| SHA256: | e337f71d42aab3fdddb6e457aa6f376d7c6ce68ebf57059cf78a181be951a597 |
| Имя файла: | 17 (2) (1).exe |
| Показатель выявления: | 49 / 57 |
| Дата анализа: | 2015-02-10 02:55:13 UTC (4 лет, 2 месяцев назад) Показать последний анализ |
| Антивирус | Результат | Дата обновления |
|---|---|---|
| Ad-Aware | Gen:Variant.Graftor.104539 | 20150210 |
| Yandex | Trojan.Chydo!zqLlA9gnGqU | 20150208 |
| AhnLab-V3 | Trojan/Win32.Chydo | 20150209 |
| ALYac | Gen:Variant.Graftor.104539 | 20150210 |
| Antiy-AVL | Trojan/Win32.Chydo | 20150209 |
| Avast | Win32:Chydo [Drp] | 20150210 |
| AVG | Generic_r.TT | 20150210 |
| Avira (no cloud) | TR/Drop.Agen.757760 | 20150210 |
| AVware | Trojan.Win32.Pykspa.a (v) | 20150210 |
| BitDefender | Gen:Variant.Graftor.104539 | 20150210 |
| Bkav | W32.JapiletG.Worm | 20150209 |
| CAT-QuickHeal | Trojan.KillAv.DR | 20150205 |
| CMC | Trojan.Win32.Chydo!O | 20150209 |
| Comodo | Worm.Win32.Autorun.Agent_TV4 | 20150210 |
| Cyren | W32/KillAV.M.gen!Eldorado | 20150210 |
| DrWeb | Trojan.MulDrop.64839 | 20150210 |
| Emsisoft | Gen:Variant.Graftor.104539 (B) | 20150210 |
| ESET-NOD32 | Win32/AutoRun.Agent.TV | 20150210 |
| F-Prot | W32/Chydo.A | 20150210 |
| F-Secure | Trojan:W32/Chydo.gen!A | 20150210 |
| Fortinet | W32/Agent.LGB!tr | 20150210 |
| GData | Gen:Variant.Graftor.104539 | 20150210 |
| Ikarus | Trojan.Win32.Chydo | 20150210 |
| Jiangmin | Trojan/Generic.bopyl | 20150209 |
| K7AntiVirus | Trojan ( 001d712b1 ) | 20150210 |
| K7GW | Trojan ( 001d712b1 ) | 20150210 |
| Kaspersky | Trojan.Win32.Agentb.adkr | 20150210 |
| Kingsoft | Win32.Troj.Chydo.r.(kcloud) | 20150210 |
| Malwarebytes | Trojan.Chydo | 20150210 |
| McAfee | BackDoor-EJG | 20150210 |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.hc | 20150209 |
| Microsoft | TrojanDropper:Win32/Pykspa.A | 20150210 |
| eScan | Gen:Variant.Graftor.104539 | 20150210 |
| NANO-Antivirus | Trojan.Win32.Chydo.bjpmd | 20150209 |
| Norman | AutoRun.BPRM | 20150209 |
| nProtect | Trojan/W32.Chydo.557056 | 20150209 |
| Panda | Generic Malware | 20150209 |
| Rising | PE:Trojan.Win32.FakeAlert.ok!1075350358 | 20150209 |
| Sophos AV | Troj/Bckdr-RAK | 20150210 |
| SUPERAntiSpyware | Trojan.Agent/Gen-KillAV | 20150210 |
| Symantec | W32.Pykspa!gen1 | 20150210 |
| Tencent | Trojan.Win32.FakeAlert.ate | 20150210 |
| TotalDefense | Win32/SillyAutorun.CKL | 20150210 |
| TrendMicro | WORM_MESSEN.SMF | 20150210 |
| TrendMicro-HouseCall | WORM_MESSEN.SMF | 20150210 |
| VBA32 | BScope.Dropper.gen | 20150209 |
| VIPRE | Trojan.Win32.Pykspa.a (v) | 20150210 |
| ViRobot | Trojan.Win32.Chydo.516096.B[h] | 20150209 |
| Zillya | Trojan.Chydo.Win32.133 | 20150209 |
| AegisLab | 20150210 | |
| Alibaba | 20150210 | |
| Baidu-International | 20150209 | |
| ByteHero | 20150210 | |
| ClamAV | 20150209 | |
| Qihoo-360 | 20150210 | |
| TheHacker | 20150209 | |
| Zoner | 20150209 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-20 22:48:46
Entry Point 0x00002715
Number of sections 4
PE sections
PE imports
Number of PE resources by type
RT_ICON 20
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
TimeStamp
2008:12:20 23:48:46+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
24576
LinkerVersion
7.1
FileAccessDate
2015:02:17 03:55:57+01:00
EntryPoint
0x2715
InitializedDataSize
528384
SubsystemVersion
4.0
ImageVersion
0.0
OSVersion
4.0
FileCreateDate
2015:02:17 03:55:57+01:00
UninitializedDataSize
0
File identification
MD5 8a43719f9e3e4d80523f50c103a14c5f
SHA1 1cfbd1b01ee2c423b0f95cf80b940c55a2e4e61f
SHA256 e337f71d42aab3fdddb6e457aa6f376d7c6ce68ebf57059cf78a181be951a597
ssdeep
12288:66onxOp8FySpE5zvIdtU+YmefT9Prn3Mp:+wp8DozAdO9B2
Размер файла
544.0 KБ ( 557056 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%) |
Tags
peexe
VirusTotal metadata
First submission
2015-02-10 02:55:13 UTC (4 лет, 2 месяцев назад)
Last submission
2015-02-10 02:55:13 UTC (4 лет, 2 месяцев назад)
| Имена файлов |
17 (2) (1).exe |
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the
scanned file presents certain characteristics which depending on the
user policies and environment may or may not represent a threat. For
full details see:
https://www.clamav.net/documents/potentially-unwanted-applications-pua
.
Нет комментариев.
Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!
Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!
Нет голосов.
Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.
Opened files
Read files
Written files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the
DeviceIoControl
Windows API function.