× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: c2e93fe7fcc96bb63aaf905196589c2c852dfae1767c6d120fc95e6c5668ba7d
Tên tập tin: 20fde41b-bf9f-d5d9-4ef4-f4820072434d.exe
Tỷ lệ phát hiện: 56 / 66
Ngày phân tích: 2018-08-12 09:08:13 UTC ( 4 ngày, 18 giờ trước )
Chương trình Kết quả Cập nhật
Ad-Aware Gen:Variant.Barys.57392 20180812
AegisLab Backdoor.W32.Androm!c 20180812
AhnLab-V3 Backdoor/Win32.Androm.R222017 20180811
ALYac Gen:Variant.Barys.57392 20180812
Arcabit Trojan.Barys.DE030 20180812
Avast Win32:Malware-gen 20180812
AVG Win32:Malware-gen 20180812
Avira (no cloud) TR/Dropper.Gen 20180812
AVware Trojan.Win32.Generic!BT 20180812
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9971 20180810
BitDefender Gen:Variant.Barys.57392 20180812
Bkav W32.PeditosLTAAI.Trojan 20180810
CAT-QuickHeal Trojan.Generic.S1562693 20180811
ClamAV Win.Trojan.WillExec-6356235-0 20180812
Comodo TrojWare.Win32.Agent.CD 20180812
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.391a37 20180225
Cylance Unsafe 20180812
Cyren W32/GenBl.F5A26093!Olympus 20180812
DrWeb Trojan.Packed2.40557 20180812
Emsisoft Gen:Variant.Barys.57392 (B) 20180812
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DYXC 20180812
F-Secure Gen:Variant.Barys.57392 20180812
Fortinet W32/Injector.DQID!tr 20180812
GData Win32.Trojan.Khalesi.B 20180812
Ikarus Trojan-Banker.Emotet 20180812
Sophos ML heuristic 20180717
Jiangmin Backdoor.Androm.sdz 20180812
K7AntiVirus Trojan ( 00521b151 ) 20180812
K7GW Trojan ( 00521b151 ) 20180812
Kaspersky HEUR:Trojan.Win32.Generic 20180812
Malwarebytes Trojan.Injector 20180812
MAX malware (ai score=86) 20180812
McAfee FakeAlert-FNV!F5A2609391A3 20180812
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.dh 20180812
Microsoft Trojan:Win32/Lethic.Q!bit 20180812
eScan Gen:Variant.Barys.57392 20180812
NANO-Antivirus Virus.Win32.Gen.ccmw 20180812
Palo Alto Networks (Known Signatures) generic.ml 20180812
Panda Trj/GdSda.A 20180811
Qihoo-360 HEUR/QVM07.1.95B7.Malware.Gen 20180812
Rising Backdoor.Androm!8.113 (C64:YzY0OhucfTF20uxE) 20180812
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180812
Symantec Trojan.Gen 20180811
Tencent Win32.Trojan.Generic.Edxa 20180812
TheHacker Trojan/Injector.drgl 20180812
TrendMicro TROJ_KHALESI.SMALY 20180812
TrendMicro-HouseCall TROJ_KHALESI.SMALY 20180812
VBA32 Backdoor.Androm 20180810
VIPRE Trojan.Win32.Generic!BT 20180812
ViRobot Trojan.Win32.XPacker.Gen 20180811
Webroot W32.Adware.Gen 20180812
Yandex Trojan.Injector!oak7H5VQwC8 20180810
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180812
Alibaba 20180713
Antiy-AVL 20180812
Avast-Mobile 20180812
Babable 20180725
CMC 20180812
eGambit 20180812
F-Prot 20180812
Kingsoft 20180812
SUPERAntiSpyware 20180812
Symantec Mobile Insight 20180809
TACHYON 20180812
Trustlook 20180812
Zoner 20180811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-02 22:58:38
Entry Point 0x00002305
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:02 23:58:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2305

InitializedDataSize
225280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f5a2609391a373a32bcdf532592b4268
SHA1 f28bc82a165ff68b9814e5507937a16eb5a55d2a
SHA256 c2e93fe7fcc96bb63aaf905196589c2c852dfae1767c6d120fc95e6c5668ba7d
ssdeep
6144:6seyuAwDSxiv4J2Z8CvlHm66W59l36xEo7EqfvcVo8XtB8pK43+:6seyuAwDSxiv4J2Z8p+P36x97jvcVJB1

authentihash 32904829f018aac6adcd9d7fc7500bde5c4a28baa20183a15aec55c9c8b1e22d
imphash 838bea1adfd32cd060e2ed3493579dcf
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-03 16:59:00 UTC ( 11 tháng, 2 tuần trước )
Last submission 2018-08-12 09:08:13 UTC ( 4 ngày, 18 giờ trước )
Tên tập tin 20fde41b-bf9f-d5d9-4ef4-f4820072434d.exe
7878ded4.exe
f5a2609391a373a32bcdf532592b4268.vir
47c6086b-d9c2-b082-86e2-0156e7ecb874.exe
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications