× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: 7779b019a8ffabad25ad61696b7ed713810d33afb422f28524ac0472a6f87d96
檔案名稱: 2.exe
偵測率: 17 / 59
分析日期: 2017-03-08 06:53:19 UTC ( 2 年, 2 月 前 ) 檢視最新
防毒 結果 更新
Ad-Aware Gen:Variant.Poweliks.4 20170308
Arcabit Trojan.Poweliks.4 20170308
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9869 20170308
BitDefender Gen:Variant.Poweliks.4 20170308
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Poweliks.4 (B) 20170308
Endgame malicious (high confidence) 20170222
F-Secure Gen:Variant.Poweliks.4 20170308
Fortinet W32/GenKryptik.WCE!tr 20170308
GData Gen:Variant.Poweliks.4 20170308
Sophos ML virus.win32.jadtre.a!a 20170203
eScan Gen:Variant.Poweliks.4 20170308
Palo Alto Networks (Known Signatures) Virus/Win32.WGeneric.lnefz 20170308
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170308
Sophos AV Mal/Kovter-Z 20170308
Symantec ML.Attribute.HighConfidence 20170307
Webroot Malicious 20170308
AegisLab 20170308
AhnLab-V3 20170308
Alibaba 20170228
ALYac 20170308
Antiy-AVL 20170308
Avast 20170308
AVG 20170308
Avira (no cloud) 20170308
AVware 20170308
CAT-QuickHeal 20170308
CMC 20170307
Comodo 20170308
Cyren 20170308
DrWeb 20170308
ESET-NOD32 20170308
F-Prot 20170308
Ikarus 20170307
Jiangmin 20170308
K7AntiVirus 20170308
K7GW 20170308
Kaspersky 20170308
Kingsoft 20170308
Malwarebytes 20170308
McAfee 20170308
McAfee-GW-Edition 20170307
Microsoft 20170308
NANO-Antivirus 20170308
nProtect 20170308
Panda 20170307
Rising 20170308
SUPERAntiSpyware 20170308
Tencent 20170308
TheHacker 20170305
TotalDefense 20170308
TrendMicro 20170308
TrendMicro-HouseCall 20170308
Trustlook 20170308
VBA32 20170307
VIPRE 20170308
ViRobot 20170308
WhiteArmor 20170303
Yandex 20170306
Zillya 20170307
ZoneAlarm by Check Point 20170308
Zoner 20170308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Nero

Product Nero Burning Starter
Original name S t a r t . e x e
Internal name NBRS
File version 15,0,25,0
Description Nero
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-18 20:28:00
Entry Point 0x00003676
Number of sections 8
PE sections
Overlays
MD5 07f41d6a1c85a24abd23f5a534cf2163
File type data
Offset 359424
Size 744
Entropy 7.71
PE imports
RegOpenKeyA
RegCloseKey
QueryServiceStatus
RegSetValueExA
StartServiceA
RegEnumValueA
EqualSid
InitCommonControlsEx
ImageList_Create
ImageList_DrawEx
ImageList_BeginDrag
SetLocalTime
ConvertFiberToThread
_lwrite
SetCommBreak
GetModuleHandleA
OpenProcess
GetLastError
ContinueDebugEvent
SetNamedPipeHandleState
CreateEventA
ExitProcess
CloseHandle
IsProcessorFeaturePresent
UnlockFileEx
GetProcAddress
LoadLibraryA
AddVectoredExceptionHandler
SetErrorInfo
VarI4FromCy
ShellExecuteExA
Shell_NotifyIconA
SetFocus
RedrawWindow
LoadBitmapA
SetWindowPos
SetTimer
DispatchMessageA
EndPaint
WindowFromPoint
GetDC
GetCursorPos
DrawTextA
SendMessageA
GetClientRect
LoadAcceleratorsA
LoadImageA
MsgWaitForMultipleObjects
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
DrawFrameControl
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
GetWindow
LoadStringA
SetClipboardData
GetWindowPlacement
IsIconic
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
FillRect
DeferWindowPos
DefFrameProcA
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
EndDialog
CreatePopupMenu
CheckMenuItem
DrawIconEx
CreateMenu
GetDlgItem
CreateDialogParamA
ClientToScreen
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
ExitWindowsEx
ReleaseDC
IntersectRect
GetScrollInfo
LoadMenuA
CreateIconIndirect
GetCapture
ScreenToClient
FindWindowA
GetPropA
SetDlgItemTextA
DialogBoxParamA
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
UnionRect
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
SetWindowTextA
TranslateAcceleratorA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
ChooseColorA
dwLBSubclass
CoUninitialize
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH JAMAICA 5
FRENCH BELGIAN 2
PE resources
ExifTool file metadata
SpecialBuild
15,0,25,0

UninitializedDataSize
211456

InitializedDataSize
379904

ImageVersion
1.0

ProductName
Nero Burning Starter

FileVersionNumber
15.0.25.0

LanguageCode
Unknown (2009)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

LinkerVersion
2.23

FileTypeExtension
exe

OriginalFileName
S t a r t . e x e

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15,0,25,0

TimeStamp
2005:12:18 21:28:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NBRS

SubsystemVersion
4.0

ProductVersion
15,0,25,0

FileDescription
Nero

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2013 Nero

MachineType
Intel 386 or later, and compatibles

CodeSize
77824

FileSubtype
0

ProductVersionNumber
15.0.25.0

EntryPoint
0x3676

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 663a72e19de37e5815befeeecce01854
SHA1 40110eddc5c9622155d960cdd944b272f1b6f34f
SHA256 7779b019a8ffabad25ad61696b7ed713810d33afb422f28524ac0472a6f87d96
ssdeep
6144:7cMxIkDqtuJWy5bFTwt0Ca5t6heYa/cbqc2frg5p44QgC:VtDY4bS0b5Iezwh2Tg5Cf

authentihash b2e7190f74e790857f66cf99533b694efb6cfb9ef0b4ccffa04f7d93a49ae00c
imphash 9a3e54078aaf7d0cf34be3a4b96c7020
File size 351.7 KB ( 360168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-08 06:53:19 UTC ( 2 年, 2 月 前 )
Last submission 2017-03-29 01:47:34 UTC ( 2 年, 1 月 前 )
檔案名稱 NBRS
liks.exe
2.exe
2.exe%vir
S t a r t . e x e
2.exe
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications