× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: dede46c22d2bff88c40abf4ef30656365a491d65a9d6a5d6f9bae8d9d80770c1
Имя файла: SOS.v2017.02.25.Free.exe
Показатель выявления: 1 / 59
Дата анализа: 2017-02-24 21:43:38 UTC (1 год, 11 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
CrowdStrike Falcon (ML) malicious_confidence_73% (D) 20170130
Ad-Aware 20170224
AegisLab 20170224
AhnLab-V3 20170224
Alibaba 20170224
ALYac 20170224
Antiy-AVL 20170224
Arcabit 20170224
Avast 20170224
AVG 20170224
Avira (no cloud) 20170224
AVware 20170224
Baidu 20170224
BitDefender 20170224
Bkav 20170224
CAT-QuickHeal 20170224
ClamAV 20170224
CMC 20170224
Comodo 20170224
Cyren 20170224
DrWeb 20170224
Emsisoft 20170224
Endgame 20170222
ESET-NOD32 20170224
F-Prot 20170224
F-Secure 20170224
Fortinet 20170224
GData 20170224
Ikarus 20170224
Sophos ML 20170203
Jiangmin 20170224
K7AntiVirus 20170224
K7GW 20170224
Kaspersky 20170224
Kingsoft 20170224
Malwarebytes 20170224
McAfee 20170224
McAfee-GW-Edition 20170224
Microsoft 20170224
eScan 20170224
NANO-Antivirus 20170224
nProtect 20170224
Panda 20170224
Qihoo-360 20170224
Rising 20170224
Sophos AV 20170224
SUPERAntiSpyware 20170224
Symantec 20170224
Tencent 20170224
TheHacker 20170223
TotalDefense 20170224
TrendMicro 20170224
TrendMicro-HouseCall 20170224
Trustlook 20170224
VBA32 20170224
VIPRE 20170224
ViRobot 20170224
Webroot 20170224
WhiteArmor 20170222
Yandex 20170222
Zillya 20170224
Zoner 20170224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Free Community

File version 2017.02.25
Description SOS.v2017.02.25.Free by docNemo
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 00:38:38
Entry Point 0x0001638F
Number of sections 4
PE sections
Overlays
MD5 e2ebfe104809d9627f932693ca4aa043
File type data
Offset 137216
Size 3713177
Entropy 8.00
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_controlfp
memmove
memcpy
_beginthreadex
_initterm
_exit
_EH_prolog
__set_app_type
SysFreeString
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
CopyImage
GetWindow
GetSysColor
DispatchMessageW
GetKeyState
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
PtInRect
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 13
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
2017.2.25.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
47104

EntryPoint
0x1638f

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2017.02.25

TimeStamp
2012:12:31 01:38:38+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
FREE

FileDescription
SOS.v2017.02.25.Free by docNemo

OSVersion
4.0

FileOS
Win32

LegalCopyright
Free Community

MachineType
Intel 386 or later, and compatibles

CompanyName
docNemo

CodeSize
89600

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 be7e1056b4f5d5ff2d2b48e5e51ad46c
SHA1 bd5eb6363012c0acf3aa85e7e361c2173941f2b0
SHA256 dede46c22d2bff88c40abf4ef30656365a491d65a9d6a5d6f9bae8d9d80770c1
ssdeep
98304:ItEDOTHEldxcDlx01AlajdJ1f/oBvifNpEcuwe:ItASHsxcDlxQAadJ1fgBKfNiRD

authentihash eda15427c11e5b854520a7d9b91789128e80e4292a967a27b4cbf2d126edbb96
imphash f6baa5eaa8231d4fe8e922a2e6d240ea
Размер файла 3.7 MБ ( 3850393 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-24 21:43:38 UTC (1 год, 11 месяцев назад)
Last submission 2017-02-24 21:43:38 UTC (1 год, 11 месяцев назад)
Имена файлов SOS.v2017.02.25.Free.exe
SOS.v2017.02.25.Free.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
UDP communications