× Cookies sú vypnuté! Aby táto stránka vyžaduje mať zapnuté cookies aby fungovala správne.
SHA256: 7ccabf8b0d8e1d8d42f7843dfbdb64640b50795783ec2b44e318db7493fc2a75
Názov súboru: bf5e83cf08dd5fffea50786fbf4f3a0f773c9778
Pomer detekcie: 34 / 66
Dátum analýzy: 2017-11-03 16:17:38 UTC ( pred 1 rok, 6 mesiacov ) Zobraziť posledné
Antivírus Výsledok Aktualizovať
Ad-Aware Trojan.GenericKD.12529476 20171103
AegisLab Troj.Trickybot.Gen!c 20171103
ALYac Gen:Variant.Graftor.421733 20171103
Arcabit Trojan.Generic.DBF2F44 20171103
Avast Win32:Malware-gen 20171103
AVG Win32:Malware-gen 20171103
Avira (no cloud) TR/Crypt.Xpack.zwuep 20171103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20171103
BitDefender Trojan.GenericKD.12529476 20171103
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171103
DrWeb Trojan.DownLoader25.50951 20171103
Emsisoft Trojan.TrickBot (A) 20171103
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYMK 20171103
F-Secure Trojan.GenericKD.12529476 20171103
Fortinet W32/GenKryptik.BCDU!tr 20171103
GData Trojan.GenericKD.12529476 20171103
Ikarus Trojan-Banker.TrickBot 20171103
K7GW Trojan ( 0051adc41 ) 20171103
Kaspersky Trojan.Win32.Trickster.aty 20171103
MAX malware (ai score=79) 20171103
McAfee Artemis!A074A3E89245 20171031
McAfee-GW-Edition BehavesLike.Win32.VirRansom.gc 20171103
eScan Trojan.GenericKD.12529476 20171103
Palo Alto Networks (Known Signatures) generic.ml 20171103
Panda Trj/GdSda.A 20171103
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171103
Symantec Trojan.Trickybot 20171103
TrendMicro TROJ_GEN.R032C0OK317 20171103
TrendMicro-HouseCall TROJ_GEN.R032C0OK317 20171103
WhiteArmor Malware.HighConfidence 20171024
ZoneAlarm by Check Point Trojan.Win32.Trickster.aty 20171103
AhnLab-V3 20171103
Alibaba 20170911
Avast-Mobile 20171103
AVware 20171103
Bkav 20171102
CAT-QuickHeal 20171103
ClamAV 20171102
CMC 20171103
Comodo 20171103
Cybereason 20171030
Cyren 20171103
eGambit 20171103
F-Prot 20171103
Sophos ML 20170914
Jiangmin 20171103
K7AntiVirus 20171103
Kingsoft 20171103
Malwarebytes 20171103
Microsoft 20171103
NANO-Antivirus 20171103
nProtect 20171103
Qihoo-360 20171103
Rising 20171103
SUPERAntiSpyware 20171103
Symantec Mobile Insight 20171103
Tencent 20171103
TheHacker 20171102
TotalDefense 20171103
Trustlook 20171103
VBA32 20171103
VIPRE 20171103
ViRobot 20171103
Yandex 20171102
Zillya 20171103
Zoner 20171103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-02 07:00:22
Entry Point 0x00009260
Number of sections 4
PE sections
PE imports
DeleteDC
CreatePen
CreateSolidBrush
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
FindFirstFileW
GetCommandLineA
GetLastError
GetStartupInfoA
FindNextFileW
GetFileSize
GetModuleHandleA
WriteFile
CreateFileW
GetModuleHandleW
GetCurrentDirectoryA
FindClose
HeapAlloc
CloseHandle
CreateFileMappingA
CreateFileA
ExitProcess
SleepEx
GetProcessHeap
SetFocus
EndDialog
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
LoadBitmapA
SetClipboardViewer
SetWindowLongW
EndPaint
SetCapture
MoveWindow
DialogBoxParamW
TranslateMessage
DispatchMessageW
ReleaseDC
BeginPaint
SendMessageW
LoadStringW
GetClientRect
SetCaretPos
ScreenToClient
InvalidateRect
SetTimer
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
RegisterClassExW
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_BITMAP 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
FINNISH DEFAULT 10
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:02 08:00:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
210944

LinkerVersion
14.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
262144

SubsystemVersion
5.1

EntryPoint
0x9260

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a074a3e89245b94c4ffa52e7423bc821
SHA1 bf5e83cf08dd5fffea50786fbf4f3a0f773c9778
SHA256 7ccabf8b0d8e1d8d42f7843dfbdb64640b50795783ec2b44e318db7493fc2a75
ssdeep
12288:UTDd3MGVUuMXbWmZfS7adwyNFeeKWSjgs0HmaP:UTDd3Gu+WmtFeyMWSZzO

authentihash 9673fd5fdfff0a0b947b27a2f63b4d64fa283161e3bf64b13162163c289ca8de
imphash ee96b9cf2907cc342faf322b2f87a382
Veľkosť súboru 463.0 KB ( 474112 bytes )
Typ súboru Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-02 04:46:59 UTC ( pred 1 rok, 6 mesiacov )
Last submission 2018-05-03 06:35:42 UTC ( pred 1 rok )
Názov súborov: 1002-bf5e83cf08dd5fffea50786fbf4f3a0f773c9778
bf5e83cf08dd5fffea50786fbf4f3a0f773c9778
Žiadne komentáre. Žiaden člen VirusTotal komunity sa ešte nevyjadril. Buď prvý, kto sa vyjadrí!

Zanechať komentár...

?
Pridať komentár

Nie ste prihlásený. Iba registrovaný užívatelia môžu písať komentáre, príhlásiť sa a niečo zmeniť!

Žiadne hlasy. Nikto ešte nehlasoval. Buďte prvý kto tak urobí!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications