× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: bc52de68b68840d4becadd10dde75d659a61a38e0b116ac7b4bed067948b315e
檔案名稱: Qhdizwg.exe
偵測率: 14 / 64
分析日期: 2017-08-16 10:57:30 UTC ( 1 年, 9 月 前 ) 檢視最新
防毒 結果 更新
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20170816
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9603 20170816
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cylance Unsafe 20170816
Endgame malicious (high confidence) 20170721
Sophos ML heuristic 20170607
Kaspersky UDS:DangerousObject.Multi.Generic 20170816
McAfee-GW-Edition BehavesLike.Win32.VirRansom.hh 20170816
Palo Alto Networks (Known Signatures) generic.ml 20170816
Rising Malware.Heuristic!ET#97% (cloud:3ShvybIO0vN) 20170816
SentinelOne (Static ML) static engine - malicious 20170806
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20170816
Webroot W32.Trojan.Gen 20170816
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170816
Ad-Aware 20170816
AegisLab 20170816
AhnLab-V3 20170816
Alibaba 20170816
ALYac 20170816
Antiy-AVL 20170816
Arcabit 20170816
Avast 20170816
AVG 20170816
Avira (no cloud) 20170816
BitDefender 20170816
Bkav 20170816
CAT-QuickHeal 20170816
ClamAV 20170816
CMC 20170816
Comodo 20170816
Cyren 20170816
DrWeb 20170816
Emsisoft 20170816
ESET-NOD32 20170816
F-Prot 20170816
F-Secure 20170816
Fortinet 20170816
GData 20170816
Ikarus 20170816
Jiangmin 20170816
K7AntiVirus 20170816
K7GW 20170816
Kingsoft 20170816
Malwarebytes 20170816
MAX 20170816
McAfee 20170816
Microsoft 20170815
eScan 20170816
NANO-Antivirus 20170816
nProtect 20170816
Panda 20170816
Qihoo-360 20170816
Sophos AV 20170816
SUPERAntiSpyware 20170816
Symantec 20170816
Symantec Mobile Insight 20170815
Tencent 20170816
TheHacker 20170816
TrendMicro 20170816
TrendMicro-HouseCall 20170816
Trustlook 20170816
VBA32 20170816
ViRobot 20170816
WhiteArmor 20170815
Yandex 20170815
Zillya 20170816
Zoner 20170816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-15 17:05:36
Entry Point 0x00044FEF
Number of sections 4
PE sections
PE imports
DeleteDC
GetLastError
lstrlenA
lstrcmpA
GetModuleHandleA
lstrcatA
GetCurrentDirectoryA
ExitProcess
GetStartupInfoA
HeapAlloc
MapViewOfFile
CreateFileA
GetCommandLineA
SetCurrentDirectoryA
GetProcessHeap
SetFocus
GetMessageA
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
MapWindowPoints
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MoveWindow
ModifyMenuA
MessageBoxA
SetWindowLongA
TranslateMessage
RegisterClassExA
GetCursorPos
SetWindowTextA
ShowCaret
LoadStringA
SendMessageA
CreateWindowExA
RegisterClassA
LoadAcceleratorsA
SetTimer
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetDesktopWindow
LockWindowUpdate
OpenClipboard
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:05:15 18:05:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
391680

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
136704

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x44fef

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9eaf0ffbe125da56bcafd9b326939ef2
SHA1 5d29fbc227e983d34eee2aec792936485f41c9c3
SHA256 bc52de68b68840d4becadd10dde75d659a61a38e0b116ac7b4bed067948b315e
ssdeep
12288:oiSvLdToi5kL4fiRIDT+SynYMHZ3ioO4SO:MROL4ffDT+SyYWih4

authentihash 489f96d8a5887248208ac3848e56621114751416a23a1c6b0d611b02166de90c
imphash 015d2d34868aba44c29b32b4b1ac510f
File size 516.5 KB ( 528896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-16 09:53:10 UTC ( 1 年, 9 月 前 )
Last submission 2018-05-23 12:15:18 UTC ( 12 月 前 )
檔案名稱 nothing44.png
Qhdizwg.exe
Qhdizwg.exe
Pgchyvf.exe
Qhdizwg.exe
pgchyvf.exe
Qhdizwg.exe
Pgchyvf.exe
9eaf0ffbe125da56bcafd9b326939ef2.vir
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications