (1 месяц, 4 недель назад)
Имена файлов KBZ II v57.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications