× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: aab71ef7bf13e4fe8613d4f1f9ae136cd7f03474c0e576f0de6f9fc4c15edd97
ファイル名: TwoFace.exe
検出率: 42 / 65
分析日時: 2017-08-23 19:58:17 UTC (1 ヶ月, 3 週間前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.Generic.20833703 20170823
AegisLab Troj.Ad.Swrort!c 20170823
ALYac Trojan.Generic.20833703 20170823
Antiy-AVL Trojan/Win32.AGeneric 20170823
Arcabit Trojan.Generic.D13DE5A7 20170823
Avast Win32:Malware-gen 20170823
AVG Win32:Malware-gen 20170823
Avira (no cloud) TR/AD.Swrort.jpqwg 20170823
AVware Trojan.Win32.Generic!BT 20170823
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9600 20170823
BitDefender Trojan.Generic.20833703 20170823
CAT-QuickHeal Trojan.IGENERIC 20170823
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170823
Cyren W32/Trojan.KKXI-3225 20170823
Emsisoft Trojan.Generic.20833703 (B) 20170823
ESET-NOD32 a variant of Win32/Kryptik.FRAS 20170823
F-Secure Trojan.Generic.20833703 20170823
Fortinet PossibleThreat 20170823
GData Trojan.Generic.20833703 20170823
Ikarus Trojan.AD.Swrort 20170823
Sophos ML heuristic 20170822
Jiangmin Trojan.Generic.atnih 20170823
K7AntiVirus Riskware ( 0040eff71 ) 20170823
K7GW Riskware ( 0040eff71 ) 20170821
Kaspersky UDS:DangerousObject.Multi.Generic 20170823
MAX malware (ai score=88) 20170823
McAfee Artemis!7A5D5B2B2DFA 20170823
McAfee-GW-Edition Artemis 20170823
eScan Trojan.Generic.20833703 20170823
NANO-Antivirus Trojan.Win32.AD.emfrjz 20170823
Panda Trj/GdSda.A 20170823
Rising Malware.Heuristic!ET#93% (cloud:2KdNHeTbG5G) 20170823
Sophos AV Mal/Generic-S 20170823
Symantec Trojan.Gen.2 20170823
Tencent Win32.Trojan.Kryptik.Aiin 20170823
TrendMicro TROJ_GEN.R047C0OCS17 20170823
TrendMicro-HouseCall TROJ_GEN.R047C0OCS17 20170823
VIPRE Trojan.Win32.Generic!BT 20170823
Yandex Trojan.AD!3PGj+zoUjSA 20170823
Zillya Trojan.Kryptik.Win32.1118298 20170823
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170823
AhnLab-V3 20170823
Alibaba 20170823
Bkav 20170823
ClamAV 20170823
CMC 20170823
Comodo 20170823
DrWeb 20170823
Endgame 20170821
F-Prot 20170823
Kingsoft 20170823
Malwarebytes 20170823
Microsoft 20170823
nProtect 20170823
Palo Alto Networks (Known Signatures) 20170823
Qihoo-360 20170823
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170823
Symantec Mobile Insight 20170823
TheHacker 20170821
TotalDefense 20170823
Trustlook 20170823
VBA32 20170823
ViRobot 20170823
Webroot 20170823
WhiteArmor 20170817
Zoner 20170823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-05 16:35:33
Entry Point 0x00001FFD
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetFileType
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:03:05 17:35:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
14.0

EntryPoint
0x1ffd

InitializedDataSize
144896

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 7a5d5b2b2dfa1edcbb80204c3a2c9786
SHA1 2a72357fea6b3903de87ce0113704c96bf244260
SHA256 aab71ef7bf13e4fe8613d4f1f9ae136cd7f03474c0e576f0de6f9fc4c15edd97
ssdeep
3072:+glWFxNR6BnoDecAgZ7GJWsTVcuVY/Vz1tZKCbnsKl0SkO6Mgbt:2FHuoDeKpwVY51twCbnsK796j

authentihash b98dc438a573afa07e9407fcc0faa5514aea51636c57b299f9fa04f2b818fbb7
imphash 63033a84fea47a4dd7ef3c109113e2db
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-05 16:46:44 UTC (7 ヶ月, 2 週間前)
Last submission 2017-03-05 21:30:44 UTC (7 ヶ月, 2 週間前)
ファイル名 TwoFace.exe
TwoFace.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。