× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: aab71ef7bf13e4fe8613d4f1f9ae136cd7f03474c0e576f0de6f9fc4c15edd97
Nombre: TwoFace.exe
Detecciones: 6 / 58
Fecha de análisis: 2017-03-05 16:46:44 UTC ( hace 3 meses, 3 semanas ) Ver el más reciente
Antivirus Resultado Actualización
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9600 20170303
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170222
Invincea trojanspy.win32.skeeyah.a!rfn 20170203
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170305
Rising Malware.Heuristic!ET#95% (rdm+) 20170305
Ad-Aware 20170305
AegisLab 20170305
AhnLab-V3 20170305
Alibaba 20170228
ALYac 20170305
Antiy-AVL 20170305
Arcabit 20170305
Avast 20170305
AVG 20170305
Avira (no cloud) 20170305
AVware 20170305
BitDefender 20170305
Bkav 20170303
CAT-QuickHeal 20170304
ClamAV 20170305
CMC 20170305
Comodo 20170305
Cyren 20170305
DrWeb 20170305
Emsisoft 20170305
ESET-NOD32 20170305
F-Prot 20170305
F-Secure 20170305
Fortinet 20170305
GData 20170305
Ikarus 20170305
Jiangmin 20170301
K7AntiVirus 20170305
K7GW 20170305
Kaspersky 20170305
Kingsoft 20170305
Malwarebytes 20170305
McAfee 20170305
McAfee-GW-Edition 20170305
Microsoft 20170305
eScan 20170305
NANO-Antivirus 20170305
nProtect 20170305
Panda 20170305
Sophos 20170305
SUPERAntiSpyware 20170305
Symantec 20170304
Tencent 20170305
TheHacker 20170305
TrendMicro 20170305
TrendMicro-HouseCall 20170305
Trustlook 20170305
VBA32 20170303
VIPRE 20170305
ViRobot 20170305
Webroot 20170305
WhiteArmor 20170303
Yandex 20170225
Zillya 20170304
Zoner 20170305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-05 16:35:33
Entry Point 0x00001FFD
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetFileType
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:05 17:35:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
144896

SubsystemVersion
6.0

EntryPoint
0x1ffd

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7a5d5b2b2dfa1edcbb80204c3a2c9786
SHA1 2a72357fea6b3903de87ce0113704c96bf244260
SHA256 aab71ef7bf13e4fe8613d4f1f9ae136cd7f03474c0e576f0de6f9fc4c15edd97
ssdeep
3072:+glWFxNR6BnoDecAgZ7GJWsTVcuVY/Vz1tZKCbnsKl0SkO6Mgbt:2FHuoDeKpwVY51twCbnsK796j

authentihash b98dc438a573afa07e9407fcc0faa5514aea51636c57b299f9fa04f2b818fbb7
imphash 63033a84fea47a4dd7ef3c109113e2db
Tamaño del fichero 211.0 KB ( 216064 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-05 16:46:44 UTC ( hace 3 meses, 3 semanas )
Last submission 2017-03-05 21:30:44 UTC ( hace 3 meses, 3 semanas )
Nombres TwoFace.exe
TwoFace.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!