× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: c904c6a47434e67fe10064964619d2d0568b1976e6e3ccacccf87d8e7d7d1732
Dosya adı: A8999.exe
Tespit edilme orani 42 / 54
Analiz tarihi: 2017-01-18 20:28:28 UTC ( 8 ay, 1 hafta önce)
Antivirus Sonuç Güncelle
Ad-Aware Gen:Variant.Zusy.Elzob.8031 20170118
AhnLab-V3 Trojan/Win32.Shell.R1283 20170118
ALYac Gen:Variant.Zusy.Elzob.8031 20170118
Arcabit Trojan.Zusy.Elzob.D1F5F 20170118
Avast Win32:SwPatch [Wrm] 20170118
AVG Agent 20170118
Avira (no cloud) TR/Crypt.EPACK.Gen2 20170118
AVware Trojan.Win32.Swrort.B (v) 20170118
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20170118
BitDefender Gen:Variant.Zusy.Elzob.8031 20170118
CAT-QuickHeal Trojan.Swrort.A 20170118
ClamAV BC.Win.Trojan.Swrort-17210 20170118
Comodo TrojWare.Win32.Rozena.A 20170118
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Swrort.A.gen!Eldorado 20170118
DrWeb Trojan.Swrort.1 20170118
Emsisoft Gen:Variant.Zusy.Elzob.8031 (B) 20170118
ESET-NOD32 a variant of Win32/Rozena.AM 20170118
F-Prot W32/Swrort.A.gen!Eldorado 20170118
F-Secure Gen:Variant.Zusy.Elzob.8031 20170118
Fortinet W32/Swrort.C!tr 20170118
GData Gen:Variant.Zusy.Elzob.8031 20170118
Ikarus Trojan.Win32.Swrort 20170118
Sophos ML trojan.win32.swrort.a 20170111
K7AntiVirus Backdoor ( 04c53cce1 ) 20170118
K7GW Backdoor ( 04c53cce1 ) 20170118
Kaspersky Packed.Win32.BDF.a 20170118
Malwarebytes Backdoor.Bot.Gen 20170118
McAfee Swrort.h 20170118
McAfee-GW-Edition BehavesLike.Win32.Swrort.lh 20170118
Microsoft Trojan:Win32/Swrort.A 20170118
eScan Gen:Variant.Zusy.Elzob.8031 20170118
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20170118
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170118
Rising Malware.Heuristic!ET#99% (rdm+) 20170118
Sophos AV Mal/EncPk-ACE 20170118
SUPERAntiSpyware Trojan.Backdoor-PoisonIvy 20170118
Symantec Packed.Generic.347 20170118
TrendMicro BKDR_SWRORT.SM 20170118
VIPRE Trojan.Win32.Swrort.B (v) 20170118
ViRobot Trojan.Win32.Elzob.Gen[h] 20170118
Yandex Trojan.Rosena.Gen.1 20170118
AegisLab 20170118
Alibaba 20170118
Antiy-AVL 20170118
CMC 20170118
Jiangmin 20170118
Kingsoft 20170118
nProtect 20170118
Panda 20170118
Tencent 20170118
TheHacker 20170117
Trustlook 20170118
VBA32 20170118
WhiteArmor 20170117
Zillya 20170117
Zoner 20170118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2009 The Apache Software Foundation.

Product Apache HTTP Server
Original name ab.exe
Internal name ab.exe
File version 2.2.14
Description ApacheBench command line utility
Comments Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-23 07:49:13
Entry Point 0x000080A0
Number of sections 4
PE sections
Overlays
MD5 95eb479e8f470740aa86bcb86cb13966
File type data
Offset 73728
Size 74
Entropy 4.61
PE imports
FreeSid
AllocateAndInitializeSid
PeekNamedPipe
GetLastError
EnterCriticalSection
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SystemTimeToFileTime
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
GetCommandLineW
FreeEnvironmentStringsW
GetProcAddress
FormatMessageA
SetStdHandle
CreateMutexA
TlsFree
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetFileInformationByHandle
DuplicateHandle
SetHandleInformation
SetEvent
LocalFree
TerminateProcess
DeviceIoControl
GetTimeZoneInformation
InitializeCriticalSection
CreateFileW
CreateEventA
Sleep
GetFileType
CreateFileA
SetLastError
LeaveCriticalSection
strncmp
__p__fmode
malloc
__p__environ
realloc
fclose
__dllonexit
_controlfp
fprintf
printf
fflush
fopen
strncpy
_except_handler3
_errno
qsort
_onexit
wcslen
exit
_XcptFilter
_ftol
strrchr
__setusermatherr
__p__wenviron
_adjust_fdiv
_strdup
_close
strchr
_isctype
__p__commode
_pctype
free
__p___initenv
atoi
wcsncmp
__getmainargs
calloc
perror
_initterm
strstr
signal
strerror
wcscpy
strspn
modf
__mb_cur_max
_strnicmp
_exit
__set_app_type
_iob
WSARecv
WSASend
setsockopt
getsockopt
__WSAFDIsSet
ntohl
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
connect
WSACleanup
inet_ntoa
htons
closesocket
select
socket
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
FileDescription
ApacheBench command line utility

Comments
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

InitializedDataSize
40960

ImageVersion
0.0

ProductName
Apache HTTP Server

FileVersionNumber
2.2.14.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
ab.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2.14

TimeStamp
2009:07:23 08:49:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ab.exe

SubsystemVersion
4.0

ProductVersion
2.2.14

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2009 The Apache Software Foundation.

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
45056

FileSubtype
0

ProductVersionNumber
2.2.14.0

EntryPoint
0x80a0

ObjectFileType
Executable application

File identification
MD5 eba0efc298fa1ec8c3386e4d2c55731e
SHA1 3be9388ed1983f5f14c5a6e4e4a31b306cafcb86
SHA256 c904c6a47434e67fe10064964619d2d0568b1976e6e3ccacccf87d8e7d7d1732
ssdeep
1536:If3iCWRvrBLLmx/ccac2llJpntxMb+KR0Nc8QsJq39:QyhRvrBbtztxe0Nc8QsC9

authentihash 737f2780b030fd3e6e4d17c800bc0b27928258634b38e93894654de2e044b463
imphash 481f47bbb2c9c21e108d65f52b04c448
Dosya boyutu 72.1 KB ( 73802 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-18 20:28:28 UTC ( 8 ay, 1 hafta önce)
Last submission 2017-01-18 20:28:28 UTC ( 8 ay, 1 hafta önce)
Dosya isimleri A8999.exe
ab.exe
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications