× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e81783ebfb4b07d7c4d01b5c736854da2fd668bbd67c9ff4d74c8b84da4535d2
Имя файла: LIParser.exe
Показатель выявления: 0 / 47
Дата анализа: 2013-06-11 21:16:32 UTC (5 лет, 11 месяцев назад)
Антивирус Результат Дата обновления
Yandex 20130611
AhnLab-V3 20130611
AntiVir 20130611
Antiy-AVL 20130611
Avast 20130611
AVG 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch 20130611
Comodo 20130611
DrWeb 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 20130611
F-Prot 20130611
F-Secure 20130611
Fortinet 20130611
GData 20130611
Ikarus 20130611
Jiangmin 20130611
K7AntiVirus 20130611
K7GW 20130611
Kaspersky 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee 20130611
McAfee-GW-Edition 20130611
Microsoft 20130611
eScan 20130611
NANO-Antivirus 20130611
Norman 20130611
nProtect 20130611
Panda 20130611
PCTools 20130521
Rising 20130607
Sophos AV 20130611
SUPERAntiSpyware 20130611
Symantec 20130611
TheHacker 20130611
TotalDefense 20130611
TrendMicro 20130611
TrendMicro-HouseCall 20130611
VBA32 20130611
VIPRE 20130611
ViRobot 20130611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x018EA9B0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
GetOpenFileNameA
ImmNotifyIME
CoInitialize
VariantCopy
DragFinish
VerQueryValueA
Number of PE resources by type
RT_RCDATA 8
RT_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4993024

LinkerVersion
2.62

EntryPoint
0x18ea9b0

InitializedDataSize
102400

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
21131264

File identification
MD5 053ca0067fa225a7997655852f24b5e1
SHA1 eec6d731fb84a13cabd568d54af9c84cbcec48bc
SHA256 e81783ebfb4b07d7c4d01b5c736854da2fd668bbd67c9ff4d74c8b84da4535d2
ssdeep
98304:/7pwEie6aQ1T0z7E0OIgFOxvW/279ZOFr4oDbgVYWMFzl6DUD3PQ0EmCM6roCcS:Vk0OzOxcg9UZXDsVYhzMDoM

Размер файла 6.3 MБ ( 6598886 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (38.7%)
UPX compressed Win32 Executable (28.5%)
Win32 EXE Yoda's Crypter (24.7%)
Win32 Executable (generic) (4.2%)
Generic Win/DOS Executable (1.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-06-11 21:16:32 UTC (5 лет, 11 месяцев назад)
Last submission 2013-06-11 21:16:32 UTC (5 лет, 11 месяцев назад)
Имена файлов LIParser.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.