× Куки вимкнені! Цей сайт потребує ввімкнення куків для правильної роботи
SHA256: 04c1f48283dfd9888bb03d16c110e18c3167c06f2e9b20b58382099f89d1b3ff
Назва файлу: moonlight.exe
Співвідношення виявлення: 0 / 46
Дата дослідження: 2013-03-22 13:06:50 UTC ( 4 роки, 9 місяців тому ) Переглянути останні
Противірус Підсумок Оновлення
Yandex 20130321
AhnLab-V3 20130321
AntiVir 20130322
Antiy-AVL 20130322
Avast 20130322
AVG 20130321
BitDefender 20130322
ByteHero 20130322
CAT-QuickHeal 20130322
ClamAV 20130322
Commtouch 20130322
Comodo 20130322
DrWeb 20130322
Emsisoft 20130322
eSafe 20130319
ESET-NOD32 20130322
F-Prot 20130321
F-Secure 20130322
Fortinet 20130322
GData 20130322
Ikarus 20130322
Jiangmin 20130321
K7AntiVirus 20130321
Kaspersky 20130322
Kingsoft 20130318
Malwarebytes 20130322
McAfee 20130322
McAfee-GW-Edition 20130322
Microsoft 20130322
eScan 20130322
NANO-Antivirus 20130322
Norman 20130321
nProtect 20130322
Panda 20130322
PCTools 20130321
Rising 20130322
Sophos AV 20130322
SUPERAntiSpyware 20130322
Symantec 20130322
TheHacker 20130322
TotalDefense 20130321
TrendMicro 20130322
TrendMicro-HouseCall 20130322
VBA32 20130321
VIPRE 20130322
ViRobot 20130322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, UPX_LZMA, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:59
Entry Point 0x000039E3
Number of sections 6
PE sections
Overlays
MD5 7322bab31ce80c13ce9111a32849ed9d
File type data
Offset 70656
Size 2965615
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:24 20:19:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
10.0

EntryPoint
0x39e3

InitializedDataSize
445952

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
5.0

UninitializedDataSize
16896

File identification
MD5 f0ba1eb093aa1e062acc982bf0f87251
SHA1 2feb0661e05250496f7888e4ff69d65f1f137296
SHA256 04c1f48283dfd9888bb03d16c110e18c3167c06f2e9b20b58382099f89d1b3ff
ssdeep
49152:GNt+iOJHn+QsOhFpz0cZX83B+oW7syY8dgkLq/ZTcxP5ZCe9ZYhqyyeHJ/CjCBf4:zdH+45R83BXgXdgkeVyht8TJ/bBfuQ7E

authentihash ab6e85614386bc7ef9b2bc2e451d3a64a40387e7ceac6bb2bed54a8cce2d5303
imphash 32f3282581436269b3a75b6675fe3e08
Розмір файлу 2.9 Мб ( 3036271 bytes )
Тип файлу Win32 EXE
Чарівні букви
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
nsis peexe via-tor overlay

VirusTotal metadata
First submission 2013-03-22 13:06:50 UTC ( 4 роки, 9 місяців тому )
Last submission 2016-04-12 15:47:08 UTC ( 1 рік, 8 місяців тому )
Назви файлів moonlight.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Немає дописів. Жоден член VirusTotal Спільноти ще не писав з цього приводу, Ви можете стати першим, хто зробить це!

Напишіть свій допис…

?
Залишити допис

Ви не ввійшли в систему. Лише зареєстровані користувачі можуть залишати дописи, увійдіть для отримання прав!

Немає голосів. Наразі ніхто не проголосував з цього приводу, Ви можете стати першим, хто зробить це!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.