× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: aab71ef7bf13e4fe8613d4f1f9ae136cd7f03474c0e576f0de6f9fc4c15edd97
Име на файла: TwoFace.exe
Съотношение на разпознаване: 6 / 58
Дата на анализиране: 2017-03-05 16:46:44 UTC (преди 5 месеци, 2 седмици) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9600 20170303
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170222
Sophos ML trojanspy.win32.skeeyah.a!rfn 20170203
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170305
Rising Malware.Heuristic!ET#95% (rdm+) 20170305
Ad-Aware 20170305
AegisLab 20170305
AhnLab-V3 20170305
Alibaba 20170228
ALYac 20170305
Antiy-AVL 20170305
Arcabit 20170305
Avast 20170305
AVG 20170305
Avira (no cloud) 20170305
AVware 20170305
BitDefender 20170305
Bkav 20170303
CAT-QuickHeal 20170304
ClamAV 20170305
CMC 20170305
Comodo 20170305
Cyren 20170305
DrWeb 20170305
Emsisoft 20170305
ESET-NOD32 20170305
F-Prot 20170305
F-Secure 20170305
Fortinet 20170305
GData 20170305
Ikarus 20170305
Jiangmin 20170301
K7AntiVirus 20170305
K7GW 20170305
Kaspersky 20170305
Kingsoft 20170305
Malwarebytes 20170305
McAfee 20170305
McAfee-GW-Edition 20170305
Microsoft 20170305
eScan 20170305
NANO-Antivirus 20170305
nProtect 20170305
Panda 20170305
Sophos AV 20170305
SUPERAntiSpyware 20170305
Symantec 20170304
Tencent 20170305
TheHacker 20170305
TrendMicro 20170305
TrendMicro-HouseCall 20170305
Trustlook 20170305
VBA32 20170303
VIPRE 20170305
ViRobot 20170305
Webroot 20170305
WhiteArmor 20170303
Yandex 20170225
Zillya 20170304
Zoner 20170305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-05 16:35:33
Entry Point 0x00001FFD
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetFileType
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:05 17:35:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
144896

SubsystemVersion
6.0

EntryPoint
0x1ffd

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7a5d5b2b2dfa1edcbb80204c3a2c9786
SHA1 2a72357fea6b3903de87ce0113704c96bf244260
SHA256 aab71ef7bf13e4fe8613d4f1f9ae136cd7f03474c0e576f0de6f9fc4c15edd97
ssdeep
3072:+glWFxNR6BnoDecAgZ7GJWsTVcuVY/Vz1tZKCbnsKl0SkO6Mgbt:2FHuoDeKpwVY51twCbnsK796j

authentihash b98dc438a573afa07e9407fcc0faa5514aea51636c57b299f9fa04f2b818fbb7
imphash 63033a84fea47a4dd7ef3c109113e2db
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-05 16:46:44 UTC (преди 5 месеци, 2 седмици)
Last submission 2017-03-05 21:30:44 UTC (преди 5 месеци, 2 седмици)
Имена на файла TwoFace.exe
TwoFace.exe
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!