× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: fbc80452d23d8f0bc0a68d5f34fac6c2bf22f9391f172bbc2f9b935b4888f6e4
Dosya adı: Kiosk.exe
Tespit edilme orani 0 / 54
Analiz tarihi: 2015-12-28 03:13:33 UTC ( 3 yıl önce)
Antivirus Sonuç Güncelle
Ad-Aware 20151224
AegisLab 20151227
Yandex 20151226
AhnLab-V3 20151227
Alibaba 20151208
ALYac 20151228
Antiy-AVL 20151228
Arcabit 20151228
Avast 20151228
AVG 20151228
AVware 20151227
Baidu-International 20151227
BitDefender 20151228
Bkav 20151227
ByteHero 20151228
CAT-QuickHeal 20151228
ClamAV 20151228
CMC 20151217
Comodo 20151228
Cyren 20151227
DrWeb 20151228
Emsisoft 20151228
ESET-NOD32 20151228
F-Prot 20151227
F-Secure 20151228
Fortinet 20151228
GData 20151228
Ikarus 20151228
Jiangmin 20151227
K7AntiVirus 20151227
K7GW 20151227
Kaspersky 20151228
Malwarebytes 20151227
McAfee 20151228
McAfee-GW-Edition 20151227
Microsoft 20151228
eScan 20151228
NANO-Antivirus 20151228
nProtect 20151224
Panda 20151227
Rising 20151227
Sophos AV 20151228
SUPERAntiSpyware 20151227
Symantec 20151227
Tencent 20151228
TheHacker 20151227
TotalDefense 20151227
TrendMicro 20151228
TrendMicro-HouseCall 20151228
VBA32 20151225
VIPRE 20151228
ViRobot 20151228
Zillya 20151227
Zoner 20151227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014 www.sordum.net All Rights Reserved.

File version 1.0.0.0
Description Simple Kiosk Mode
Comments Simple Kiosk Mode
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-16 07:47:33
Entry Point 0x000C1650
Number of sections 3
PE sections
Overlays
MD5 452afad17bab72856d821c23a11b1454
File type data
Offset 316416
Size 29377
Entropy 7.99
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
SafeArrayUnaccessData
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 5
RT_BITMAP 3
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 11
PE resources
ExifTool file metadata
Coder
By BlueLife

UninitializedDataSize
512000

Comments
Simple Kiosk Mode

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0xc1650

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 www.sordum.net All Rights Reserved.

FileVersion
1.0.0.0

TimeStamp
2010:04:16 08:47:33+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

FileDescription
Simple Kiosk Mode

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
www.sordum.net

CodeSize
278528

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 57015466d2b5e547f236bc3ea62ea140
SHA1 22ecfadd3f3dbb7295c00f9a119447ef2e715c0c
SHA256 fbc80452d23d8f0bc0a68d5f34fac6c2bf22f9391f172bbc2f9b935b4888f6e4
ssdeep
6144:S1db49+rEg02z4AVtgsiAXFW67i4zKhNq2mgdFUTqJ0kgT3FZ:SjkArEN20ytLiAXFoLhNq27FKEhCVZ

authentihash 17bb8dbb225f372eaeee68a1dab950ffc2c1c821ac7ae8bfba2366d52db54941
imphash 77b2e5e9b52fbef7638f64ab65f0c58c
Dosya boyutu 337.7 KB ( 345793 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2014-09-28 13:48:41 UTC ( 4 yıl, 3 ay önce)
Last submission 2015-10-04 09:29:12 UTC ( 3 yıl, 3 ay önce)
Dosya isimleri file-7529429_exe
Kiosk.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Opened service managers
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.