× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 1d2d83805443141a6cbb3f169c57906782ba951da1bf4023407992690248c5cd
Dosya adı: 3fde3c46a992d71066b976979e32fd76f06722ae
Tespit edilme orani 48 / 57
Analiz tarihi: 2016-12-06 21:02:06 UTC ( 2 yıl, 5 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
Ad-Aware Trojan.GenericKD.2915951 20161206
AegisLab Uds.Dangerousobject.Multi!c 20161206
AhnLab-V3 Trojan/Win32.NgrBot.R169905 20161206
ALYac Backdoor.Poebot.BT 20161206
Antiy-AVL Trojan[Ransom]/Win32.Bitman 20161206
Arcabit Trojan.Generic.D2C7E6F 20161206
Avast Win32:Dorder-O [Trj] 20161206
AVG Crypt5.RPO 20161206
Avira (no cloud) TR/Crypt.ZPACK.222557 20161206
AVware Trojan.Win32.Generic!BT 20161206
Baidu Win32.Trojan.Kryptik.td 20161206
BitDefender Trojan.GenericKD.2915951 20161206
Bkav W32.SodartdeyLTAAG.Trojan 20161206
CAT-QuickHeal Ransom.Crowti.WR7 20161206
Comodo TrojWare.Win32.Amtar.amu 20161205
CrowdStrike Falcon (ML) malicious_confidence_97% (W) 20161024
Cyren W32/Agent.XL.gen!Eldorado 20161206
DrWeb BackDoor.IRC.NgrBot.842 20161206
Emsisoft Trojan.GenericKD.2915951 (B) 20161206
ESET-NOD32 a variant of Win32/Kryptik.EHNT 20161206
F-Prot W32/Agent.XL.gen!Eldorado 20161206
F-Secure Trojan.GenericKD.2915951 20161206
Fortinet W32/Strap.S!tr 20161206
GData Trojan.GenericKD.2915951 20161206
Ikarus Trojan.Win32.Crypt 20161206
Sophos ML trojan.win32.lethic.b 20161202
Jiangmin Trojan.Bublik.un 20161206
K7AntiVirus Trojan ( 004d89761 ) 20161206
K7GW Trojan ( 004d89761 ) 20161206
Kaspersky HEUR:Trojan.Win32.Generic 20161206
Malwarebytes Trojan.Crypt 20161206
McAfee Artemis!7CCE384955FD 20161205
McAfee-GW-Edition BehavesLike.Win32.Ransomware.dh 20161206
Microsoft Trojan:Win32/Skeeyah.A!rfn 20161206
eScan Trojan.GenericKD.2915951 20161206
NANO-Antivirus Trojan.Win32.Kryptik.dzbmla 20161206
Panda Trj/CI.A 20161206
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20161206
Rising Trojan.Generic-YPHpUx3wEdR (cloud) 20161206
Sophos AV Mal/Ransom-DU 20161206
SUPERAntiSpyware Trojan.Agent/Gen-Cryptic 20161206
Symantec Trojan.Gen 20161206
Tencent Win32.Trojan.Kryptik.Alte 20161206
TheHacker Trojan/Kryptik.ehnt 20161130
TrendMicro TROJ_HPEPING.SM 20161206
TrendMicro-HouseCall TROJ_HPEPING.SM 20161206
VIPRE Trojan.Win32.Generic!BT 20161206
Yandex Trojan.Agent!L0InEgkjmrk 20161206
Alibaba 20161206
ClamAV 20161206
CMC 20161206
Kingsoft 20161206
nProtect 20161206
TotalDefense 20161206
Trustlook 20161206
VBA32 20161206
ViRobot 20161206
WhiteArmor 20161125
Zillya 20161205
Zoner 20161206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-07 22:12:41
Entry Point 0x00012880
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegFlushKey
IsTextUnicode
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExW
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
Ord(17)
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_LoadImageA
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameA
ChooseColorA
FindTextA
GetSaveFileNameA
ChooseFontA
PolyPolyline
SetMapMode
GetWindowOrgEx
GetTextMetricsA
CombineRgn
GetObjectType
GetTextExtentPointA
SetPixel
EndDoc
IntersectClipRect
CopyEnhMetaFileA
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
StretchDIBits
GetPaletteEntries
SetWindowExtEx
SetViewportExtEx
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetStretchBltMode
GetCurrentPositionEx
CreateFontIndirectA
GetBitmapBits
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
GetDeviceCaps
SetAbortProc
CreateBrushIndirect
SelectPalette
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
DeleteObject
CreatePenIndirect
PatBlt
CreatePen
GetClipBox
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
StartPage
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
CreateICA
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetPixel
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
CreateSolidBrush
Polyline
CreateCompatibleBitmap
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
HeapSize
GetFullPathNameA
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
SetEvent
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
CopyFileA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
FlushViewOfFile
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
FindNextChangeNotification
GetModuleHandleA
CreateSemaphoreA
CreateThread
CreatePipe
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
WriteConsoleA
GlobalAlloc
SearchPathA
SetEndOfFile
GetVersion
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
FreeLibrary
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetUserDefaultLCID
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
InterlockedIncrement
GetProfileStringA
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
HeapCreate
ExpandEnvironmentStringsA
GetModuleFileNameA
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
IsDebuggerPresent
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
WinExec
GetCommandLineA
RaiseException
CompareStringA
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
GetCurrentThreadId
FreeResource
SetStdHandle
GetEnvironmentStrings
CreateProcessA
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
OpenSemaphoreA
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
GetTimeFormatA
SHGetFileInfoA
DragQueryFileW
ShellExecuteExA
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
DragFinish
SHGetSpecialFolderLocation
SHGetDataFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
RedrawWindow
GetMessagePos
SetWindowRgn
DdeAccessData
DestroyWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
DdeDisconnect
DdeCreateStringHandleA
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
ChangeClipboardChain
GetCursorPos
MapDialogRect
DdeInitializeA
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
ToAscii
DefWindowProcW
CharLowerBuffA
DdeFreeStringHandle
SetScrollPos
CreateIconFromResourceEx
CallNextHookEx
DdeFreeDataHandle
LoadMenuIndirectA
IsClipboardFormatAvailable
LoadImageW
GetKeyboardState
ClientToScreen
GetTopWindow
EnumClipboardFormats
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
DrawTextW
GetKeyState
DdeQueryStringA
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
DdeCmpStringHandles
EqualRect
EnumWindows
DefMDIChildProcA
CreateCaret
DdeUninitialize
ShowWindow
SetClassLongA
GetPropA
GetWindowPlacement
GetMenuState
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
DestroyCaret
ActivateKeyboardLayout
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
IsWindowVisible
DdeConnect
GetKeyboardLayoutList
DrawMenuBar
CharLowerA
IsIconic
RegisterClassA
GetDCEx
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
SetTimer
DdeClientTransaction
OemToCharA
DdeUnaccessData
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
DdeNameService
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
GetUpdateRect
OpenClipboard
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
SetCapture
BeginPaint
OffsetRect
SetCaretPos
GetScrollPos
ShowCaret
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SetClipboardViewer
SendDlgItemMessageA
IsCharAlphaNumericA
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
SetKeyboardState
DrawTextExW
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
GetDlgItem
BringWindowToTop
ScreenToClient
GetClassLongA
DdePostAdvise
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
ValidateRect
IsDialogMessageW
GetSystemMenu
GetDC
SetForegroundWindow
GetMenuStringW
GetAsyncKeyState
ReleaseDC
IntersectRect
GetScrollInfo
HideCaret
GetKeyboardLayout
GetCapture
WaitMessage
FindWindowA
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
DdeCreateDataHandle
BeginDeferWindowPos
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
DdeSetUserHandle
MoveWindow
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
GetDoubleClickTime
EnableMenuItem
GetKeyNameTextA
ShowScrollBar
EmptyClipboard
GetDesktopWindow
GetClipboardData
CharToOemA
SystemParametersInfoW
UnionRect
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
DdeQueryConvInfo
DrawTextA
CreateIcon
MonitorFromWindow
IsRectEmpty
GetCursor
GetFocus
CreateMenu
wsprintfW
CloseClipboard
DdeGetLastError
SetCursor
GetKeyboardType
SetMenu
MapWindowPoints
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_DIALOG 30
RT_MANIFEST 1
RT_STRING 1
Number of PE resources by language
SWEDISH 1
HUNGARIAN DEFAULT 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
ENGLISH NZ 1
PORTUGUESE BRAZILIAN 1
ENGLISH US 1
SPANISH 1
FRENCH CANADIAN 1
KOREAN 1
BASQUE DEFAULT 1
PORTUGUESE 1
SAAMI ARABIC EGYPT 1
GERMAN 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:07 23:12:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
146944

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x12880

InitializedDataSize
100864

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 7cce384955fde4a5348285b3e4678a44
SHA1 45a67482ccfab9c71bb2b708621461df7248be7b
SHA256 1d2d83805443141a6cbb3f169c57906782ba951da1bf4023407992690248c5cd
ssdeep
3072:No7nntOHAgr3pcrpHZfJmunAM0GVmRTzPAg0FuhBNtBRa3XT2+Y+1vMjRrsNlpLc:N3rr3apZk1NTzPAOHO30s1j8M+

authentihash 620e35dfac6cc59e9ec6e43b6cc32c3c258f67e619e60480c26f2d676f148644
imphash ad100c90f5392e0edfb92f30ebd332a3
Dosya boyutu 243.0 KB ( 248832 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-07 23:08:15 UTC ( 3 yıl, 5 ay önce)
Last submission 2015-12-09 03:18:56 UTC ( 3 yıl, 5 ay önce)
Dosya isimleri 3fde3c46a992d71066b976979e32fd76f06722ae
139a.exe
7CCE384955FDE4A5348285B3E4678A44
kb03953876.exe
we1a12a13a1abavb1a.exe
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Code injections in the following processes
Runtime DLLs