× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: c2e93fe7fcc96bb63aaf905196589c2c852dfae1767c6d120fc95e6c5668ba7d
Tên tập tin: 47c6086b-d9c2-b082-86e2-0156e7ecb874.exe
Tỷ lệ phát hiện: 48 / 64
Ngày phân tích: 2017-09-20 19:37:52 UTC ( 3 tuần, 5 ngày trước )
Chương trình Kết quả Cập nhật
Ad-Aware Gen:Variant.Zusy.244803 20170920
AegisLab Backdoor.W32.Androm!c 20170920
AhnLab-V3 Backdoor/Win32.Androm.C2116364 20170920
ALYac Gen:Variant.Zusy.244803 20170920
Arcabit Trojan.Zusy.D3BC43 20170920
Avast Win32:Malware-gen 20170920
AVG Win32:Malware-gen 20170920
Avira (no cloud) TR/Dropper.Gen 20170920
AVware Trojan.Win32.Generic!BT 20170919
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9971 20170920
BitDefender Gen:Variant.Zusy.244803 20170920
Comodo UnclassifiedMalware 20170920
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cylance Unsafe 20170920
Cyren W32/Trojan.JLQA-0045 20170920
DrWeb Trojan.Siggen7.22024 20170920
Emsisoft Gen:Variant.Zusy.244803 (B) 20170920
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRGL 20170920
F-Secure Gen:Variant.Zusy.244803 20170920
Fortinet W32/Injector.DQID!tr 20170920
GData Gen:Variant.Zusy.244803 20170920
Ikarus Trojan.Win32.Krypt 20170920
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.sdz 20170920
K7AntiVirus Trojan ( 005135601 ) 20170920
K7GW Trojan ( 005135601 ) 20170920
Kaspersky Backdoor.Win32.Androm.nwzc 20170920
MAX malware (ai score=86) 20170920
McAfee GenericR-KIA!F5A2609391A3 20170920
McAfee-GW-Edition GenericR-KIA!F5A2609391A3 20170920
Microsoft Trojan:Win32/Dynamer!rfn 20170920
eScan Gen:Variant.Zusy.244803 20170920
NANO-Antivirus Trojan.Win32.Androm.eslcyj 20170920
Palo Alto Networks (Known Signatures) generic.ml 20170920
Panda Trj/GdSda.A 20170920
Qihoo-360 HEUR/QVM07.1.95B7.Malware.Gen 20170920
Rising Trojan.Kryptik!1.AD44 (RDM+:cmRtazpCF4E8BATSZSVcmBluRkBQ) 20170920
Sophos AV Mal/Generic-S 20170920
Symantec Trojan.Gen 20170920
Tencent Win32.Backdoor.Androm.Edxa 20170920
TrendMicro TROJ_GEN.R01BC0DI517 20170920
TrendMicro-HouseCall TROJ_GEN.R01BC0DI517 20170920
VBA32 Backdoor.Androm 20170920
VIPRE Trojan.Win32.Generic!BT 20170920
Webroot W32.Adware.Gen 20170920
Yandex Trojan.Injector!oak7H5VQwC8 20170908
ZoneAlarm by Check Point Backdoor.Win32.Androm.nwzc 20170920
Alibaba 20170911
Antiy-AVL 20170920
Avast-Mobile 20170829
CAT-QuickHeal 20170920
ClamAV 20170920
CMC 20170920
F-Prot 20170920
Kingsoft 20170920
Malwarebytes 20170920
nProtect 20170920
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170920
Symantec Mobile Insight 20170920
TheHacker 20170916
Trustlook 20170920
ViRobot 20170920
WhiteArmor 20170829
Zillya 20170920
Zoner 20170920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-02 22:58:38
Entry Point 0x00002305
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:09:02 23:58:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
225280

SubsystemVersion
4.0

EntryPoint
0x2305

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f5a2609391a373a32bcdf532592b4268
SHA1 f28bc82a165ff68b9814e5507937a16eb5a55d2a
SHA256 c2e93fe7fcc96bb63aaf905196589c2c852dfae1767c6d120fc95e6c5668ba7d
ssdeep
6144:6seyuAwDSxiv4J2Z8CvlHm66W59l36xEo7EqfvcVo8XtB8pK43+:6seyuAwDSxiv4J2Z8p+P36x97jvcVJB1

authentihash 32904829f018aac6adcd9d7fc7500bde5c4a28baa20183a15aec55c9c8b1e22d
imphash 838bea1adfd32cd060e2ed3493579dcf
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-03 16:59:00 UTC ( 1 tháng, 1 tuần trước )
Last submission 2017-09-03 16:59:00 UTC ( 1 tháng, 1 tuần trước )
Tên tập tin 7878ded4.exe
47c6086b-d9c2-b082-86e2-0156e7ecb874.exe
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications