× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e1cdd342e47176fb453a9a670fd995a9db4916b0e5950be6a5879d71c8234e2c
Имя файла: deshifrator xtbl.exe
Показатель выявления: 11 / 55
Дата анализа: 2015-08-05 06:48:51 UTC (3 лет, 7 месяцев назад)
Антивирус Результат Дата обновления
Avast Win32:Somoto-R [PUP] 20150805
AVG Generic.A1A 20150805
Avira (no cloud) PUA/LoadMoney.iona 20150805
AVware Trojan.Win32.Generic.pak!cobra 20150805
DrWeb Trojan.LoadMoney.904 20150805
ESET-NOD32 a variant of Win32/Kryptik.DSKA 20150805
K7AntiVirus Trojan ( 004cb9551 ) 20150805
K7GW Trojan ( 004cb9551 ) 20150805
Malwarebytes PUP.Optional.Loadmoney 20150805
Panda Generic Suspicious 20150804
VIPRE Trojan.Win32.Generic.pak!cobra 20150805
Ad-Aware 20150805
AegisLab 20150805
Yandex 20150804
AhnLab-V3 20150805
Alibaba 20150803
ALYac 20150805
Antiy-AVL 20150805
Arcabit 20150805
Baidu-International 20150804
BitDefender 20150805
Bkav 20150804
ByteHero 20150805
CAT-QuickHeal 20150805
ClamAV 20150804
Comodo 20150805
Cyren 20150805
Emsisoft 20150805
F-Prot 20150805
F-Secure 20150805
Fortinet 20150804
GData 20150805
Ikarus 20150805
Jiangmin 20150804
Kaspersky 20150805
Kingsoft 20150805
McAfee 20150805
McAfee-GW-Edition 20150805
Microsoft 20150805
eScan 20150805
NANO-Antivirus 20150805
nProtect 20150804
Qihoo-360 20150805
Rising 20150731
Sophos AV 20150805
SUPERAntiSpyware 20150805
Symantec 20150805
Tencent 20150805
TheHacker 20150805
TrendMicro 20150805
TrendMicro-HouseCall 20150805
VBA32 20150805
ViRobot 20150805
Zillya 20150805
Zoner 20150805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2002 RenderSoft Software and Web Publishing, Copyright © 2008 CamStudio Group & Contributors

Publisher ITIS
Product CamStudio Producer
File version 1.0.0.0
Description CamStudio Producer
Comments CamStudio Producer
Signature verification Signed file, verified signature
Signers
[+] ITIS
Status Valid
Issuer None
Valid from 1:00 AM 7/24/2015
Valid to 12:59 AM 7/24/2016
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 1367C3BDAAFA6DBFC3F6DDE7454D21FA031C4CF0
Serial number 00 D4 2D 08 59 E3 9D 03 E5 F1 EF 45 BF DC 91 00 F5
[+] COMODO RSA Code Signing CA
Status Valid
Issuer None
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.12
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO
Status Valid
Issuer None
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm 1.2.840.113549.1.1.12
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0008CBFD
Number of sections 8
PE sections
Overlays
MD5 e17c8d27ebc2a3aebeb7d7e0d548b05f
File type data
Offset 806912
Size 5128
Entropy 7.53
PE imports
GetForegroundWindow
LoadBitmapW
DrawStateA
MessageBoxTimeoutW
BroadcastSystemMessageA
ChangeDisplaySettingsA
SetSystemCursor
MessageBoxTimeoutA
GetWindowContextHelpId
ValidateRect
OemToCharBuffA
GrayStringW
SetDeskWallpaper
DispatchMessageA
EndPaint
CharUpperBuffA
OemToCharBuffW
AppendMenuW
SetCaretBlinkTime
CharToOemBuffW
SetMenuItemInfoW
GetMenuItemID
GetCursorPos
CharLowerBuffW
GetDlgCtrlID
GetClassInfoA
LockWorkStation
GetMenu
DlgDirSelectExA
EndMenu
CharUpperW
DlgDirSelectExW
ToAscii
DrawTextW
CharPrevExA
CallNextHookEx
LoadAcceleratorsA
AlignRects
ChangeDisplaySettingsExA
GetTopWindow
CascadeChildWindows
GetUpdateRgn
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
CharToOemW
MapVirtualKeyExA
DestroyMenu
CopyImage
GetAltTabInfoW
GetMessageA
GetClipboardOwner
GetCursorInfo
SetPropA
GetPropW
CharPrevW
CheckRadioButton
CreateCaret
GetClassInfoExA
MapVirtualKeyExW
ShowWindow
SetMenuInfo
SetWindowsHookA
GetNextDlgGroupItem
EnumDisplayMonitors
CharToOemBuffA
GetClipboardFormatNameA
GetTabbedTextExtentA
LoadImageA
ShowWindowAsync
GetClipboardFormatNameW
LoadIconW
ChildWindowFromPoint
IsCharAlphaA
GetKeyNameTextA
GetWindow
CharUpperA
ActivateKeyboardLayout
CreateCursor
InsertMenuItemA
CharNextExA
GetIconInfo
AllowForegroundActivation
GetWindowPlacement
CloseWindow
DrawMenuBar
IsHungAppWindow
InvertRect
GetSubMenu
DrawFrameControl
OemToCharA
ShowOwnedPopups
FlashWindow
EnumThreadWindows
SetWindowContextHelpId
WaitForInputIdle
EnumDesktopWindows
RealChildWindowFromPoint
ToUnicode
EnumDisplaySettingsExW
DestroyWindow
DragDetect
SendNotifyMessageA
GetMonitorInfoW
DrawAnimatedRects
OpenInputDesktop
BeginPaint
DefWindowProcW
GetKeyboardLayoutNameW
KillTimer
GetMonitorInfoA
MapVirtualKeyW
ClipCursor
RegisterWindowMessageA
CheckMenuRadioItem
ToAsciiEx
ToUnicodeEx
SendDlgItemMessageA
RegisterDeviceNotificationA
InflateRect
RegisterClassA
IsDialogMessage
PostMessageA
GetScrollRange
SetProgmanWindow
CharLowerW
DeleteMenu
RegisterDeviceNotificationW
InvalidateRect
SetWindowsHookW
DrawCaption
CreateDialogParamW
SetWindowTextA
GetInputDesktop
SetWindowTextW
GetRawInputDeviceInfoA
RemovePropW
BlockInput
BringWindowToTop
AppendMenuA
CloseWindowStation
InsertMenuA
FindWindowExA
TrackPopupMenu
GetMenuStringA
IsDlgButtonChecked
TileChildWindows
SetDlgItemInt
CreateIconFromResource
EnumDisplaySettingsW
FindWindowExW
ExitWindowsEx
PostThreadMessageA
GetMenuStringW
GetAsyncKeyState
GetScrollBarInfo
IntersectRect
SetCursorContents
SetMenuDefaultItem
PrivateExtractIconsW
GetCapture
EndTask
FindWindowA
MessageBeep
GetCaretPos
DrawTextExA
wvsprintfW
MessageBoxExA
ShowScrollBar
ScrollChildren
DefFrameProcW
FlashWindowEx
SetMenu
SetDlgItemTextA
MoveWindow
DialogBoxParamW
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
MessageBoxExW
LoadCursorFromFileW
LoadKeyboardLayoutA
TranslateMessageEx
SendMessageCallbackW
SetScrollInfo
MenuWindowProcW
GetWindowRgn
MenuItemFromPoint
PrintWindow
RealGetWindowClassW
GetAltTabInfoA
wsprintfW
IsWindowVisible
CreateMDIWindowA
GetWindowModuleFileNameW
SetCursorPos
WinHelpA
MonitorFromWindow
RealGetWindowClassA
GetKeyNameTextW
wsprintfA
SendMessageTimeoutA
CreateAcceleratorTableA
IsCharUpperA
UnregisterClassW
TranslateAcceleratorA
CharLowerBuffA
AdjustWindowRect
ModifyMenuW
IsCharUpperW
CloseDesktop
UnregisterDeviceNotification
GetCursor
GetFocus
MenuWindowProcA
GetAncestor
TranslateAcceleratorW
PropertySheetA
ImageList_BeginDrag
FlatSB_SetScrollInfo
InitCommonControls
FlatSB_GetScrollProp
DrawInsert
PropertySheetW
GetEffectiveClientRect
ImageList_SetOverlayImage
ImageList_SetDragCursorImage
ShowHideMenuCtl
MakeDragList
DllGetVersion
DrawStatusText
DestroyPropertySheetPage
ImageList_DrawIndirect
ImageList_GetImageRect
ImageList_SetIconSize
ImageList_SetFlags
UninitializeFlatSB
FlatSB_ShowScrollBar
ImageList_GetImageCount
DrawStatusTextW
MenuHelp
ImageList_Destroy
ImageList_LoadImage
ImageList_AddMasked
LBItemFromPt
CreateToolbar
GetMUILanguage
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_AddIcon
ImageList_Add
ImageList_Duplicate
InitializeFlatSB
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_SetImageCount
ImageList_Create
CreatePropertySheetPageA
FlatSB_EnableScrollBar
ImageList_EndDrag
LocalFree
LoadLibraryExA
GetModuleFileNameA
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
GetACP
LoadLibraryA
GetCurrentThread
SysStringByteLen
VarCyNeg
VarCyCmp
SafeArrayCreate
VarCyFromI4
VarI4FromI8
VarCyFromI8
SafeArrayAccessData
VarXor
LPSAFEARRAY_UserMarshal
VarBoolFromDate
SafeArrayLock
VarI1FromI4
VarI1FromI8
VarDecAdd
VarUI4FromDec
VarUI4FromCy
VarUI1FromI1
VarDecFromI8
VarFormatFromTokens
VarI4FromR4
VarR4FromDec
VarI8FromBool
VarBoolFromDisp
VarI8FromR8
VarDateFromBool
VarCyMul
VariantInit
BSTR_UserMarshal
VarCyMulI8
VarCyCmpR8
VarBoolFromI1
GetRecordInfoFromGuids
VarBstrCmp
VarBoolFromCy
OleLoadPicturePath
VarR4CmpR8
VarI8FromUI4
VarDecFix
VARIANT_UserMarshal
VarR4FromR8
VarDecAbs
VarR8FromDec
VarCyFromR4
SafeArrayCreateVectorEx
VarR4FromI8
VarR4FromI4
DllUnregisterServer
VarBoolFromI4
VarI1FromBool
VarUI8FromDate
SafeArrayDestroyDescriptor
VarBstrFromI8
VarUI2FromBool
OaBuildVersion
LoadTypeLib
LHashValOfNameSys
LoadRegTypeLib
VarWeekdayName
VarUI4FromDate
VarCyAdd
VarR8FromStr
VarR8FromI1
GetVarConversionLocaleSetting
DispInvoke
VarMonthName
ClearCustData
VarI8FromStr
VarUI1FromCy
VarI2FromUI1
VarI4FromDec
VarCyInt
OACreateTypeLib2
VarBstrFromDec
VarOr
VarUI4FromUI8
RevokeActiveObject
VarBstrFromUI8
VarUI8FromBool
VarUI4FromI4
LPSAFEARRAY_UserFree
VarUI4FromI2
GetActiveObject
SafeArrayUnlock
VarDateFromI2
VarUI1FromUI8
VarDateFromUI8
OleCreateFontIndirect
SafeArrayGetElement
DosDateTimeToVariantTime
VarBoolFromUI2
DispCallFunc
VarUI8FromUI2
VarI4FromUI2
BSTR_UserSize
VarNot
LPSAFEARRAY_Marshal
VarFormatPercent
VarR8FromBool
VarTokenizeFormatString
VarFormatDateTime
VerLanguageNameA
GetFileVersionInfoA
VerFindFileW
VerInstallFileA
VerQueryValueW
GetFileVersionInfoSizeW
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerLanguageNameW
VerQueryValueA
Number of PE resources by type
RT_ICON 29
RT_STRING 22
RT_GROUP_ICON 12
RT_BITMAP 5
RT_MENU 3
Struct(241) 2
Struct(240) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 73
NEUTRAL 4
PE resources
ExifTool file metadata
FileDescription
CamStudio Producer

Comments
CamStudio Producer

InitializedDataSize
239616

ImageVersion
0.0

ProductName
CamStudio Producer

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2002 RenderSoft Software and Web Publishing, Copyright 2008 CamStudio Group & Contributors

MachineType
Intel 386 or later, and compatibles

CompanyName
CamStudio Group

CodeSize
456192

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x8cbfd

ObjectFileType
Executable application

File identification
MD5 44891654ff9c5d538ac8bb1a22f62db4
SHA1 cf6c1ee2707fad7805bc67756c0657e0857e8c05
SHA256 e1cdd342e47176fb453a9a670fd995a9db4916b0e5950be6a5879d71c8234e2c
ssdeep
12288:DiFjpRFIMo+60+2H+ObqQdjAqFselbzBG4pb4:23xo8+2e9QdjPmgBGk4

authentihash 5b03165d8fd527e2e4b04babb122d846320f2c99d662455708a6e7a0e4cf2990
imphash c845b7ed97232faaaedc150a89873f6b
Размер файла 793.0 KБ ( 812040 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.5%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-08-05 06:48:51 UTC (3 лет, 7 месяцев назад)
Last submission 2015-08-05 06:48:51 UTC (3 лет, 7 месяцев назад)
Имена файлов deshifrator xtbl.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
DNS requests