× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e1abf9f2a86ec49f46eaf28bcaa5757c0bcb184329b02ecc43951e37aea7dfab
Имя файла: TeamViewer 10.0.41459 RU-EN ReID & TVManager Portable Free.exe
Показатель выявления: 3 / 56
Дата анализа: 2015-05-02 11:24:30 UTC (3 лет, 5 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Jiangmin AdWare.Win32.Agent.ahdb 20150430
Qihoo-360 HEUR/QVM18.1.Malware.Gen 20150502
VBA32 TrojanPSW.Ruftar 20150501
Ad-Aware 20150502
AegisLab 20150502
Yandex 20150501
AhnLab-V3 20150501
Alibaba 20150502
ALYac 20150502
Antiy-AVL 20150502
Avast 20150502
AVG 20150502
Avira (no cloud) 20150501
AVware 20150502
Baidu-International 20150502
BitDefender 20150502
Bkav 20150425
ByteHero 20150502
CAT-QuickHeal 20150502
ClamAV 20150502
CMC 20150501
Comodo 20150502
Cyren 20150502
DrWeb 20150502
Emsisoft 20150502
ESET-NOD32 20150502
F-Prot 20150502
F-Secure 20150502
Fortinet 20150502
GData 20150502
Ikarus 20150502
K7AntiVirus 20150502
K7GW 20150502
Kaspersky 20150502
Kingsoft 20150502
McAfee 20150502
McAfee-GW-Edition 20150501
Microsoft 20150502
eScan 20150502
NANO-Antivirus 20150502
Norman 20150502
nProtect 20150430
Panda 20150502
Rising 20150502
Sophos AV 20150502
SUPERAntiSpyware 20150502
Symantec 20150502
Tencent 20150502
TheHacker 20150501
TotalDefense 20150430
TrendMicro 20150502
TrendMicro-HouseCall 20150502
VIPRE 20150502
ViRobot 20150502
Zillya 20150501
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2.8.1.8782
Packers identified
F-PROT AutoIt, UPX_LZMA, 7Z, Unicode, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-24 10:39:21
Entry Point 0x00032E49
Number of sections 4
PE sections
Overlays
MD5 b5ff76dbe0dfdeb1f025c9685f36464a
File type data
Offset 470016
Size 11214681
Entropy 8.00
PE imports
InitCommonControlsEx
CreateSolidBrush
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
SetUnhandledExceptionFilter
ExitThread
SetPriorityClass
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
GetProcAddress
GetTempPathW
CreateEventW
CreateFileW
SetFileApisToOEM
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
CommandLineToArgvW
SetFocus
EndDialog
PostQuitMessage
KillTimer
GetMessageW
ShowWindow
SetWindowPos
GetSystemMetrics
IsWindow
DestroyIcon
GetWindowRect
EnableWindow
DialogBoxParamW
TranslateMessage
PostMessageW
DispatchMessageW
CreateDialogParamW
SendMessageW
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
MessageBoxW
ScreenToClient
SetTimer
IsDialogMessageW
GetActiveWindow
GetWindowTextW
GetDesktopWindow
LoadIconW
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
Number of PE resources by type
RT_STRING 109
RT_DIALOG 3
RT_ICON 3
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 117
RUSSIAN 1
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
207360

ImageVersion
0.0

FileVersionNumber
5.18.16.9457

LanguageCode
Unknown (0019)

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
2.8.1.8782

TimeStamp
2012:05:24 11:39:21+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.8

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
261632

FileSubtype
0

ProductVersionNumber
5.0.4.31807

Warning
Possibly corrupt Version resource

EntryPoint
0x32e49

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9c242389484a696340de198cc6e20280
SHA1 19aad7794755a930e97994f4dcc1c46512916a46
SHA256 e1abf9f2a86ec49f46eaf28bcaa5757c0bcb184329b02ecc43951e37aea7dfab
ssdeep
196608:mMfaxYzBr35p0p5+tb13L0aWxIr4AAuHVi7qM6FROJt9MAItIlDzEok37Ft:mMfvzBD5Ofs1LgCVwMQJstUH837v

authentihash 063270ccc4078836dcd099ed843466c044157ab93f07f97e87494cfc6061f0a2
imphash e3ac8154f0eca18fb9d19811e4d6603d
Размер файла 11.1 MБ ( 11684697 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-02 11:24:30 UTC (3 лет, 5 месяцев назад)
Last submission 2016-05-17 06:44:41 UTC (2 лет, 5 месяцев назад)
Имена файлов TeamViewer 10 со сбросом Portable .exe
teamviewer 10.0.41459 ru-en reid - tvmanager portable free.exe
TeamViewer10PortableFree.exe
TeamViewer 10.0.41459 RU-EN ReID & TVManager Portable Free.exe
TeamViewer_10.0.41459_RU-EN_ReID___TVManager_Portable_Free.exe
TeamViewer 10.0.41459 RU-EN ReID - TVManager Portable Free.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0502.

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.