× Колачићи су онемогућени. Овај сајт захтева колачиће како би нормално функционисао
SHA256: f80c9b51c6357ca07f7204ab5a60b3912180103ac64e6dfaf15e6dc9481a028d
Име датотеке: bad.exe
Однос откривања: 12 / 44
Датум анализе: 2013-12-23 19:13:05 UTC (пре 5 година, 5 месеци) Погледај последње
Антивирус Резултат Ажурирање
Ad-Aware Gen:Variant.Graftor.125482 20131223
BitDefender Gen:Variant.Graftor.125482 20131223
Emsisoft Gen:Variant.Graftor.125482 (B) 20131223
GData Gen:Variant.Graftor.125482 20131223
Ikarus Trojan.Win32.Meredrop 20131223
Kaspersky UDS:DangerousObject.Multi.Generic 20131223
McAfee Artemis!ED6F28CAD827 20131223
eScan Gen:Variant.Graftor.125482 20131223
Sophos AV Mal/Weelsof-E 20131223
TheHacker Posible_Worm32 20131223
TrendMicro PAK_Generic.001 20131223
TrendMicro-HouseCall PAK_Generic.001 20131223
Yandex 20131223
AhnLab-V3 20131223
AntiVir 20131223
Antiy-AVL 20131223
Avast 20131223
AVG 20131223181623
Baidu-International 20131213
Bkav 20131223
ByteHero 20130613
CAT-QuickHeal 20131222
ClamAV 20131223185816
CMC 20131217
Commtouch 20131223
Comodo 20131223
DrWeb 20131223
ESET-NOD32 20131223
F-Prot 20131223
F-Secure 20131223173000
Fortinet 20131223
Jiangmin 20131223
K7AntiVirus 20131223
K7GW 20131223
Kingsoft 20130829
Malwarebytes 20131223
McAfee-GW-Edition 20131223191854
Microsoft 20131223
NANO-Antivirus 20131223
Norman 20131223
nProtect 20131223
officecheck None
Panda 20131223
Rising 20131223075630
SUPERAntiSpyware 20131222
Symantec 20131223
TotalDefense 20131222
VBA32 20131223
VIPRE 20131223
ViRobot 20131223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-23 21:01:26
Entry Point 0x0002D920
Number of sections 3
PE sections
PE imports
Escape
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(116)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:12:23 22:01:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90112

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2d920

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
94208

File identification
MD5 ed6f28cad8279a1e507cbeecdc2cf94d
SHA1 97f59e05062e613e6342bdec4b71d1d591078172
SHA256 f80c9b51c6357ca07f7204ab5a60b3912180103ac64e6dfaf15e6dc9481a028d
ssdeep
1536:5RMnkCqCE6ulC2wCgz68MFSQaFIxofwc+8ezjEoA0g83Dq71miU3paLNT5yC5Xrk:YnXqCRswre8MgKooL8e4x98zq5miU5aa

authentihash f5ac09d1ec9002f83fa7fc1e92daba895ee927762737dd615f0df635315df34b
imphash 6dd99190cc0d95019830bcfd3a228751
File size 92.5 KB ( 94720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-12-23 17:52:27 UTC (пре 5 година, 5 месеци)
Last submission 2018-10-16 00:14:20 UTC (пре 7 месеци, 1 недеља)
Имена датотека walmartform_north_port.exe
WalmartForm_Spring_Hill.exe
IORCERMX.EXE
WalmartForm_New_York.exe
bad.exe
kghruicw.exe
ed6f28cad8279a1e507cbeecdc2cf94d.malware
wally_file.exe
BestBuyForm.zip
WalmartForm.exe
WalmartForm_Washington_20229.exe
WalmartForm_Honolulu.exe
WalmartForm_Midland.exe
ed6f28cad8279a1e507cbeecdc2cf94d
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нема коментара.. Ниједан члан заједнице Вајрустотала још није прокоментарисао ову ставку. Будите први који ће то урадити!

Оставите коментар…

?
Постави коментар

Нисте пријављени. Само регистровани корисници могу да остављају коментаре. Отворите налог и разгласите се!

Нема гласова.. Још нико није гласао за ову ставку. Будите први који ће то учинити!