× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e019f558e029ad4ddcb24676ed689b416d7c04b16d349310a4d4144a26441c95
Имя файла: KS v20.exe
Показатель выявления: 10 / 55
Дата анализа: 2016-11-30 18:35:46 UTC (1 месяц, 3 недель назад) Показать последний анализ
Антивирус Результат Дата обновления
AVG BackDoor.Generic19.AYVE 20161130
Avast Win32:Malware-gen 20161130
Avira (no cloud) TR/Agent.yrcms 20161130
CMC Virus.Win32.Sality!O 20161130
CrowdStrike Falcon (ML) malicious_confidence_76% (D) 20161024
DrWeb BackDoor.Poison.18765 20161130
Invincea trojan.win32.valcaryx.a 20161128
Rising Malware.Undefined!8.C-rVCWbOzWMOF (cloud) 20161130
TrendMicro TROJ_GEN.R015C0EKD16 20161130
TrendMicro-HouseCall TROJ_GEN.R015C0EKD16 20161130
ALYac 20161130
AVware 20161130
Ad-Aware 20161130
AegisLab 20161130
AhnLab-V3 20161130
Alibaba 20161130
Antiy-AVL 20161130
Arcabit 20161130
Baidu 20161130
BitDefender 20161130
CAT-QuickHeal 20161130
ClamAV 20161130
Comodo 20161130
Cyren 20161130
ESET-NOD32 20161130
Emsisoft 20161130
F-Prot 20161130
F-Secure 20161130
Fortinet 20161130
GData 20161130
Ikarus 20161130
Jiangmin 20161130
K7AntiVirus 20161130
K7GW 20161130
Kaspersky 20161130
Kingsoft 20161130
Malwarebytes 20161130
McAfee 20161130
McAfee-GW-Edition 20161130
eScan 20161130
Microsoft 20161130
NANO-Antivirus 20161130
Panda 20161130
Qihoo-360 20161130
SUPERAntiSpyware 20161130
Sophos 20161130
Symantec 20161130
Tencent 20161130
TheHacker 20161130
Trustlook 20161130
VBA32 20161130
VIPRE 20161130
ViRobot 20161130
WhiteArmor 20161125
Yandex 20161128
Zillya 20161130
Zoner 20161130
nProtect 20161130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 7.0.0.0
Comments by VLAGISLAV
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-30 16:43:52
Entry Point 0x0049D44D
Number of sections 3
PE sections
PE imports
GetProcAddress
GetModuleHandleA
RegCloseKey
ImageList_Add
OleDraw
SysFreeString
ExtractIconW
CharNextW
VerQueryValueW
OpenPrinterW
PE exports
Number of PE resources by type
RT_STRING 50
RT_BITMAP 29
RT_RCDATA 22
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_DIALOG 2
RT_MANIFEST 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 56
ENGLISH US 56
ENGLISH NEUTRAL 7
RUSSIAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
by VLAGISLAV

InitializedDataSize
707072

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
7.0.0.0

TimeStamp
2016:11:30 17:43:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
hack-games-vk.ru

CodeSize
4072448

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x49d44d

ObjectFileType
Executable application

PE resource-wise parents
File identification
MD5 23726bd9ce020dfc6f4e395bd0b9f984
SHA1 9e96f8f4746d7201d7ea21cd7ba79253b3ef583c
SHA256 e019f558e029ad4ddcb24676ed689b416d7c04b16d349310a4d4144a26441c95
ssdeep
24576:cMiNayY+UpNia0d+TZwkfQYoKFNTt8bG4ubLZjl5Xj7RjWQa+9jQWj:2at5pED4+ibtiKFB9vTauBj

authentihash 23e65f5b6d201cc4a170d89c4b11b6a9c1d957feaccf6bd8f8e5efdb6093bbc3
imphash 5f79b9180ca66d2d9085d508beb883de
Размер файла 1.2 MБ ( 1299968 bytes )
Тип файла Win32 EXE
Описание
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-30 18:35:46 UTC (1 месяц, 3 недель назад)
Last submission 2017-01-02 14:50:50 UTC (3 недель назад)
Имена файлов KS v20.exe
KS V20.EXE
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications