× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 965d2c3edcd2cc0aadfda57eb2a94c43bb928f36295a3a75390845abe3a5b7f6
Dosya adı: officeup.exe
Tespit edilme orani 6 / 56
Analiz tarihi: 2016-11-10 13:53:56 UTC ( 2 yıl, 6 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
AVware LooksLike.Win32.Crowti.b (v) 20161110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML virus.win32.sality.at 20161018
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161110
Rising Malware.Obscure!1.9C59 (classic) 20161110
VIPRE LooksLike.Win32.Crowti.b (v) 20161110
Ad-Aware 20161110
AegisLab 20161110
AhnLab-V3 20161110
Alibaba 20161110
ALYac 20161110
Antiy-AVL 20161110
Arcabit 20161110
Avast 20161110
AVG 20161110
Avira (no cloud) 20161110
Baidu 20161110
BitDefender 20161110
Bkav 20161110
CAT-QuickHeal 20161110
ClamAV 20161110
CMC 20161110
Comodo 20161110
Cyren 20161110
DrWeb 20161110
Emsisoft 20161110
ESET-NOD32 20161110
F-Prot 20161110
F-Secure 20161110
Fortinet 20161110
GData 20161110
Ikarus 20161110
Jiangmin 20161110
K7AntiVirus 20161109
K7GW 20161110
Kaspersky 20161110
Kingsoft 20161110
Malwarebytes 20161110
McAfee 20161110
McAfee-GW-Edition 20161110
Microsoft 20161110
eScan 20161110
NANO-Antivirus 20161110
nProtect 20161110
Panda 20161109
Sophos AV 20161110
SUPERAntiSpyware 20161110
Symantec 20161110
Tencent 20161110
TheHacker 20161109
TrendMicro 20161110
TrendMicro-HouseCall 20161110
VBA32 20161110
ViRobot 20161109
Yandex 20161109
Zillya 20161108
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2006

Product Application ChartDemo
Original name ChartDemo.EXE
Internal name ChartDemo
File version 1, 0, 0, 1
Description Application MFC ChartDemo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-08 18:21:03
Entry Point 0x00016A42
Number of sections 4
PE sections
Overlays
MD5 dae9a8665a2d59f5ca2be3138cd2ce3c
File type data
Offset 143360
Size 333154
Entropy 8.00
PE imports
Polygon
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetPixel
Rectangle
GetDeviceCaps
DeleteDC
IntersectClipRect
BitBlt
RealizePalette
CreateHatchBrush
GetObjectA
CreatePalette
GetStockObject
ExtTextOutA
SetTextAlign
CreateCompatibleDC
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
Ellipse
SetCommBreak
LoadLibraryW
Beep
QueryPerformanceCounter
ExitProcess
FlushFileBuffers
GlobalUnlock
GetModuleFileNameA
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
DeleteFileW
SetCommTimeouts
GetLocaleInfoW
SetFilePointer
WideCharToMultiByte
GetModuleHandleA
SetEnvironmentVariableA
GlobalMemoryStatus
VirtualQuery
CreateFileA
GetProcessTimes
SetCurrentDirectoryA
Ord(2023)
Ord(1775)
Ord(2358)
Ord(4080)
Ord(2362)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(2753)
Ord(1641)
Ord(3136)
Ord(3874)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(3610)
Ord(4023)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(2985)
Ord(5875)
Ord(4441)
Ord(6366)
Ord(5787)
Ord(809)
Ord(616)
Ord(815)
Ord(641)
Ord(5788)
Ord(2152)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(2554)
Ord(3092)
Ord(567)
Ord(4133)
Ord(4465)
Ord(2578)
Ord(2863)
Ord(5300)
Ord(5199)
Ord(2243)
Ord(818)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(5791)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(2581)
Ord(5307)
Ord(2513)
Ord(3574)
Ord(4401)
Ord(4424)
Ord(540)
Ord(3639)
Ord(1134)
Ord(4078)
Ord(3089)
Ord(556)
Ord(6376)
Ord(2294)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2754)
Ord(283)
Ord(2379)
Ord(2725)
Ord(640)
Ord(1776)
Ord(4998)
Ord(4219)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(4224)
Ord(2859)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(5302)
Ord(1233)
Ord(1771)
Ord(4284)
Ord(4398)
Ord(1088)
Ord(3262)
Ord(293)
Ord(1576)
Ord(3573)
Ord(3873)
Ord(4299)
Ord(4353)
Ord(4809)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(3693)
Ord(2411)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3742)
Ord(2976)
Ord(323)
Ord(1089)
Ord(4297)
Ord(3922)
Ord(1795)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(472)
Ord(3402)
Ord(3582)
Ord(2621)
Ord(324)
Ord(3692)
Ord(2396)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(4673)
Ord(3619)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5781)
Ord(5261)
Ord(1640)
Ord(2302)
Ord(4486)
Ord(2024)
Ord(2298)
Ord(692)
Ord(5789)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(2405)
Ord(609)
Ord(3571)
Ord(5271)
Ord(860)
Ord(5731)
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
_purecall
__p__fmode
__CxxFrameHandler
_ftol
srand
__dllonexit
_controlfp
strlen
_except_handler3
fabs
floor
__p__commode
_onexit
abs
exit
sprintf
pow
__setusermatherr
rand
sin
_XcptFilter
_acmdln
memset
_adjust_fdiv
atoi
__getmainargs
atof
_exit
_setmbcp
log10
strcpy
time
_initterm
strcmp
__set_app_type
RedrawWindow
GetMessagePos
GetParent
DrawEdge
SetClassLongW
OffsetRect
DrawIcon
GetCapture
KillTimer
GetClipboardOwner
DefWindowProcA
DrawFrameControl
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
EnableWindow
SetCapture
ReleaseCapture
PeekMessageA
SetKeyboardState
GetSysColor
SetDlgItemTextW
GetCursorPos
SystemParametersInfoA
GetClassInfoA
CheckMenuItem
SendMessageA
GetClientRect
IsIconic
RegisterClassA
SetRect
InvalidateRect
DrawFocusRect
CreateMenu
LoadIconA
FillRect
ShowCursor
CopyRect
GetWindowTextW
GetSystemMenu
FindWindowW
SetForegroundWindow
PtInRect
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
Struct(240) 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 12
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
45056

ImageVersion
0.0

ProductName
Application ChartDemo

FileVersionNumber
1.0.0.1

LanguageCode
French

FileFlagsMask
0x003f

FileDescription
Application MFC ChartDemo

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
ChartDemo.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2016:11:08 19:21:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChartDemo

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2006

MachineType
Intel 386 or later, and compatibles

CodeSize
94208

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x16a42

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9966952e6ca8c221bbeeaee3f1da0f4a
SHA1 cd74949e780f5c38546410a18fd92de55b10740b
SHA256 965d2c3edcd2cc0aadfda57eb2a94c43bb928f36295a3a75390845abe3a5b7f6
ssdeep
12288:8EYuld5SSyyyiJv3iTsYleO/YyjEy9ClxA8U5F35nItfPg:8ELXQn9iRMsYkOQKolxuFJuw

authentihash 7216aff36881c6c22baa65710a266dec06f9d8d4452ca3ec3bbfe5d844d419dc
imphash 13699946ac41b20577ff57edd9487d27
Dosya boyutu 465.3 KB ( 476514 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-10 13:48:42 UTC ( 2 yıl, 6 ay önce)
Last submission 2016-11-20 21:38:23 UTC ( 2 yıl, 6 ay önce)
Dosya isimleri ChartDemo
officeup.exe
ChartDemo.EXE
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1110.

Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications