× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 9173fa831412637254fbf9be7e567957cd7b66126f0ec3c38619b0ab1aa8ad6f
Dateiname: BlackBox.exe
Erkennungsrate: 17 / 67
Analyse-Datum: 2017-10-29 07:13:20 UTC ( vor 3 Monate, 3 Wochen )
Antivirus Ergebnis Aktualisierung
AVware Trojan.Win32.Generic!BT 20171029
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171027
CAT-QuickHeal Trojan.IGENERIC 20171028
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cylance Unsafe 20171029
Endgame malicious (high confidence) 20171024
Sophos ML heuristic 20170914
MAX malware (ai score=99) 20171029
McAfee RDN/Generic.grp 20171029
McAfee-GW-Edition RDN/Generic.grp 20171029
Palo Alto Networks (Known Signatures) generic.ml 20171029
SentinelOne (Static ML) static engine - malicious 20171019
TrendMicro TROJ_GEN.R00JC0OH617 20171029
TrendMicro-HouseCall TROJ_GEN.R00JC0OH617 20171029
VIPRE Trojan.Win32.Generic!BT 20171029
Yandex Trojan.Razy! 20171027
Zillya Trojan.GenericKD.Win32.68202 20171027
Ad-Aware 20171029
AegisLab 20171029
AhnLab-V3 20171028
Alibaba 20170911
ALYac 20171028
Antiy-AVL 20171029
Arcabit 20171029
Avast 20171029
Avast-Mobile 20171029
AVG 20171029
Avira (no cloud) 20171028
BitDefender 20171029
Bkav 20171029
ClamAV 20171029
CMC 20171028
Comodo 20171029
Cybereason 20170628
Cyren 20171029
DrWeb 20171029
eGambit 20171029
Emsisoft 20171029
ESET-NOD32 20171029
F-Prot 20171029
F-Secure 20171029
Fortinet 20171029
GData 20171029
Ikarus 20171028
Jiangmin 20171029
K7AntiVirus 20171027
K7GW 20171029
Kaspersky 20171029
Kingsoft 20171029
Malwarebytes 20171029
Microsoft 20171029
eScan 20171029
NANO-Antivirus 20171029
nProtect 20171029
Panda 20171028
Qihoo-360 20171029
Rising 20171029
Sophos AV 20171029
SUPERAntiSpyware 20171029
Symantec 20171028
Symantec Mobile Insight 20171027
Tencent 20171029
TheHacker 20171028
Trustlook 20171029
VBA32 20171027
ViRobot 20171028
Webroot 20171029
WhiteArmor 20171024
ZoneAlarm by Check Point 20171029
Zoner 20171029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-28 15:36:21
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
GetLastError
HeapFree
GetDriveTypeW
FileTimeToSystemTime
GetModuleFileNameW
DeleteFiber
HeapAlloc
VirtualProtect
FlushFileBuffers
GetFileAttributesW
RtlUnwind
LoadLibraryA
GetLocalTime
CreateFiberEx
ConvertFiberToThread
GetCurrentProcess
GetFileSize
GetCommandLineW
GetVolumeInformationW
HeapSize
CreateDirectoryW
DeleteFileW
GetProcAddress
GetThreadContext
IsBadReadPtr
SuspendThread
GetFileTime
SetFilePointer
SetFileAttributesW
CreateThread
LoadLibraryW
ExitProcess
ExpandEnvironmentStringsW
FindNextFileW
GetTempPathW
ReadFile
SwitchToFiber
FindFirstFileW
DuplicateHandle
GetStringTypeW
GetModuleHandleW
GetCurrentThread
SetThreadContext
GlobalMemoryStatus
ResumeThread
ConvertThreadToFiber
OutputDebugStringW
WriteFile
CreateFileW
VirtualFree
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetProcessHeap
VirtualAlloc
GetSystemInfo
CloseHandle
OleUninitialize
OleInitialize
GetAsyncKeyState
MessageBoxW
IsWindowVisible
GetForegroundWindow
CharUpperW
IsCharUpperW
CharLowerW
GetWindow
IsCharLowerW
MessageBeep
Number of PE resources by type
RT_ICON 18
RT_GROUP_ICON 8
RT_GROUP_CURSOR 7
RT_CURSOR 7
Number of PE resources by language
ENGLISH US 40
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:28 16:36:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42126

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
35416

SubsystemVersion
4.0

ImageVersion
4.0

OSVersion
3.0

UninitializedDataSize
7052

Compressed bundles
File identification
MD5 271ed5d13dbd37f7180e5f1ff4936211
SHA1 8a0d25fae3a48b5b7733398c56d17ac1305f1606
SHA256 9173fa831412637254fbf9be7e567957cd7b66126f0ec3c38619b0ab1aa8ad6f
ssdeep
3072:+agO46ISOm1vzf8cHuei0ZYkNof80DWkI0cAJuFTVP2dH:+arISOuvzf88i3k280DWJuJuI

authentihash 3a4a476b1c5568f3e9cfd6e0cdc3f30cc06edfc94b79d065d1bbc43411199fee
imphash 1e147d9b4ba796203ce2b0ea3cacb416
File size 151.0 KB ( 154624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.1%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
corrupt peexe

VirusTotal metadata
First submission 2017-08-01 14:01:47 UTC ( vor 6 Monate, 3 Wochen )
Last submission 2017-10-29 07:13:20 UTC ( vor 3 Monate, 3 Wochen )
Dateinamen BlackBox.exe.2
BlackBox.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications