× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 746b9a5c26cae1980a224afc7b2be1a836a7709532bd35c8d0d36f94ed1c84ea
Nom du fichier : EZBlocker.exe
Ratio de détection : 1 / 55
Date d'analyse : 2016-12-18 21:32:47 UTC (il y a 4 semaines, 1 jour) Voir les derniers
Antivirus Résultat Mise à jour
Rising Malware.Undefined!8.C-zPw7H6Ix7SI (cloud) 20161218
ALYac 20161218
AVG 20161218
AVware 20161218
Ad-Aware 20161218
AegisLab 20161217
AhnLab-V3 20161218
Alibaba 20161216
Antiy-AVL 20161218
Arcabit 20161218
Avast 20161218
Avira (no cloud) 20161218
Baidu 20161207
BitDefender 20161218
Bkav 20161217
CAT-QuickHeal 20161217
CMC 20161218
ClamAV 20161218
Comodo 20161218
CrowdStrike Falcon (ML) 20161024
Cyren 20161218
DrWeb 20161218
ESET-NOD32 20161218
Emsisoft 20161218
F-Prot 20161218
F-Secure 20161218
Fortinet 20161218
GData 20161218
Ikarus 20161218
Invincea 20161216
Jiangmin 20161218
K7AntiVirus 20161218
K7GW 20161218
Kaspersky 20161218
Kingsoft 20161218
Malwarebytes 20161218
McAfee 20161218
McAfee-GW-Edition 20161218
eScan 20161218
Microsoft 20161218
NANO-Antivirus 20161218
Panda 20161218
Qihoo-360 20161218
SUPERAntiSpyware 20161218
Sophos 20161218
Symantec 20161218
Tencent 20161218
TheHacker 20161214
TrendMicro 20161218
TrendMicro-HouseCall 20161218
Trustlook 20161218
VBA32 20161216
VIPRE 20161218
ViRobot 20161218
WhiteArmor 20161212
Yandex 20161217
Zillya 20161216
Zoner 20161218
nProtect 20161218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2012-2016 Eric Zhang

Product EZBlocker
Original name EZBlocker.exe
Internal name EZBlocker.exe
File version 1.6.8.4
Description EZBlocker
Comments http://www.ericzhang.me
Signature verification Signed file, verified signature
Signing date 8:38 AM 12/2/2016
Signers
[+] Open Source Developer
Status Valid
Issuer Certum Code Signing CA SHA2
Valid from 8:00 PM 10/6/2016
Valid to 8:00 PM 10/6/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4C3DFDA6069623076EB015B65E40F399FA0312CC
Serial number 11 3A B8 2A 55 7F 4D E4 97 82 00 01 D3 61 30 71
[+] Certum Code Signing CA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 12:30 PM 10/29/2015
Valid to 12:30 PM 6/9/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 905DE119F6A0118CFFBF8B69463EFE5BD0C1D322
Serial number 6B 32 6A 0F 03 28 D3 7A 1D 53 0B FD 23 BD 48 E2
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 1:07 PM 10/22/2008
Valid to 1:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-02 07:32:41
Entry Point 0x001798BA
Number of sections 3
.NET details
Module Version ID 5cea501e-ea78-4a24-a3e0-671093fdfb3b
TypeLib ID 21d38de5-96a9-42ae-ba70-224adfd93c5d
PE sections
Overlays
MD5 2872ed5dc9d216004f1293e8e5b0fae2
File type data
Offset 1974272
Size 6312
Entropy 7.32
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
http://www.ericzhang.me

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.8.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
EZBlocker

CharacterSet
Unicode

InitializedDataSize
435200

EntryPoint
0x1798ba

OriginalFileName
EZBlocker.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012-2016 Eric Zhang

FileVersion
1.6.8.4

TimeStamp
2016:12:02 08:32:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EZBlocker.exe

ProductVersion
1.6.8.4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Eric Zhang

CodeSize
1538560

ProductName
EZBlocker

ProductVersionNumber
1.6.8.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.6.8.4

File identification
MD5 e4de4313e45dd3990b33069658f24544
SHA1 013d8f102b4333076e8b939d98994fbf1a823308
SHA256 746b9a5c26cae1980a224afc7b2be1a836a7709532bd35c8d0d36f94ed1c84ea
ssdeep
24576:3Rr1FZihw6XRr1FZihw6jpzD6BZVz346c5HR3TFZiSJR:3RrM3XRrM3j96BZVyR3ae

authentihash 13eb399730006c10b2ddab9522e04083b82683c1ffbd949061f98a86b602696a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.9 MB ( 1980584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Win32 EXE PECompact compressed (generic) (30.1%)
Win64 Executable (generic) (20.0%)
UPX compressed Win32 Executable (19.6%)
Win32 EXE Yoda's Crypter (19.2%)
Win32 Dynamic Link Library (generic) (4.7%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2016-12-02 09:31:15 UTC (il y a 1 mois, 2 semaines)
Last submission 2017-01-16 18:00:14 UTC (il y a 12 heures, 46 minutes)
Noms du fichier ezblocker.exe
EZBlocker.exe
EZBlocker.exe
EZBlocker (1).exe
EZBlocker.exe
EZBlocker.exe
EZBlocker.exe
EZBlocker.1.6.8.4.exe
ezblocker.exe
EZBlocker.exe
EZBlocker.exe
EZBlocker.exe
EZBlocker.exe
ezblocker.exe
EZBlocker (1).exe
Advanced heuristic and reputation engines
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications