× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e337f71d42aab3fdddb6e457aa6f376d7c6ce68ebf57059cf78a181be951a597
Имя файла: 17 (2) (1).exe
Показатель выявления: 49 / 57
Дата анализа: 2015-02-10 02:55:13 UTC (4 лет назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware Gen:Variant.Graftor.104539 20150210
Yandex Trojan.Chydo!zqLlA9gnGqU 20150208
AhnLab-V3 Trojan/Win32.Chydo 20150209
ALYac Gen:Variant.Graftor.104539 20150210
Antiy-AVL Trojan/Win32.Chydo 20150209
Avast Win32:Chydo [Drp] 20150210
AVG Generic_r.TT 20150210
Avira (no cloud) TR/Drop.Agen.757760 20150210
AVware Trojan.Win32.Pykspa.a (v) 20150210
BitDefender Gen:Variant.Graftor.104539 20150210
Bkav W32.JapiletG.Worm 20150209
CAT-QuickHeal Trojan.KillAv.DR 20150205
CMC Trojan.Win32.Chydo!O 20150209
Comodo Worm.Win32.Autorun.Agent_TV4 20150210
Cyren W32/KillAV.M.gen!Eldorado 20150210
DrWeb Trojan.MulDrop.64839 20150210
Emsisoft Gen:Variant.Graftor.104539 (B) 20150210
ESET-NOD32 Win32/AutoRun.Agent.TV 20150210
F-Prot W32/Chydo.A 20150210
F-Secure Trojan:W32/Chydo.gen!A 20150210
Fortinet W32/Agent.LGB!tr 20150210
GData Gen:Variant.Graftor.104539 20150210
Ikarus Trojan.Win32.Chydo 20150210
Jiangmin Trojan/Generic.bopyl 20150209
K7AntiVirus Trojan ( 001d712b1 ) 20150210
K7GW Trojan ( 001d712b1 ) 20150210
Kaspersky Trojan.Win32.Agentb.adkr 20150210
Kingsoft Win32.Troj.Chydo.r.(kcloud) 20150210
Malwarebytes Trojan.Chydo 20150210
McAfee BackDoor-EJG 20150210
McAfee-GW-Edition BehavesLike.Win32.Backdoor.hc 20150209
Microsoft TrojanDropper:Win32/Pykspa.A 20150210
eScan Gen:Variant.Graftor.104539 20150210
NANO-Antivirus Trojan.Win32.Chydo.bjpmd 20150209
Norman AutoRun.BPRM 20150209
nProtect Trojan/W32.Chydo.557056 20150209
Panda Generic Malware 20150209
Rising PE:Trojan.Win32.FakeAlert.ok!1075350358 20150209
Sophos AV Troj/Bckdr-RAK 20150210
SUPERAntiSpyware Trojan.Agent/Gen-KillAV 20150210
Symantec W32.Pykspa!gen1 20150210
Tencent Trojan.Win32.FakeAlert.ate 20150210
TotalDefense Win32/SillyAutorun.CKL 20150210
TrendMicro WORM_MESSEN.SMF 20150210
TrendMicro-HouseCall WORM_MESSEN.SMF 20150210
VBA32 BScope.Dropper.gen 20150209
VIPRE Trojan.Win32.Pykspa.a (v) 20150210
ViRobot Trojan.Win32.Chydo.516096.B[h] 20150209
Zillya Trojan.Chydo.Win32.133 20150209
AegisLab 20150210
Alibaba 20150210
Baidu-International 20150209
ByteHero 20150210
ClamAV 20150209
Qihoo-360 20150210
TheHacker 20150209
Zoner 20150209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-20 22:48:46
Entry Point 0x00002715
Number of sections 4
PE sections
PE imports
CreateToolhelp32Snapshot
GetLastError
HeapFree
GetStdHandle
LCMapStringW
lstrcatA
GetSystemInfo
lstrlenA
GetFileAttributesA
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
Process32Next
HeapAlloc
FreeEnvironmentStringsA
GetComputerNameA
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
Process32First
GetCurrentDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
OpenMutexA
CreateMutexA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
LCMapStringA
SetHandleCount
HeapCreate
lstrcpyA
VirtualQuery
VirtualFree
GetEnvironmentStringsW
Sleep
GetFileType
CreateFileA
GetTickCount
GetCurrentThreadId
VirtualAlloc
ShellExecuteA
Number of PE resources by type
RT_ICON 20
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:12:20 23:48:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
7.1

FileAccessDate
2015:02:17 03:55:57+01:00

EntryPoint
0x2715

InitializedDataSize
528384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:02:17 03:55:57+01:00

UninitializedDataSize
0

File identification
MD5 8a43719f9e3e4d80523f50c103a14c5f
SHA1 1cfbd1b01ee2c423b0f95cf80b940c55a2e4e61f
SHA256 e337f71d42aab3fdddb6e457aa6f376d7c6ce68ebf57059cf78a181be951a597
ssdeep
12288:66onxOp8FySpE5zvIdtU+YmefT9Prn3Mp:+wp8DozAdO9B2

authentihash 38bc8d6a6df8e54c69254abea136d2b5801931f9367f3181e3d5cc1a58bd566d
imphash fb815acbc7109e8c83537d7d9c7020be
Размер файла 544.0 KБ ( 557056 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-10 02:55:13 UTC (4 лет назад)
Last submission 2015-02-10 02:55:13 UTC (4 лет назад)
Имена файлов 17 (2) (1).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications