× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: 9ab38c6d37b84ab39081bd0494f62a6eb3666f6d2837065b284c94c5544549c1
Tên tập tin: Elf Roast Fail
Tỷ lệ phát hiện: 48 / 60
Ngày phân tích: 2017-07-02 20:50:06 UTC ( 3 tháng, 3 tuần trước )
Chương trình Kết quả Cập nhật
Ad-Aware Gen:Variant.Kazy.169916 20170702
AegisLab Backdoor.W32.Azbreg.ufy!c 20170702
AhnLab-V3 Trojan/Win32.Tepfer.C167399 20170702
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20170630
Arcabit Trojan.Kazy.D297BC 20170702
Avast Win32:Malware-gen 20170702
AVG Win32:Malware-gen 20170702
Avira (no cloud) TR/Crypt.XPACK.Gen8 20170702
AVware Trojan.Win32.Zbocheman.fb (v) 20170702
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9699 20170630
BitDefender Gen:Variant.Kazy.169916 20170702
CAT-QuickHeal Worm.Hamweq 20170701
Comodo Heur.Suspicious 20170702
DrWeb BackDoor.Ddoser.131 20170702
Emsisoft Gen:Variant.Kazy.169916 (B) 20170702
Endgame malicious (high confidence) 20170629
ESET-NOD32 Win32/AutoRun.KS 20170702
F-Secure Gen:Variant.Kazy.169916 20170702
Fortinet W32/Kryptik.AX!tr 20170629
GData Gen:Variant.Kazy.169916 20170702
Ikarus Backdoor.Win32.Androm 20170702
Sophos ML heuristic 20170607
Jiangmin Backdoor/Azbreg.aoh 20170702
K7AntiVirus Backdoor ( 0040f4101 ) 20170702
K7GW Backdoor ( 0040f4101 ) 20170702
Kaspersky Backdoor.Win32.Azbreg.ufy 20170702
Malwarebytes Worm.AutoRun 20170702
McAfee Artemis!3DCCF3E786F0 20170702
McAfee-GW-Edition PWS-Zbot-FAUE!E74FED1D9F0D 20170702
Microsoft Worm:Win32/Hamweq 20170702
eScan Gen:Variant.Kazy.169916 20170702
NANO-Antivirus Trojan.Win32.TrjGen.bxpyuy 20170702
nProtect Backdoor/W32.Azbreg.59392 20170702
Palo Alto Networks (Known Signatures) generic.ml 20170702
Panda Trj/OCJ.E 20170702
Qihoo-360 Win32/Backdoor.db1 20170702
Rising Trojan.Generic (cloud:N8fppiekTVQ) 20170702
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV W32/IRCBot-AKW 20170702
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp[i] 20170702
Symantec Trojan.Gen 20170701
Tencent Win32.Backdoor.Azbreg.Loim 20170702
TheHacker Posible_Worm32 20170702
TotalDefense Win32/Tnega.ASBK 20170702
VBA32 Trojan.SB.01742 20170630
VIPRE Trojan.Win32.Zbocheman.fb (v) 20170702
Yandex Backdoor.Azbreg!rUquAZNOKU0 20170630
ZoneAlarm by Check Point Backdoor.Win32.Azbreg.ufy 20170702
Alibaba 20170702
ALYac 20170702
ClamAV 20170702
CMC 20170701
CrowdStrike Falcon (ML) 20170420
Cyren 20170702
F-Prot 20170702
Kingsoft 20170702
Symantec Mobile Insight 20170630
TrendMicro-HouseCall 20170702
Trustlook 20170702
ViRobot 20170702
Webroot 20170702
WhiteArmor 20170627
Zillya 20170701
Zoner 20170702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Rag 2001 2007

Product Gnat Diaper Pears Bound
Original name Onto.exe
Internal name Elf Roast Fail
File version 10, 3, 7
Description Siju
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-12 23:25:18
Entry Point 0x0008A320
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
Struct(18) 12
RT_DIALOG 11
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 32
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
24576

ImageVersion
0.0

ProductName
Gnat Diaper Pears Bound

FileVersionNumber
10.3.0.0

UninitializedDataSize
528384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
5.0

FileTypeExtension
exe

OriginalFileName
Onto.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10, 3, 7

TimeStamp
2005:04:13 00:25:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Elf Roast Fail

ProductVersion
10 3 5152

FileDescription
Siju

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Rag 2001 2007

MachineType
Intel 386 or later, and compatibles

CompanyName
I>f*i@

CodeSize
36864

FileSubtype
0

ProductVersionNumber
10.3.0.0

EntryPoint
0x8a320

ObjectFileType
Executable application

File identification
MD5 3dccf3e786f031b0333b86bf37d33bb4
SHA1 077a113863dfffdff0947bbbb341b42fbc7ab854
SHA256 9ab38c6d37b84ab39081bd0494f62a6eb3666f6d2837065b284c94c5544549c1
ssdeep
768:L9WpAbeD19PqJ84i7KTtJGZpy0FW121/QHdkV8fwJRNfyy9Rw:Qp2erqGdctgZs0FW1BdaRXNf1b

authentihash e0154a8d5bab67a3e04ae6171fd71beffdb72a3e191f085d122c2f7940bbdf30
imphash 837c25c2579db69dabe8e2336d5b8f65
File size 58.0 KB ( 59392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-05-03 13:08:45 UTC ( 4 năm, 5 tháng trước )
Last submission 2016-07-06 15:39:44 UTC ( 1 năm, 3 tháng trước )
Tên tập tin i.exe
aa
Elf Roast Fail
077a113863dfffdff0947bbbb341b42fbc7ab854
3dccf3e786f031b0333b86bf37d33bb4.077a113863dfffdff0947bbbb341b42fbc7ab854
B2721.exe
i.exe
fvLIg.com
3dccf3e786f031b0333b86bf37d33bb4
sample.exe
file-5456911_ViR
10676155
output.10676155.txt
Onto.exe
ii.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications