× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 5e4082415adfdc674ed413019fd5c1702821bcc4f01887bc6acc61bf7d9e024c
Dosya adı: JavaSetup8u91.exe
Tespit edilme orani 47 / 56
Analiz tarihi: 2017-01-01 16:56:11 UTC ( 2 yıl, 4 ay önce)
Antivirus Sonuç Güncelle
Ad-Aware Gen:Variant.Strictor.109165 20170101
AegisLab Backdoor.W32.Androm!c 20161231
ALYac Gen:Variant.Strictor.109165 20170101
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170101
Arcabit Trojan.Strictor.D1AA6D 20170101
Avast Win32:Malware-gen 20170101
AVG Generic37.CBZK 20170101
Avira (no cloud) BDS/Fynloski.dfmq 20170101
AVware Trojan.Win32.Generic!BT 20170101
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9961 20161207
BitDefender Gen:Variant.Strictor.109165 20170101
Bkav W32.Clod264.Trojan.60b0 20161229
CAT-QuickHeal Trojan.Dynamer 20161231
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.OV.gen!Eldorado 20170101
DrWeb BackDoor.Comet.2020 20170101
Emsisoft Gen:Variant.Strictor.109165 (B) 20170101
ESET-NOD32 Win32/Fynloski.AA 20170101
F-Prot W32/Trojan.OV.gen!Eldorado 20170101
F-Secure Gen:Variant.Strictor.109165 20170101
Fortinet W32/Injector.ADYQ!tr 20170101
GData Gen:Variant.Strictor.109165 20170101
Ikarus Trojan.Win32.Fynloski 20170101
Sophos ML generic.a 20161216
Jiangmin Backdoor.Androm.iys 20170101
K7AntiVirus NetWorm ( 700000151 ) 20170101
K7GW NetWorm ( 700000151 ) 20170101
Kaspersky Backdoor.Win32.Androm.jzux 20170101
McAfee GenericR-HYB!0E223EDC12A7 20170101
McAfee-GW-Edition BehavesLike.Win32.Injector.vc 20170101
Microsoft Trojan:Win32/Dynamer!ac 20170101
eScan Gen:Variant.Strictor.109165 20170101
NANO-Antivirus Trojan.Win32.Fynloski.edxess 20170101
nProtect Backdoor/W32.Androm.2727944 20170101
Panda Trj/CI.A 20170101
Qihoo-360 Win32/Backdoor.93c 20170101
Rising Malware.Generic!LKSReYQFD7F@1 (thunder) 20170101
Sophos AV Mal/Generic-S 20170101
Symantec Heur.AdvML.B 20170101
Tencent Win32.Backdoor.Androm.Gbq 20170101
TrendMicro TROJ_GEN.R047C0FGI16 20170101
TrendMicro-HouseCall TROJ_GEN.R047C0FGI16 20170101
VBA32 Backdoor.Androm 20161229
VIPRE Trojan.Win32.Generic!BT 20170101
ViRobot Trojan.Win32.Z.Androm.2727944[h] 20170101
Yandex Backdoor.Androm!kJhYWZll4GE 20161230
Zillya Backdoor.Androm.Win32.35720 20161231
AhnLab-V3 20170101
Alibaba 20161223
ClamAV 20170101
CMC 20170101
Comodo 20170101
Kingsoft 20170101
Malwarebytes 20170101
SUPERAntiSpyware 20170101
TheHacker 20161229
Trustlook 20170101
WhiteArmor 20161221
Zoner 20161231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-23 02:41:02
Entry Point 0x00001364
Number of sections 5
PE sections
Overlays
MD5 42f3d7a80911bc595294adfccb4b4195
File type data
Offset 1314816
Size 1413128
Entropy 7.86
PE imports
SHGetFolderPathW
SHGetFolderPathA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetThreadContext
GetLocaleInfoW
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GetStringTypeExW
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetStringTypeExA
SetLastError
WriteProcessMemory
RemoveDirectoryW
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
GetFullPathNameW
GetSystemDirectoryW
GetSystemDirectoryA
SetThreadContext
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GetCPInfo
DeleteFileW
GetProcAddress
VirtualProtectEx
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindFirstFileA
CreateDirectoryW
ResetEvent
GetTempFileNameA
FindNextFileA
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
VirtualAllocEx
lstrlenA
FindResourceW
GetThreadLocale
RemoveDirectoryA
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindNextFileW
lstrcpynA
GetACP
GetVersion
FreeResource
IsBadStringPtrW
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
CompareStringA
ZwProtectVirtualMemory
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatCurrentUserKeyPath
RtlInitAnsiString
LdrGetProcedureAddress
LdrLoadDll
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
PathMatchSpecW
CharLowerBuffW
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperW
MessageBoxA
CharLowerW
CharUpperBuffW
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:23 03:41:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
761856

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
188416

SubsystemVersion
4.0

EntryPoint
0x1364

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0e223edc12a74905222d828625004995
SHA1 fd6f076f1b71d65a39f30eef8fb76fd6f3f34d8c
SHA256 5e4082415adfdc674ed413019fd5c1702821bcc4f01887bc6acc61bf7d9e024c
ssdeep
49152:QKfziByb8XOwU06aJMtKu4O5J5rmBhym+F2iW6GlX1Ks2:QuziJXOwU0hO5rmBY3G6G5Yr

authentihash d9ae0a54846b43e26fae8211ee34ff6cd358b0fa38ecf3d84b5705aad36c375d
imphash 25c0914e1e7dc7c3bb957d88e787a155
Dosya boyutu 2.6 MB ( 2727944 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-07-18 15:17:46 UTC ( 2 yıl, 10 ay önce)
Last submission 2017-01-01 16:56:11 UTC ( 2 yıl, 4 ay önce)
Dosya isimleri msdcsc.exe
msdcsc.exe
JavaSetup8u91.exe
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications