× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: 71c7490ef3e9a96f316c8452e4c4701710acd327786544c94d50205ef518dd59
Tên tập tin: 2.exe
Tỷ lệ phát hiện: 19 / 61
Ngày phân tích: 2017-04-17 08:52:24 UTC ( 2 năm, 1 tháng trước )
Chương trình Kết quả Cập nhật
Ad-Aware Gen:Variant.Midie.36774 20170417
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170417
BitDefender Gen:Variant.Midie.36774 20170417
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Kovter.T2.gen!Eldorado 20170417
DrWeb Trojan.Kovter.297 20170417
Emsisoft Gen:Variant.Midie.36774 (B) 20170417
Endgame malicious (high confidence) 20170413
ESET-NOD32 a variant of Win32/GenKryptik.ACBU 20170417
F-Prot W32/Kovter.T2.gen!Eldorado 20170417
GData Gen:Variant.Midie.36774 20170417
Sophos ML virus.win32.viking.ng 20170413
McAfee-GW-Edition BehavesLike.Win32.ICLoader.fc 20170417
eScan Gen:Variant.Midie.36774 20170417
Qihoo-360 HEUR/QVM20.1.8A60.Malware.Gen 20170417
Rising Malware.Generic.1!tfe (thunder:1:sKoKbCk5paN) 20170417
Sophos AV Mal/Kovter-Z 20170417
Symantec ML.Attribute.HighConfidence 20170416
Webroot W32.Trojan.Gen 20170417
AegisLab 20170417
AhnLab-V3 20170417
Alibaba 20170417
ALYac 20170417
Antiy-AVL 20170417
Arcabit 20170417
Avast 20170417
AVG 20170417
Avira (no cloud) 20170416
AVware 20170410
CAT-QuickHeal 20170417
ClamAV 20170417
CMC 20170417
Comodo 20170417
F-Secure 20170417
Fortinet 20170417
Ikarus 20170417
Jiangmin 20170416
K7AntiVirus 20170417
K7GW 20170417
Kaspersky 20170417
Kingsoft 20170417
Malwarebytes 20170417
McAfee 20170417
Microsoft 20170417
NANO-Antivirus 20170416
nProtect 20170417
Palo Alto Networks (Known Signatures) 20170417
Panda 20170417
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170417
Symantec Mobile Insight 20170414
Tencent 20170417
TheHacker 20170416
TotalDefense 20170417
TrendMicro 20170417
TrendMicro-HouseCall 20170417
Trustlook 20170417
VBA32 20170414
VIPRE 20170417
ViRobot 20170417
WhiteArmor 20170409
Yandex 20170414
Zillya 20170414
ZoneAlarm by Check Point 20170417
Zoner 20170417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2004-2011 Google Inc.

Product Picasa Photo Viewer
Original name GooglePhotoView
Internal name Picasa Viewer
Description Picasa Photo Viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-26 04:06:45
Entry Point 0x00003A91
Number of sections 8
PE sections
Overlays
MD5 37e7dc0d3ab5514de86f6620b4eb3635
File type data
Offset 368128
Size 689
Entropy 7.74
PE imports
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExW
SetSystemPaletteUse
CombineRgn
SetAbortProc
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
ScrollConsoleScreenBufferA
GetDriveTypeA
SetConsoleCursorPosition
GetLocalTime
GetDiskFreeSpaceA
LocalAlloc
GetConsoleCursorInfo
GetFileInformationByHandle
SetStdHandle
GetFileTime
WriteConsoleOutputA
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
SetFileAttributesA
LocalFree
MoveFileA
GetEnvironmentVariableA
SetConsoleWindowInfo
AllocConsole
SetLastError
GetSystemTime
DeviceIoControl
ReadConsoleInputA
ExitProcess
GetModuleFileNameA
SetConsoleScreenBufferSize
GetVolumeInformationA
SetConsoleCtrlHandler
FindClose
GetModuleHandleA
GetCurrentProcess
SetEnvironmentVariableA
GlobalMemoryStatus
SearchPathA
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
ReadConsoleOutputA
HeapFree
SetHandleCount
FillConsoleOutputCharacterA
GetExitCodeProcess
QueryPerformanceCounter
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetProcAddress
GetConsoleScreenBufferInfo
FindFirstFileA
FreeConsole
FindNextFileA
GetTimeZoneInformation
GetFileType
CreateFileA
HeapAlloc
ReadConsoleOutputAttribute
GetLastError
SystemTimeToFileTime
LCMapStringA
RemoveDirectoryA
FileTimeToLocalFileTime
GetCurrentProcessId
lstrlenW
GetCurrentDirectoryA
HeapSize
SetConsoleCursorInfo
GetCurrentThread
SetFilePointer
ReadFile
CloseHandle
PeekConsoleInputA
GetVersion
CreateProcessA
HeapCreate
VirtualFree
WriteConsoleOutputCharacterA
Sleep
ShellExecuteExA
SetFocus
EndDialog
KillTimer
ShowWindow
LoadBitmapA
SendDlgItemMessageA
CharToOemBuffA
OemToCharBuffA
DispatchMessageA
EnableWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetKeyState
SetClassWord
GetDlgItem
SetTimer
LoadCursorA
LoadIconA
GetWindowTextA
SetCursor
DestroyWindow
_outp
malloc
free
RtlInitNlsTables
RtlFormatMessage
DbgPrompt
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 5
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 8
FRENCH BELGIAN 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2001:01:26 05:06:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
2.23

FileTypeExtension
exe

InitializedDataSize
301568

SubsystemVersion
4.0

EntryPoint
0x3a91

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
130560

Compressed bundles
File identification
MD5 4c6c4eb6291409982621cc0354f5f19d
SHA1 984faa972ef35850d78d3a46b42d432d77881e34
SHA256 71c7490ef3e9a96f316c8452e4c4701710acd327786544c94d50205ef518dd59
ssdeep
6144:kvpIbqYuCvUKdw/tFkk6qMdh314YJ9oSJcZBYW3KtTQX76CdafcRZPE6FiZAJk27:y3xIUKdiFkyMdh314Y8SMB53Ky76Jfc9

authentihash 851d10956b4d2c01b38b8f58e70e6fbce527b054a13b1ea9a0042d034986bdc9
imphash c523b39492b18ec17b49d0fdeb2f9976
File size 360.2 KB ( 368817 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-17 08:52:24 UTC ( 2 năm, 1 tháng trước )
Last submission 2017-04-17 08:52:24 UTC ( 2 năm, 1 tháng trước )
Tên tập tin GooglePhotoView
Picasa Viewer
2.exe
2.exe
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications