× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: ae3cf792cc95c66f1f0b882caed71f05fabf366d0a6313a7b94e55d2cc17c0ed
Dosya adı: redchip2.exe
Tespit edilme orani 18 / 61
Analiz tarihi: 2017-04-07 10:40:49 UTC ( 2 yıl, 1 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
Ad-Aware Gen:Variant.Razy.158204 20170407
AegisLab Uds.Dangerousobject.Multi!c 20170407
Arcabit Trojan.Razy.D269FC 20170407
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170406
BitDefender Gen:Variant.Razy.158204 20170407
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Emsisoft Gen:Variant.Razy.158204 (B) 20170407
Endgame malicious (high confidence) 20170407
ESET-NOD32 a variant of Win32/GenKryptik.AATO 20170407
F-Secure Gen:Variant.Razy.158204 20170407
GData Gen:Variant.Razy.158204 20170407
Sophos ML trojan.win32.sirefef.p 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170407
eScan Gen:Variant.Razy.158204 20170407
Palo Alto Networks (Known Signatures) generic.ml 20170407
Symantec ML.Attribute.HighConfidence 20170406
Webroot W32.Trojan.Gen 20170407
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170407
AhnLab-V3 20170407
Alibaba 20170407
ALYac 20170407
Antiy-AVL 20170407
Avast 20170407
AVG 20170407
Avira (no cloud) 20170407
AVware 20170407
Bkav 20170407
CAT-QuickHeal 20170407
ClamAV 20170407
CMC 20170407
Comodo 20170407
Cyren 20170407
DrWeb 20170407
F-Prot 20170407
Fortinet 20170407
Ikarus 20170407
Jiangmin 20170407
K7AntiVirus 20170407
K7GW 20170407
Kingsoft 20170407
Malwarebytes 20170407
McAfee 20170407
McAfee-GW-Edition 20170407
Microsoft 20170407
NANO-Antivirus 20170407
nProtect 20170407
Panda 20170406
Qihoo-360 20170407
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170407
SUPERAntiSpyware 20170407
Symantec Mobile Insight 20170406
Tencent 20170407
TheHacker 20170406
TrendMicro 20170407
TrendMicro-HouseCall 20170407
Trustlook 20170407
VBA32 20170407
VIPRE 20170407
ViRobot 20170407
WhiteArmor 20170327
Yandex 20170406
Zillya 20170406
Zoner 20170407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-07 01:33:03
Entry Point 0x00001690
Number of sections 11
PE sections
PE imports
GetUserNameW
ImmEnumRegisterWordA
ImmGetConversionListW
FormatMessageW
GetDriveTypeW
OpenJobObjectW
EncodeSystemPointer
ConvertDefaultLocale
GetWriteWatch
GetTickCount
GetFileType
FreeConsole
GetCommandLineA
GetProcAddress
GetModuleHandleW
IsCharAlphaA
CoTestCancel
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:04:07 02:33:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
143360

SubsystemVersion
4.0

EntryPoint
0x1690

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a0bad59d63ffbc8b1026dbec7f25f333
SHA1 5db8cb361da97e31f3e4ec1572b5fa601a1efebf
SHA256 ae3cf792cc95c66f1f0b882caed71f05fabf366d0a6313a7b94e55d2cc17c0ed
ssdeep
1536:E6xR2DI4Fh5ijn+zRpkUZ7nk9u7w7opHhjMAbHQyOsHWdLwQyJUnOypcTw1I:bREMjn+zRpkQosnHg93yKxpyw

authentihash d2ce4ffecd8a9a45aae559d076926fa1b3cf716e53e711f259427f56408f3dde
imphash e1b506d8dcbb029e55bbf65ad54e4cc1
Dosya boyutu 148.0 KB ( 151552 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-07 10:18:37 UTC ( 2 yıl, 1 ay önce)
Last submission 2017-04-07 12:37:30 UTC ( 2 yıl, 1 ay önce)
Dosya isimleri a0bad59d63ffbc8b1026dbec7f25f333.exe
DRIDEX (2)
MALWARE DOC
redchip2.exe
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications