× Cookies sú vypnuté! Aby táto stránka vyžaduje mať zapnuté cookies aby fungovala správne.
SHA256: cdb881935f9f37077828e02f6525e7b294641d8a1c5ee07b3fc2d36243db47db
Názov súboru: skyboxes-doom.exe
Pomer detekcie: 0 / 56
Dátum analýzy: 2016-05-22 04:36:26 UTC ( pred 2 roky, 12 mesiacov ) Zobraziť posledné
Antivírus Výsledok Aktualizovať
Ad-Aware 20160522
AegisLab 20160521
AhnLab-V3 20160521
Alibaba 20160520
ALYac 20160522
Antiy-AVL 20160522
Arcabit 20160522
Avast 20160522
AVG 20160522
Avira (no cloud) 20160521
AVware 20160521
Baidu 20160520
Baidu-International 20160521
BitDefender 20160522
Bkav 20160521
CAT-QuickHeal 20160521
ClamAV 20160522
CMC 20160520
Comodo 20160522
Cyren 20160522
DrWeb 20160522
Emsisoft 20160522
ESET-NOD32 20160521
F-Prot 20160522
F-Secure 20160522
Fortinet 20160522
GData 20160522
Ikarus 20160521
Jiangmin 20160522
K7AntiVirus 20160521
K7GW 20160522
Kaspersky 20160522
Kingsoft 20160522
Malwarebytes 20160522
McAfee 20160522
McAfee-GW-Edition 20160521
Microsoft 20160520
eScan 20160522
NANO-Antivirus 20160522
nProtect 20160520
Panda 20160521
Qihoo-360 20160522
Rising 20160522
Sophos AV 20160522
SUPERAntiSpyware 20160521
Symantec 20160522
Tencent 20160522
TheHacker 20160522
TrendMicro 20160522
TrendMicro-HouseCall 20160522
VBA32 20160520
VIPRE 20160522
ViRobot 20160521
Yandex 20160521
Zillya 20160521
Zoner 20160522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT RAR, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-09-07 15:52:24
Entry Point 0x000151A0
Number of sections 3
PE sections
Overlays
MD5 eb2ee0a8cc0038d56ecdc3382654f743
File type application/x-rar
Offset 23040
Size 6520554
Entropy 7.99
PE imports
RegCloseKey
DeleteObject
LoadLibraryA
ExitProcess
GetProcAddress
SHGetMalloc
SetFocus
Number of PE resources by type
RT_DIALOG 5
RT_STRING 4
RT_ICON 3
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 13
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:09:07 15:52:24+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x151a0

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
65536

Compressed bundles
File identification
MD5 9d1b6781820488a34c5827bfd989fee4
SHA1 d204aa8ece29ceea51534bb484862f19ed4aa37d
SHA256 cdb881935f9f37077828e02f6525e7b294641d8a1c5ee07b3fc2d36243db47db
ssdeep
196608:AqusTUNZ+TmoP/9xvxpmvl14XgxBnPRz0A:NusmGzP/9BC9VP5

authentihash 25d3a56042fc9178434ff4f4fa6ff5e55def3aeba2da12fdb1cf05ba15da575e
imphash 8a25d70a2abf00ec77958fcb6fe16820
Veľkosť súboru 6.2 MB ( 6543594 bytes )
Typ súboru Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (87.9%)
UPX compressed Win32 Executable (4.5%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-12-03 07:38:53 UTC ( pred 6 rokov, 5 mesiacov )
Last submission 2018-03-03 15:48:12 UTC ( pred 1 rok, 2 mesiace )
Názov súborov: cdb881935f9f37077828e02f6525e7b294641d8a1c5ee07b3fc2d36243db47db
skyboxes-doom.exe
skyboxes-doom.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Žiadne komentáre. Žiaden člen VirusTotal komunity sa ešte nevyjadril. Buď prvý, kto sa vyjadrí!

Zanechať komentár...

?
Pridať komentár

Nie ste prihlásený. Iba registrovaný užívatelia môžu písať komentáre, príhlásiť sa a niečo zmeniť!

Žiadne hlasy. Nikto ešte nehlasoval. Buďte prvý kto tak urobí!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs