× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 6b58243693d15f5025c27cc25dcf3f74b74aea4f97e2f576252c735f559e3bad
Dosya adı: Shaman Hack.EXE
Tespit edilme orani 24 / 56
Analiz tarihi: 2016-10-14 10:09:37 UTC ( 2 yıl, 7 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
Ad-Aware Trojan.Generic.18807634 20161014
AegisLab W32.Riskware.Hacktool!c 20161014
ALYac Trojan.Generic.18807634 20161014
Antiy-AVL Trojan[Packed]/Win32.PolyCrypt 20161014
Arcabit Trojan.Generic.D11EFB52 20161014
BitDefender Trojan.Generic.18807634 20161014
CrowdStrike Falcon (ML) malicious_confidence_99% (D) 20160725
Cyren W32/CheatEngine.B.gen!Eldorado 20161014
Emsisoft Trojan.Generic.18807634 (B) 20161014
ESET-NOD32 a variant of Win32/HackTool.CheatEngine.AF potentially unsafe 20161014
F-Prot W32/CheatEngine.B.gen!Eldorado 20161014
F-Secure Trojan.Generic.18807634 20161014
Fortinet W32/Generic.AC.17F472!tr 20161014
GData Trojan.Generic.18807634 20161014
Sophos ML trojan.win32.swrort.a 20160928
Jiangmin TrojanDropper.Injector.aqkx 20161014
K7AntiVirus Unwanted-Program ( 004ba1a41 ) 20161014
K7GW Unwanted-Program ( 004ba1a41 ) 20161014
Malwarebytes CheatTool.CETTrainer 20161014
McAfee Artemis!6E68033817BB 20161014
McAfee-GW-Edition BehavesLike.Win32.Virut.wc 20161014
eScan Trojan.Generic.18807634 20161014
Symantec SAPE.Heur.AD9F3 20161014
Yandex HackTool.CheatEngine!h2lP7QG9eRI 20161013
AhnLab-V3 20161013
Alibaba 20161014
Avast 20161014
AVG 20161014
Avira (no cloud) 20161014
AVware 20161014
Baidu 20161013
Bkav 20161013
CAT-QuickHeal 20161014
ClamAV 20161014
CMC 20161014
Comodo 20161014
DrWeb 20161014
Ikarus 20161014
Kaspersky 20161014
Kingsoft 20161014
Microsoft 20161014
NANO-Antivirus 20161014
nProtect 20161014
Panda 20161013
Qihoo-360 20161014
Rising 20161014
Sophos AV 20161014
SUPERAntiSpyware 20161014
Tencent 20161014
TheHacker 20161014
TrendMicro 20161014
TrendMicro-HouseCall 20161014
VBA32 20161013
VIPRE 20161014
ViRobot 20161014
Zillya 20161013
Zoner 20161014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-28 14:45:44
Entry Point 0x000015EB
Number of sections 5
PE sections
PE imports
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
LoadLibraryA
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetConsoleCP
LeaveCriticalSection
LCMapStringW
SetFilePointer
GetTempPathA
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetEnvironmentStrings
CreateProcessA
LCMapStringA
WriteConsoleA
IsValidCodePage
LoadResource
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
PathRemoveFileSpecA
PathAddBackslashA
PathStripPathA
MessageBoxA
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:06:28 15:45:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36352

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
4055552

SubsystemVersion
5.0

EntryPoint
0x15eb

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

PE resource-wise parents
Compressed bundles
File identification
MD5 6e68033817bb6f6bbd43437071e0799c
SHA1 45407a9c0f8fe3f9c77031fa160a61cde952786c
SHA256 6b58243693d15f5025c27cc25dcf3f74b74aea4f97e2f576252c735f559e3bad
ssdeep
98304:BA413+oO7FmBMfwOT2ryXNiIQjQ5gW8nQEYTeImF9FPUdbxI:BP20zydZQQ+JdYyjpPgbx

authentihash d99ef49f36b23d4f4b97eefba3ed203c8afac7a81689589e847335a719dc35e4
imphash 8d92fa1956a6a631c642190121740197
Dosya boyutu 3.9 MB ( 4092928 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-25 01:48:49 UTC ( 2 yıl, 9 ay önce)
Last submission 2016-12-08 16:03:58 UTC ( 2 yıl, 5 ay önce)
Dosya isimleri Shaman Hack.EXE
6b58243693d15f5025c27cc25dcf3f74b74aea4f97e2f576252c735f559e3bad.file
Shaman Hack by Black Hacker.EXE
shaman hack.exe
Behaviour characterization
Zemana
dll-injection

Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Runtime DLLs
UDP communications