× Куки вимкнені! Цей сайт потребує ввімкнення куків для правильної роботи
SHA256: 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b5439
Назва файлу: VRjknXtWFtAkFOA1VzudGPhGg.exe
Співвідношення виявлення: 0 / 68
Дата дослідження: 2018-02-16 16:39:34 UTC ( 1 тиждень тому )
Противірус Підсумок Оновлення
Ad-Aware 20180216
AegisLab 20180216
AhnLab-V3 20180216
Alibaba 20180209
ALYac 20180216
Antiy-AVL 20180216
Arcabit 20180216
Avast 20180216
Avast-Mobile 20180216
AVG 20180216
Avira (no cloud) 20180216
AVware 20180216
Baidu 20180208
BitDefender 20180216
Bkav 20180212
CAT-QuickHeal 20180216
ClamAV 20180216
CMC 20180216
Comodo 20180216
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180216
Cyren 20180216
DrWeb 20180216
eGambit 20180216
Emsisoft 20180216
Endgame 20180216
ESET-NOD32 20180216
F-Prot 20180216
F-Secure 20180216
Fortinet 20180216
GData 20180216
Ikarus 20180216
Sophos ML 20180121
Jiangmin 20180216
K7AntiVirus 20180216
K7GW 20180216
Kaspersky 20180216
Kingsoft 20180216
Malwarebytes 20180216
MAX 20180216
McAfee 20180216
McAfee-GW-Edition 20180216
Microsoft 20180216
eScan 20180216
NANO-Antivirus 20180216
nProtect 20180216
Palo Alto Networks (Known Signatures) 20180216
Panda 20180216
Qihoo-360 20180216
Rising 20180216
SentinelOne (Static ML) 20180115
Sophos AV 20180216
SUPERAntiSpyware 20180216
Symantec 20180216
Symantec Mobile Insight 20180215
Tencent 20180216
TheHacker 20180216
TotalDefense 20180216
TrendMicro 20180216
TrendMicro-HouseCall 20180216
Trustlook 20180216
VBA32 20180216
VIPRE 20180216
ViRobot 20180216
Webroot 20180216
WhiteArmor 20180205
Yandex 20180216
Zillya 20180216
ZoneAlarm by Check Point 20180216
Zoner 20180216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2006-2013

Product RegRun Security Suite, UnHackMe
Original name Partizan.exe
Internal name Partizan.exe
File version 1, 0, 0, 9
Description Partizan - First Bootwatch Anti-Rootkit
Comments http://www.greatis.com
Signature verification Signed file, verified signature
Signing date 11:14 AM 12/24/2014
Signers
[+] Greatis Software LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 6/2/2011
Valid to 12:59 AM 6/2/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 119AF5ED3B1B7ACA667C4A13603AA77C9984DE15
Serial number 57 54 25 92 0A 0F A1 10 B2 3C 10 FD 66 9F AE 85
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-24 10:14:32
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 5d6631a62537541a7d76d93307336574
File type data
Offset 36352
Size 3856
Entropy 7.37
PE imports
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
NtQueryKey
_allmul
NtSetInformationFile
memset
NtDisplayString
RtlTimeToTimeFields
swprintf
NtTerminateProcess
NtClose
NtSetSecurityObject
NtFlushKey
RtlAllocateAndInitializeSid
NtDelayExecution
NtSaveKey
RtlCreateHeap
NtReadFile
NtOpenSymbolicLinkObject
NtWriteFile
NtDeleteFile
RtlUpcaseUnicodeString
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
NtOpenFile
RtlCreateSecurityDescriptor
NtLoadKey
memcpy
NtUnloadKey
RtlFreeSid
NtQuerySystemTime
NtCreateFile
RtlFreeHeap
NtFlushBuffersFile
NtQueryAttributesFile
NtDeleteKey
RtlDosPathNameToNtPathName_U
RtlCompareUnicodeString
memmove
NtOpenKey
RtlInitAnsiString
NtEnumerateKey
RtlAdjustPrivilege
NtEnumerateValueKey
NtQueryInformationFile
_chkstk
NtQueryInformationProcess
RtlSetOwnerSecurityDescriptor
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
RUSSIAN 6
PE resources
ExifTool file metadata
LegalTrademarks
Partizan

SubsystemVersion
4.0

Comments
http://www.greatis.com

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Partizan - First Bootwatch Anti-Rootkit

CharacterSet
Unicode

InitializedDataSize
19968

EntryPoint
0x1000

OriginalFileName
Partizan.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006-2013

FileVersion
1, 0, 0, 9

TimeStamp
2014:12:24 11:14:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Partizan.exe

ProductVersion
7.6

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Greatis Software

CodeSize
15360

ProductName
RegRun Security Suite, UnHackMe

ProductVersionNumber
7.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PE resource-wise parents
Compressed bundles
File identification
MD5 d5915a4c454e50d76b343019d9978373
SHA1 d55c1104b66bef529644528723cdced4c24c6f52
SHA256 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b5439
ssdeep
768:xB58AT6F3K3YRsNnpgDGGtY52p3T3bmbXXhYMyr:xBCF3KoEnmI20bnhmr

authentihash e76e521773640d9cc2c3f5cfaa487580cd680e18c9fa3e72acbf976afe43296e
imphash f668496dea200af00faf89e261f17c6e
Розмір файлу 39.3 Кб ( 40208 bytes )
Тип файлу Win32 EXE
Чарівні букви
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay signed via-tor native

VirusTotal metadata
First submission 2014-12-30 07:00:56 UTC ( 3 роки, 1 місяць тому )
Last submission 2018-02-16 16:39:34 UTC ( 1 тиждень тому )
Назви файлів NOTEELAINE_Part.exe
part.exe
partx1.jpg
file
part.jpg-17Jul15.1017.txt
MICRO1_Part.exe
vt-upload-4m2Q3J
partx1novo.jpg
VRjknXtWFtAkFOA1VzudGPhGg.exe
partizan.exe
ranca.jpg
rock1.jpg
PARTIZAN.EXE
part.jpg.exe
d5915a4c454e50d76b343019d9978373.jpg
Partizan.exe
mdRH_FINANCEIRO-P.exe.vir
NATIVEEXE
att90.jpg
blz1.jpg.exe
d55c1104b66bef529644528723cdced4c24c6f52.exe
blz1.jpg
lol.jpg
part.jpg
PALBERTO-PC32.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Немає дописів. Жоден член VirusTotal Спільноти ще не писав з цього приводу, Ви можете стати першим, хто зробить це!

Напишіть свій допис…

?
Залишити допис

Ви не ввійшли в систему. Лише зареєстровані користувачі можуть залишати дописи, увійдіть для отримання прав!

Немає голосів. Наразі ніхто не проголосував з цього приводу, Ви можете стати першим, хто зробить це!