× Колачићи су онемогућени. Овај сајт захтева колачиће како би нормално функционисао
SHA256: b6774839da82e3774ff01fecfec8fbd9394d1838f20289fc671917ac1466557d
Име датотеке: 007091839
Однос откривања: 53 / 56
Датум анализе: 2016-06-23 18:09:32 UTC (пре 2 године, 4 месеца)
Антивирус Резултат Ажурирање
Ad-Aware Trojan.GenericKD.1292110 20160623
AegisLab Troj.Dropper.W32.Daws.bydf!c 20160623
AhnLab-V3 Dropper/Win32.Daws.N961886421 20160623
ALYac Trojan.GenericKD.1292110 20160623
Antiy-AVL Trojan[Dropper]/Win32.Daws 20160623
Arcabit Trojan.Generic.D13B74E 20160623
Avast Win32:Dropper-gen [Drp] 20160623
AVG Dropper.Generic8.CAMF 20160623
Avira (no cloud) TR/Spy.Ursnif.L.73 20160623
AVware Trojan.Win32.Kryptik.bioz (v) 20160623
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160623
Baidu-International Trojan.Win32.Dropper.bydf 20160614
BitDefender Trojan.GenericKD.1292110 20160623
Bkav W32.TrunkyS.Trojan 20160623
CAT-QuickHeal TrojanSpy.Ursnif.rw3 20160623
Comodo Worm.Win32.Papras.CSA 20160623
Cyren W32/Backdoor.QZNC-4457 20160623
DrWeb Trojan.Packed.24749 20160623
Emsisoft Trojan.GenericKD.1292110 (B) 20160623
ESET-NOD32 Win32/PSW.Papras.CS 20160623
F-Prot W32/Backdoor2.HSYG 20160623
F-Secure Trojan.GenericKD.1292110 20160623
Fortinet W32/Daws.BYDF!tr 20160623
GData Trojan.GenericKD.1292110 20160623
Ikarus Trojan-Spy.Win32.Ursnif 20160623
Jiangmin TrojanDropper.Daws.ebr 20160623
K7AntiVirus Riskware ( 0040eff71 ) 20160623
K7GW Riskware ( 0040eff71 ) 20160623
Kaspersky Trojan-Dropper.Win32.Daws.bydf 20160623
Kingsoft Win32.Troj.Daws.by.(kcloud) 20160623
Malwarebytes Trojan.FakeAV 20160623
McAfee Generic.qx 20160623
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20160623
Microsoft TrojanSpy:Win32/Ursnif!rfn 20160623
eScan Trojan.GenericKD.1292110 20160623
NANO-Antivirus Trojan.Win32.Packed.crnqjm 20160623
nProtect Trojan-Dropper/W32.Daws.267776.B 20160623
Panda Trj/Agent.JIQ 20160623
Qihoo-360 Win32/Trojan.PSW.26c 20160623
Sophos AV Troj/Ursnif-Y 20160623
SUPERAntiSpyware Trojan.Agent/Gen-FakeAV 20160623
Symantec Trojan.Gen 20160623
Tencent Win32.Trojan-dropper.Daws.Pftv 20160623
TheHacker Trojan/Papras.cs 20160621
TotalDefense Win32/Ursnif.VO 20160623
TrendMicro TROJ_DROPPR.UF 20160623
TrendMicro-HouseCall TROJ_DROPPR.UF 20160623
VBA32 TrojanDropper.Daws 20160623
VIPRE Trojan.Win32.Kryptik.bioz (v) 20160623
ViRobot Trojan.Win32.Agent.267776.L[h] 20160623
Yandex Trojan.DR.Daws!4eyckMw4pro 20160621
Zillya Trojan.Papras.Win32.1540 20160623
Zoner Trojan.Papras.CS.autodetect.17980 20160623
Alibaba 20160623
ClamAV 20160623
CMC 20160620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2011, Bitdefender Corp.

Product Bitdefender Antivirus Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-04-24 09:11:14
Entry Point 0x000074E5
Number of sections 3
PE sections
PE imports
CyStr
GetMemStr
rtBstrFromErr
BstrFromFormat
Log
FV
RsetFixstrFree
IID_IVbaHost
R8Err
GosubReturn
CyErr
Rgb
Abs
Bool
GetSecondOfMinute
DDB
New
Lbound
VerifyObj
CurrentDirBstr
RecUniToAnsi
LateIdNamedCall
PMT
Atn
BstrFromByte
Udt
LateMemNamedCallLd
ImmediateIf
GetDayOfWeek
FpCDblR4
PutMem1
RaiseEvent
MidStmt
GetObject
TypeName
Fix
QueryInterface
TextLike
DateStr
InputBox
BstrFromError
FailedFriend
LateIdCall
gUnk
SetUnkAddref
GetMem8
Like
CurrentDir
FpCSngR4
LateMemNamedCall
R8IntI2
R8
StrTextCmp
R8Sgn
InputCount
Command
rtR4FromErr
SetSystemError
Get3
PrintObj
Array
MidStmtB
LateMemCall
CySgn
DerefAry1
Set
MidStmtBstr
FixstrConstruct
R4ForNextCheck
Int
GetTimer
GetDayOfMonth
StrAryToUnicode
StrDate
CyI2
GetErl
FileSeek
StrReverse
SetTime
LateIdNamedCallSt
Tan
SetFileAttr
I4Str
SetPixel
AddFontResourceA
ExtTextOutW
GetStockObject
OpenThread
GlobalFree
HeapDestroy
TlsAlloc
GetEnvironmentStringsW
FileTimeToLocalFileTime
CompareFileTime
SetThreadPriority
GetCommandLineW
HeapSize
SuspendThread
CreateThread
TlsFree
WriteFileEx
CloseHandle
GetSystemDirectoryA
GetCurrentThreadId
ResumeThread
GetThreadPriority
HeapCreate
GlobalAlloc
CreateFileA
GetVersion
ZwReadFile
NtCreateSection
ZwQuerySystemInformation
RtlGetLastWin32Error
ZwQueryKey
NtMapViewOfSection
MapWindowPoints
GetMessageA
IntersectRect
LoadMenuA
OffsetRect
SetClassLongA
CheckMenuItem
GetSystemMetrics
ReleaseCapture
WindowFromPoint
MessageBoxA
AppendMenuW
SetActiveWindow
SetScrollInfo
GetCursorPos
WaitMessage
CreatePopupMenu
ShowCaret
DefFrameProcW
GetClassInfoW
GetNextDlgTabItem
CallNextHookEx
LoadCursorA
GetClientRect
GetWindowTextA
IsDialogMessageA
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
SpecialBuild
1201

UninitializedDataSize
0

InitializedDataSize
54784

ImageVersion
8.19

ProductName
Bitdefender Antivirus Software

FileVersionNumber
7.11.1.0

LanguageCode
Unknown (0009)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

PrivateBuild
1201

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2000:04:24 10:11:14+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
2011, Bitdefender Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitdefender Corp.

CodeSize
211968

FileSubtype
0

ProductVersionNumber
7.11.1.0

EntryPoint
0x74e5

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
File identification
MD5 4bafa135003d6843ba3b87c1dbdc8901
SHA1 3e1d835e52133df3ddcf845e654a304859046fca
SHA256 b6774839da82e3774ff01fecfec8fbd9394d1838f20289fc671917ac1466557d
ssdeep
6144:u3Owugz6Ev0ocbKAy7Jmv3VdQsa6vPfO:u3OCD+KAylm/jQ8G

authentihash 015a04fe70766d6cb0e296825a8af387e9ce9efa45a226fff69d48205a7d4eee
imphash 0a55814f352e4f151c44d95841e113c4
File size 261.5 KB ( 267776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-25 18:25:36 UTC (пре 5 година, 1 месец)
Last submission 2015-06-12 11:33:21 UTC (пре 3 године, 5 месеци)
Имена датотека clock.exe
4BAFA135003D6843BA3B87C1DBDC8901.exe
file-6022573_exe
3e1d835e52133df3ddcf845e654a304859046fca-4bafa135003d6843ba3b87c1dbdc8901.01.exe.vir
b6774839da82e3774ff01fecfec8fbd9394d1838f20289fc671917ac1466557d
output.15456583.txt
1907354935896338907.exe
1905993943483319136.exe
4bafa135003d6843ba3b87c1dbdc8901.exe
1907435621633663736.exe
007091839
1907195201897671800.exe
1905069538136112336.exe
1907193892698157392.exe
1906710975121080247.exe
15456583
1905806683803994587.exe
1907434815071684800.exe
1906047902352115080.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нема коментара.. Ниједан члан заједнице Вајрустотала још није прокоментарисао ову ставку. Будите први који ће то урадити!

Оставите коментар…

?
Постави коментар

Нисте пријављени. Само регистровани корисници могу да остављају коментаре. Отворите налог и разгласите се!

Нема гласова.. Још нико није гласао за ову ставку. Будите први који ће то учинити!