× Куки вимкнені! Цей сайт потребує ввімкнення куків для правильної роботи
SHA256: ed6e30b614420fe3804a5807dd10c9d57a998f61c9aa94f83b8f478598aaf8b6
Назва файлу: ChipGenius_v4_00_0201.exe
Співвідношення виявлення: 14 / 57
Дата дослідження: 2015-03-05 23:48:38 UTC ( 4 роки тому ) Переглянути останні
Противірус Підсумок Оновлення
Yandex Trojan.DR.Agent!TlpT0xXFCFo 20150228
Avast Win32:Malware-gen 20150305
Avira (no cloud) TR/Dropper.Gen 20150305
AVware Trojan.Win32.Generic!BT 20150305
Ikarus Trojan.Dropper 20150305
Kaspersky UDS:DangerousObject.Multi.Generic 20150305
McAfee Artemis!004D4086981C 20150305
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20150305
Norman Troj_Generic.YQXIF 20150305
Rising PE:Trojan.Win32.Generic.1827888B!405244043 20150305
Symantec Trojan.Gen 20150305
TrendMicro TROJ_GEN.R000C0EC315 20150305
TrendMicro-HouseCall TROJ_GEN.R000C0EC315 20150305
VIPRE Trojan.Win32.Generic!BT 20150305
Ad-Aware 20150305
AegisLab 20150305
AhnLab-V3 20150305
Alibaba 20150305
ALYac 20150305
Antiy-AVL 20150305
AVG 20150305
Baidu-International 20150305
BitDefender 20150305
Bkav 20150305
ByteHero 20150306
CAT-QuickHeal 20150305
ClamAV 20150306
CMC 20150304
Comodo 20150305
Cyren 20150305
DrWeb 20150305
Emsisoft 20150305
ESET-NOD32 20150306
F-Prot 20150305
F-Secure 20150305
Fortinet 20150305
GData 20150305
Jiangmin 20150304
K7AntiVirus 20150305
K7GW 20150306
Kingsoft 20150306
Malwarebytes 20150305
Microsoft 20150306
eScan 20150306
NANO-Antivirus 20150305
nProtect 20150305
Panda 20150305
Qihoo-360 20150306
Sophos AV 20150305
SUPERAntiSpyware 20150305
Tencent 20150306
TheHacker 20150303
TotalDefense 20150305
VBA32 20150305
ViRobot 20150305
Zillya 20150305
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
~~翁软在线 创意无限~~

Product Chip Genius
Original name ChipGenius_v4_00_0201.exe
Internal name ChipGenius_v4_00_0201
File version 4.00.0201
Description U盘/MP3主控芯片识别工具
Comments 方便实用的USB设备主控芯片识别工具
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-31 18:13:52
Entry Point 0x000EE020
Number of sections 3
PE sections
Overlays
MD5 93b885adfe0da089cdf634904fd59f71
File type ASCII text
Offset 273920
Size 1
Entropy 0.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(581)
Number of PE resources by type
RT_STRING 22
RT_ICON 7
MYDIGIT 3
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 16
ENGLISH US 11
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
USB

InitializedDataSize
86016

ImageVersion
4.0

ProductName
Chip Genius

FileVersionNumber
4.0.0.201

UninitializedDataSize
786432

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
ChipGenius_v4_00_0201.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.00.0201

TimeStamp
2015:01:31 10:13:52-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChipGenius_v4_00_0201

ProductVersion
4.00.0201

FileDescription
U /MP3

OSVersion
4.0

FileOS
Win32

LegalCopyright
~~ ~~

MachineType
Intel 386 or later, and compatibles

CodeSize
188416

FileSubtype
0

ProductVersionNumber
4.0.0.201

EntryPoint
0xee020

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 004d4086981c11754a5aa1c197e956b6
SHA1 416419b85b6d85831b383013a56c6f5575577871
SHA256 ed6e30b614420fe3804a5807dd10c9d57a998f61c9aa94f83b8f478598aaf8b6
ssdeep
6144:KoaJyYdqrVX4aX72nOYK5/cB4Geef2h2oShPOF:KoGdqhXd5cBdxoS

authentihash 1ba20b6778ffef1b38bcbd324f73bf465cbe667e9d5004226a86014c0a123367
imphash 3243b13e562279ab7fbe2f31e45d3a95
Розмір файлу 267.5 Кб ( 273921 bytes )
Тип файлу Win32 EXE
Чарівні букви
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (60.8%)
Win32 Dynamic Link Library (generic) (15.0%)
Win32 Executable (generic) (10.3%)
OS/2 Executable (generic) (4.6%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-02-01 05:55:20 UTC ( 4 роки, 1 місяць тому )
Last submission 2019-02-05 16:09:07 UTC ( 1 місяць, 1 тиждень тому )
Назви файлів ChipGenius_v4_00_0201.exe
ChipGenius_v4_00_0201.exe
ChipGenius v4.00.0201 2015.exe
1.exe
ChipGenius.exe
chipgenius_v4_00_0201.exe
ChipGenius_v4_00_0201
chipgenius_v4_00_0201.exe
ChipGenius_v4_00_0201.exe
chipgenius_v4_00_0201.exe
ChipGenius_v4_00_0201.exe
ChipGenius_V4_00_0201.Exe
ChipGenius_v4_00_0201.exe
CG2015.exe
ChipGenius_v4_00_0201.exe
ChipGenius v4.00.0201.exe
ChipGenius_v4_00_0201.exe
004d4086981c11754a5aa1c197e956b6.vir
ChipGenius_V4_00_0201.Exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08JC0OIS15.

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

Немає дописів. Жоден член VirusTotal Спільноти ще не писав з цього приводу, Ви можете стати першим, хто зробить це!

Напишіть свій допис…

?
Залишити допис

Ви не ввійшли в систему. Лише зареєстровані користувачі можуть залишати дописи, увійдіть для отримання прав!

Немає голосів. Наразі ніхто не проголосував з цього приводу, Ви можете стати першим, хто зробить це!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications