× Cookies被禁用! 本网站需要启用Cookie才能正常工作
SHA256: fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
文件名: фжзрюкшэщ
检出率: 58 / 66
分析日期: 2018-01-19 06:09:36 UTC ( 5 小时, 21 分钟 前 )
反病毒软件 结果 病毒库日期
Ad-Aware Trojan.Zbot.IVF 20180119
AegisLab Packer.W32.Krap.hm!c 20180119
AhnLab-V3 Virus/Win32.Ramnit.R205005 20180119
ALYac Backdoor.Zbot.al 20180119
Antiy-AVL Trojan[Packed]/Win32.Krap 20180119
Arcabit Trojan.Zbot.IVF 20180119
Avast Win32:GenMalicious-GOW [Trj] 20180119
AVG Win32:GenMalicious-GOW [Trj] 20180119
Avira (no cloud) TR/Crypt.Xpack.AB.1 20180119
AVware Trojan.Win32.Generic!BT 20180119
Baidu Win32.Trojan.Ramnit.e 20180118
BitDefender Trojan.Zbot.IVF 20180119
Bkav W32.RammintDropperNNA.Worm 20180119
CAT-QuickHeal Trojan.Ramnit.MUE.R4 20180118
ClamAV Win.Malware.QBot-846 20180119
Comodo MalCrypt.Indus! 20180119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180119
Cyren W32/Ramnit.UNAX-1410 20180119
DrWeb VBS.Dropper.128 20180119
Emsisoft Trojan.Zbot.IVF (B) 20180119
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 Win32/Ramnit.A 20180119
F-Prot W32/Ramnit.X 20180119
GData Win32.Virus.Ramnit-Main.C 20180119
Ikarus Packer.Win32.Krap 20180118
Sophos ML heuristic 20170914
Jiangmin Trojan/Generic.beznk 20180119
K7AntiVirus Backdoor ( 04c4e9741 ) 20180119
K7GW Backdoor ( 04c4e9741 ) 20180118
Kaspersky Packed.Win32.Krap.hm 20180119
Malwarebytes Worm.Qakbot 20180119
MAX malware (ai score=100) 20180119
McAfee PWS-Zbot.gen.pq 20180119
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.qc 20180118
Microsoft Worm:Win32/Ramnit.A 20180119
eScan Trojan.Zbot.IVF 20180119
NANO-Antivirus Trojan.Win32.ULPM.dlsptx 20180119
nProtect Trojan/W32.Krap.56320.AG 20180119
Palo Alto Networks (Known Signatures) generic.ml 20180119
Panda Trj/Krap.Y 20180118
Qihoo-360 VirusOrg.Win32.Ramnit.K 20180119
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV W32/Ramnit-ET 20180119
Symantec Trojan.Zbot!gen9 20180118
Tencent Virus.Win32.Ramnit.efg 20180119
TheHacker Posible_Worm32 20180115
TotalDefense Win32/Ramnit.NFTMJbB 20180118
TrendMicro BKDR_QAKBOT.SMC 20180119
TrendMicro-HouseCall BKDR_QAKBOT.SMC 20180119
VBA32 Malware-Cryptor.Win32.073 20180118
VIPRE Trojan.Win32.Generic!BT 20180119
ViRobot Trojan.Win32.Z.Zbot.56320.F 20180119
Webroot W32.Malware.gen 20180119
Yandex Trojan.Kryptik!P4PzTd0t6I4 20180112
ZoneAlarm by Check Point Packed.Win32.Krap.hm 20180119
Zoner Trojan.Zbot 20180119
Alibaba 20180118
Avast-Mobile 20180118
CMC 20180116
eGambit 20180119
Fortinet 20180119
Kingsoft 20180119
Rising 20180119
SUPERAntiSpyware 20180119
Symantec Mobile Insight 20180118
Trustlook 20180119
Zillya 20180118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2528-6142

Product люзанх
Original name nedwp.exe
Internal name фжзрюкшэщ
File version 106.42.73.61
Description BitDefender Management Console
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-12 11:02:20
Entry Point 0x0002C030
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DragFinish
WinHelpW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.4

ImageVersion
8.1

FileVersionNumber
106.42.73.61

UninitializedDataSize
122880

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x2c030

OriginalFileName
nedwp.exe

MIMEType
application/octet-stream

LegalCopyright
2528-6142

FileVersion
106.42.73.61

TimeStamp
2008:02:12 12:02:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
106.42.73.61

FileDescription
BitDefender Management Console

OSVersion
10.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SOFTWIN S.R.L.

CodeSize
57344

FileSubtype
0

ProductVersionNumber
106.42.73.61

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 ff5e1f27193ce51eec318714ef038bef
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
ssdeep
1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY

authentihash 99dc4b0f55eed36a83a5dc3c5fd6fa5ed273fc25e48941cdf45e180d89a41f85
imphash 500cd02578808f964519eb2c85153046
File size 55.0 KB ( 56320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.5%)
Win16/32 Executable Delphi generic (10.8%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-07-30 21:00:35 UTC ( 7 年, 5 月 前 )
Last submission 2018-01-19 04:15:56 UTC ( 7 小时, 14 分钟 前 )
文件名 GameSrv.exe
fd6c69c345f1e329_cuckoo-b50d63d855c0e0f88bc42adb185c5b67e965fb46773d28767d66ef535f395d99srv.exe
VKCypherSrv.exe
sampSrv.exe
AutoWinSrv.exe
SAMP-S~1Srv.exe
LCOFDNuY.exe
aBgGRhxB.exe
fd6c69c345f1e329_cuckoo-04fac603385317d5c4df402fef45a5cea3b82ce4471c20eb43a7033ec8f0dc15srv.exe
fd6c69c345f1e329_cuckoo-6c90cab2b394c2692df57769f0eb9cbe1d9bddeb05a36f951a79361f1a511397srv.exe
fd6c69c345f1e329_cuckoo-d00af8887e03f9825219df40cce43c2d24d75901d91dafe6296f199586083b4fsrvsrv.exe
SCFExDBSrv.exe
fd6c69c345f1e329_cuckoo-ce03e3c9d0ad5b69b5c1082cbe6e88733b694aa1978c7a0878a5d7ef1b12eac3srv.exe
l2Srv.exe
fd6c69c345f1e329_cuckoo-02a4fdeb18ea313056341adfde40d09abb87c97cfe56771cf5bbe47560bb92f7srv.exe
DISTRO - CONSOLESrv.exe
DEM_LogoSrv.exe
??? ??????.exe
????1.0Srv.exe
fd6c69c345f1e329_cuckoo-3acd863879e7dc183c2c790e4512709ed532dab2759eb49994e7260b6b6f09d2srv.exe
TibiaSrv.exe
pjSrv.exe
fd6c69c345f1e329_cuckoo-f70e12a3b8b60948fd40f1a91888bea700d78c3a30d6868f0ec4cc58ba634aaesrv.exe
TibiaSrv.vir
FSRecorderSrv.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

没有评论. 没有VirusTotal社区成员评论该项目,抢沙发!

发表评论

?
发表评论

您没有登录。只有注册用户可以发表评论,请登录后发表评论!

没有投票. 目前没有用户投票。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.