× Колачићи су онемогућени. Овај сајт захтева колачиће како би нормално функционисао
SHA256: 5d166f51ddc5ba2021b818bed52ba81b0d8ecbf65baa24a8752e855daa136262
Име датотеке: fder43hg.exe
Однос откривања: 12 / 66
Датум анализе: 2018-03-30 12:35:41 UTC (пре 1 година, 1 месец) Погледај последње
Антивирус Резултат Ажурирање
AVware Virtool.Win32.Obfuscator.as!a (v) 20180330
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9957 20180330
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180330
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Kryptik.EMZE 20180330
Fortinet W32/Kryptik.FPEV!tr 20180330
Sophos ML heuristic 20180120
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20180330
Qihoo-360 HEUR/QVM07.1.2B47.Malware.Gen 20180330
SentinelOne (Static ML) static engine - malicious 20180225
VIPRE Virtool.Win32.Obfuscator.as!a (v) 20180330
Ad-Aware 20180330
AegisLab 20180330
AhnLab-V3 20180330
Alibaba 20180330
ALYac 20180330
Antiy-AVL 20180330
Arcabit 20180330
Avast 20180330
Avast-Mobile 20180330
AVG 20180330
Avira (no cloud) 20180330
BitDefender 20180330
Bkav 20180330
CAT-QuickHeal 20180330
ClamAV 20180330
CMC 20180330
Comodo 20180330
Cybereason None
Cyren 20180330
DrWeb 20180330
eGambit 20180330
Emsisoft 20180330
F-Prot 20180330
F-Secure 20180330
GData 20180330
Ikarus 20180330
Jiangmin 20180330
K7AntiVirus 20180330
K7GW 20180330
Kaspersky 20180330
Kingsoft 20180330
Malwarebytes 20180330
MAX 20180330
McAfee 20180330
Microsoft 20180330
eScan 20180330
NANO-Antivirus 20180330
nProtect 20180330
Palo Alto Networks (Known Signatures) 20180330
Panda 20180330
Rising 20180330
Sophos AV 20180330
SUPERAntiSpyware 20180330
Symantec 20180330
Symantec Mobile Insight 20180311
Tencent 20180330
TheHacker 20180327
TotalDefense 20180330
TrendMicro 20180330
TrendMicro-HouseCall 20180330
Trustlook 20180330
VBA32 20180330
ViRobot 20180330
WhiteArmor 20180324
Yandex 20180329
Zillya 20180329
ZoneAlarm by Check Point 20180330
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-30 08:28:46
Entry Point 0x00008EFA
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
SetEvent
LCMapStringA
TlsSetValue
CompareStringW
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetEnvironmentStrings
GetLocaleInfoA
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
SetEnvironmentVariableA
TlsFree
GetLocaleInfoW
GetModuleHandleA
GetCPInfo
GetStringTypeA
SetFilePointer
GetCurrentThreadId
InterlockedExchange
WriteFile
InterlockedIncrement
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapDestroy
GetCurrentThread
GetOEMCP
LocalFree
TerminateProcess
GetEnvironmentVariableA
GetTimeZoneInformation
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetConsoleCtrlHandler
ExitProcess
GetVersion
GetProcAddress
VirtualAlloc
GetStartupInfoA
SetLastError
LeaveCriticalSection
DefWindowProcW
ReleaseCapture
DestroyMenu
MessageBeep
SetWindowPos
SetWindowLongW
GetMenu
InflateRect
SetCapture
SetMenuItemInfoA
ShowWindowAsync
AdjustWindowRectEx
PostMessageW
SendMessageW
SetActiveWindow
GetKeyState
GetMenuStringW
CheckMenuItem
DestroyIcon
UnregisterClassA
RegisterClassW
LoadStringW
GetClientRect
ClientToScreen
DrawFocusRect
CreateWindowExA
TrackPopupMenu
GetActiveWindow
SetWindowTextW
DestroyWindow
PtInRect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:30 09:28:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x8efa

InitializedDataSize
225280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 58ef366d1388fe53be5f9eac3aa3b57f
SHA1 73b30d6ef10b8166328156266cd3660d23e5706d
SHA256 5d166f51ddc5ba2021b818bed52ba81b0d8ecbf65baa24a8752e855daa136262
ssdeep
6144:ahmJHcCE/cximGbDGEe/9QHrsn13bsPSyQ9LGqVaV2KWzT:aUJbhx9GZe/WsdAPF2GB2KAT

authentihash 4b0ab2c7605dec557fae14fb57ba0a6451b002b49ef4581bc3eada04f7d8f3fa
imphash 901ce7d8a4b50022a83d0578d7d4d5a5
File size 296.0 KB ( 303104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-30 12:35:41 UTC (пре 1 година, 1 месец)
Last submission 2018-03-31 13:11:57 UTC (пре 1 година, 1 месец)
Имена датотека fder43hg.exe
fder43hg.exe
.
Нема коментара.. Ниједан члан заједнице Вајрустотала још није прокоментарисао ову ставку. Будите први који ће то урадити!

Оставите коментар…

?
Постави коментар

Нисте пријављени. Само регистровани корисници могу да остављају коментаре. Отворите налог и разгласите се!

Нема гласова.. Још нико није гласао за ову ставку. Будите први који ће то учинити!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs