× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 33f310fa91d0fcf03b09c2bd97e0cabd6b8aa79ad43cc22ce61fb652fad888f8
שם קובץ: mlgih3wgw.exe
יחס זיהוי: 10 / 60
תאריך ניתוח: 2017-05-02 10:06:02 UTC ( 2 שבועות, 6 ימים לפני ) הצג אחרון
אנטי־וירוס תוצאה עדכן
AegisLab Ml.Attribute.Gen!c 20170502
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9947 20170502
CrowdStrike Falcon (ML) malicious_confidence_66% (W) 20170130
Endgame malicious (high confidence) 20170419
Invincea ransom.win32.tescrypt.a 20170413
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170501
Palo Alto Networks (Known Signatures) generic.ml 20170502
Panda Trj/Genetic.gen 20170501
Symantec ML.Attribute.HighConfidence 20170501
Webroot W32.Trojan.Gen 20170502
Ad-Aware 20170502
AhnLab-V3 20170502
Alibaba 20170502
ALYac 20170502
Antiy-AVL 20170502
Arcabit 20170502
Avast 20170502
AVG 20170502
Avira (no cloud) 20170502
AVware 20170502
BitDefender 20170502
Bkav 20170428
CAT-QuickHeal 20170502
ClamAV 20170502
CMC 20170502
Comodo 20170502
Cyren 20170502
DrWeb 20170502
Emsisoft 20170502
ESET-NOD32 20170502
F-Prot 20170502
F-Secure 20170502
Fortinet 20170502
GData 20170502
Ikarus 20170502
Jiangmin 20170502
K7AntiVirus 20170502
K7GW 20170426
Kaspersky 20170502
Kingsoft 20170502
Malwarebytes 20170502
McAfee 20170502
Microsoft 20170502
eScan 20170502
NANO-Antivirus 20170502
nProtect 20170502
Qihoo-360 20170502
Rising 20170501
SentinelOne (Static ML) 20170330
Sophos 20170502
SUPERAntiSpyware 20170502
Symantec Mobile Insight 20170502
Tencent 20170502
TheHacker 20170429
TrendMicro 20170502
TrendMicro-HouseCall 20170502
Trustlook 20170502
VBA32 20170502
VIPRE 20170502
ViRobot 20170502
WhiteArmor 20170502
Yandex 20170428
ZoneAlarm by Check Point 20170502
Zoner 20170502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-02 00:19:50
Entry Point 0x00001902
Number of sections 4
PE sections
PE imports
GetEnhMetaFileHeader
GetGraphicsMode
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
AddAtomW
SetStdHandle
WideCharToMultiByte
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
AddVectoredExceptionHandler
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 8
RT_BITMAP 5
RT_STRING 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:02 01:19:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
9.0

EntryPoint
0x1902

InitializedDataSize
185856

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 41b76a5acf63fd7d40498fc8c76b8438
SHA1 35f626114593bdd559fc63fb81ee98d347d01c3d
SHA256 33f310fa91d0fcf03b09c2bd97e0cabd6b8aa79ad43cc22ce61fb652fad888f8
ssdeep
3072:Ww05MRdSDLg90CtO1ralRMa5R3ta4c+uPuM4bbg2QPsXv:tRdSfOwwHMkR3t5iN

authentihash 7b7c1985067c34b671f20bb8dbd3bc70da96861e361aefc727f0b2909a051461
imphash 92da33a10e073f0e24001495856a437a
קודל קובץ 209.5 ק"ב ( 214528 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-02 09:22:47 UTC ( 2 שבועות, 6 ימים לפני )
Last submission 2017-05-02 10:29:24 UTC ( 2 שבועות, 6 ימים לפני )
שמות קבצים 13449-56354801-853.exe
75231-44118410-836.exe
41b76a5acf63fd7d40498fc8c76b8438.exe
83e0rn2gv.exe.3112.dr
mlgih3wgw.exe
14823-34447099-421.exe
אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications