× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: 47eb86e6aea94f75c5892571222780c9f6e21d984452f7222ec22eb615323625
檔案名稱: Bolletta.exe
偵測率: 28 / 56
分析日期: 2016-03-11 11:53:30 UTC ( 3 年, 2 月 前 ) 檢視最新
防毒 結果 更新
Ad-Aware Trojan.GenericKD.3092724 20160311
AegisLab Troj.Dropper.Gen8!c 20160311
Arcabit Trojan.Generic.D2F30F4 20160311
Avast Win32:Malware-gen 20160311
AVG Generic_r.IBG 20160311
Avira (no cloud) TR/Dropper.Gen8 20160311
Baidu Win32.Trojan.Kryptik.qb 20160310
BitDefender Trojan.GenericKD.3092724 20160311
Bkav HW32.Packed.BEEE 20160310
Comodo TrojWare.Win32.Injector.~TT 20160311
DrWeb Trojan.PWS.Siggen1.48449 20160311
Emsisoft Trojan.Win32.Injector (A) 20160311
ESET-NOD32 a variant of Win32/Injector.CTZI 20160311
F-Secure Trojan.GenericKD.3092724 20160311
Fortinet W32/CTZI!tr 20160311
GData Trojan.GenericKD.3092724 20160311
Ikarus Trojan.Win32.Filecoder 20160311
Kaspersky Trojan.Win32.Waldek.fyp 20160311
Malwarebytes Ransom.TorrentLocker 20160311
McAfee Ransomware-FGH!1FD2020826C6 20160311
McAfee-GW-Edition BehavesLike.Win32.Dropper.hh 20160311
Microsoft Ransom:Win32/Teerac 20160311
eScan Trojan.GenericKD.3092724 20160311
Panda Generic Suspicious 20160310
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160311
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160311
Sophos AV Troj/Ransom-CKT 20160311
Tencent Win32.Trojan.Dropper.Edok 20160311
Yandex 20160310
AhnLab-V3 20160311
Alibaba 20160311
ALYac 20160311
Antiy-AVL 20160311
AVware 20160311
Baidu-International 20160311
ByteHero 20160311
CAT-QuickHeal 20160311
ClamAV 20160311
CMC 20160307
Cyren 20160311
F-Prot 20160311
Jiangmin 20160311
K7AntiVirus 20160311
K7GW 20160310
NANO-Antivirus 20160311
nProtect 20160311
SUPERAntiSpyware 20160311
Symantec 20160310
TheHacker 20160310
TrendMicro 20160311
TrendMicro-HouseCall 20160311
VBA32 20160310
VIPRE 20160311
ViRobot 20160311
Zillya 20160310
Zoner 20160311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-10 00:48:14
Entry Point 0x0000DC86
Number of sections 4
PE sections
PE imports
EnumDateFormatsW
GetComputerNameW
GetCommModemStatus
EnumCalendarInfoA
GetCurrentDirectoryW
GetStartupInfoA
GetModuleHandleA
GetQueuedCompletionStatus
ContinueDebugEvent
GetLargestConsoleWindowSize
GetTimeFormatW
DisconnectNamedPipe
GetACP
GetFileAttributesW
Ord(324)
Ord(3825)
Ord(1092)
Ord(1071)
Ord(2124)
Ord(5199)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(1086)
Ord(1081)
Ord(1078)
Ord(2982)
Ord(3147)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(4079)
Ord(1775)
Ord(2055)
Ord(1033)
Ord(4837)
Ord(5307)
Ord(4353)
Ord(3798)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(1090)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(1077)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(2985)
Ord(4998)
Ord(2385)
Ord(815)
Ord(1089)
Ord(5300)
Ord(4698)
Ord(1030)
Ord(5163)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2554)
Ord(1013)
Ord(4441)
Ord(4274)
Ord(1036)
Ord(5261)
Ord(4465)
Ord(3136)
Ord(1034)
Ord(5731)
_adjust_fdiv
__p__fmode
atan2
iswcntrl
_acmdln
__p__commode
__setusermatherr
_setmbcp
_onexit
_execvp
wctomb
_cgets
_ltoa
modf
__getmainargs
_initterm
_controlfp
__set_app_type
PeekMessageW
Number of PE resources by type
RT_ICON 19
RT_GROUP_ICON 14
RT_BITMAP 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 18
SYRIAC DEFAULT 18
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.241.233.185

UninitializedDataSize
0

LanguageCode
Unknown (DODO)

FileFlagsMask
0x003f

InitializedDataSize
491520

EntryPoint
0xdc86

MIMEType
application/octet-stream

LegalCopyright
2011 (C) 2012

FileVersion
0.207.50.41

TimeStamp
2008:11:10 01:48:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cadaver

ProductVersion
0.86.132.178

FileDescription
Basement Cargo Codification

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cloanto Corporation

CodeSize
57344

ProductName
Bishops Civilise

ProductVersionNumber
0.208.138.29

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1fd2020826c64158cf2f2a145831011c
SHA1 1b8f9def6862166dee060efc481d59b982791b73
SHA256 47eb86e6aea94f75c5892571222780c9f6e21d984452f7222ec22eb615323625
ssdeep
12288:Z44XB2uzwjV4NQgkeQtSfp/ErPzGDMezCgJFglqE2p1vnuiy:nRzYKweXfp/QGDMeuqglq7/vnui

authentihash 953805c081d10895769c127dea21349142e749ef2f341f3aa5de85d5f238d866
imphash 4789013039a26d54f8ec3d98d6729942
File size 540.0 KB ( 552960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.4%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-10 08:15:32 UTC ( 3 年, 2 月 前 )
Last submission 2016-11-22 10:33:13 UTC ( 2 年, 6 月 前 )
檔案名稱 Bolletta.exe
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files