× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: 613cf40735a9d4a1e748aebacbead6f71fdb50cda3f3b39260ff28b10a904ac9
檔案名稱: 楓之谷麻糬 - 自動喊話.exe
偵測率: 0 / 53
分析日期: 2014-07-23 14:03:18 UTC ( 2 年, 8 月 前 ) 檢視最新
防毒 結果 更新
Ad-Aware 20140723
AegisLab 20140723
Yandex 20140723
AhnLab-V3 20140723
AntiVir 20140723
Antiy-AVL 20140723
Avast 20140723
AVG 20140723
Baidu-International 20140723
BitDefender 20140723
Bkav 20140723
ByteHero 20140723
CAT-QuickHeal 20140723
ClamAV 20140723
CMC 20140722
Commtouch 20140723
Comodo 20140723
DrWeb 20140723
Emsisoft 20140723
ESET-NOD32 20140723
F-Prot 20140723
F-Secure 20140723
Fortinet 20140723
GData 20140723
Ikarus 20140723
Jiangmin 20140723
K7AntiVirus 20140723
K7GW 20140723
Kaspersky 20140723
Kingsoft 20140723
Malwarebytes 20140723
McAfee 20140723
McAfee-GW-Edition 20140722
Microsoft 20140723
eScan 20140723
NANO-Antivirus 20140723
Norman 20140723
nProtect 20140722
Panda 20140723
Qihoo-360 20140723
Rising 20140723
Sophos 20140723
SUPERAntiSpyware 20140723
Symantec 20140723
Tencent 20140723
TheHacker 20140722
TotalDefense 20140723
TrendMicro 20140723
TrendMicro-HouseCall 20140723
VBA32 20140723
VIPRE 20140723
ViRobot 20140723
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product ????? - ????
Original name ????? - ????.exe
Internal name ????? - ????
File version 2.01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-19 02:16:59
Entry Point 0x00001754
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_allmul
EVENT_SINK_Invoke
_adj_fprem
__vbaR4Var
Ord(709)
__vbaCopyBytes
__vbaRaiseEvent
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(595)
_adj_fptan
Ord(581)
__vbaFreeVar
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
Ord(320)
__vbaI4Str
Ord(607)
__vbaLenBstr
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
Ord(608)
Ord(319)
Ord(321)
_CIsin
__vbaNew
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaLsetFixstr
__vbaStrCmp
__vbaFreeObjList
EVENT_SINK_GetIDsOfNames
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
Zombie_GetTypeInfo
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(660)
_CIcos
EVENT_SINK2_AddRef
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaLateIdSt
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaObjIs
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
Ord(561)
__vbaUI1I2
_CIsqrt
_CIatan
Ord(613)
__vbaObjSet
Ord(644)
__vbaVarCat
EVENT_SINK2_Release
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
2.1

ProductName
-

FileVersionNumber
2.1.0.0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
- .exe

MIMEType
application/octet-stream

FileVersion
2.01

TimeStamp
2013:04:19 03:16:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
-

FileAccessDate
2014:08:06 15:40:19+01:00

ProductVersion
2.01

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:08:06 15:40:19+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
45056

FileSubtype
0

ProductVersionNumber
2.1.0.0

EntryPoint
0x1754

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1c82137c6a916cf81186565f844dad9d
SHA1 f46bcb255657dc7a876c4045eaadb44391858fbd
SHA256 613cf40735a9d4a1e748aebacbead6f71fdb50cda3f3b39260ff28b10a904ac9
ssdeep
768:LT3sjgsJ2ANQIQZi4J+jRd7Hg6DQe4DGOKJQcHPj:LT+J2ANQIQTOxn4iOEH

imphash 510a1f5ef685609770b6edab2ce9a1bd
File size 56.0 KB ( 57344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-23 14:03:18 UTC ( 2 年, 8 月 前 )
Last submission 2014-07-23 14:03:18 UTC ( 2 年, 8 月 前 )
檔案名稱 ????? - ????
????? - ????.exe
楓之谷麻糬 - 自動喊話.exe
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.