× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: 767b877e735c425bf05c34683356abfde4070b092f17a4741ea5ac490611f3de
ფაილის სახელი: cmdow.exe
დაფიქსირების შეფარდება: 17 / 67
ანალიზის თარიღი: 2017-11-30 12:13:21 UTC ( 2 კვირა, 2 დღე-ის წინ )
ანტივირუსი შედეგები განახლება
Antiy-AVL Trojan/Win32.BTSGeneric 20171130
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20171130
CAT-QuickHeal Trojan.AgentCS.S29823 20171129
Cylance Unsafe 20171130
Cyren W32/Trojan.SYGE-6877 20171130
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20171130
K7AntiVirus Unwanted-Program ( 004c40221 ) 20171130
K7GW Unwanted-Program ( 004c40221 ) 20171130
Kaspersky not-a-virus:RiskTool.Win32.Cmdow.a 20171130
MAX malware (ai score=99) 20171130
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20171130
Symantec SecurityRisk.Cmdow 20171130
Tencent Win32.Trojan.Gen.Qaql 20171130
VIPRE SecurityRisk.Cmdow (not malicious) 20171130
Webroot W32.Trojan.GenKD 20171130
Yandex Riskware.Agent! 20171120
ZoneAlarm by Check Point not-a-virus:RiskTool.Win32.Cmdow.a 20171130
Ad-Aware 20171130
AegisLab 20171130
AhnLab-V3 20171130
Alibaba 20171130
ALYac 20171129
Arcabit 20171130
Avast 20171130
Avast-Mobile 20171130
AVG 20171130
Avira (no cloud) 20171130
AVware 20171130
BitDefender 20171130
Bkav 20171129
ClamAV 20171130
CMC 20171126
Comodo 20171130
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
DrWeb 20171130
eGambit 20171130
Emsisoft 20171130
Endgame 20171024
F-Prot 20171130
F-Secure 20171130
Fortinet 20171130
GData 20171130
Ikarus 20171130
Sophos ML 20170914
Jiangmin 20171130
Kingsoft 20171130
Malwarebytes 20171130
McAfee 20171130
McAfee-GW-Edition 20171129
Microsoft 20171130
eScan 20171130
nProtect 20171130
Palo Alto Networks (Known Signatures) 20171130
Panda 20171129
Qihoo-360 20171130
Rising 20171130
SentinelOne (Static ML) 20171113
Sophos AV 20171130
SUPERAntiSpyware 20171130
Symantec Mobile Insight 20171130
TheHacker 20171126
TrendMicro 20171130
TrendMicro-HouseCall 20171130
Trustlook 20171130
VBA32 20171130
ViRobot 20171130
WhiteArmor 20171104
Zillya 20171129
Zoner 20171130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-30 11:08:55
Entry Point 0x00001280
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
GetStdHandle
EnterCriticalSection
ReleaseMutex
lstrcatA
lstrlenA
lstrcmpiA
WaitForSingleObject
HeapAlloc
GetThreadLocale
TlsAlloc
VirtualProtect
VirtualQuery
DeleteCriticalSection
GetAtomNameA
AddAtomA
OpenProcess
TlsGetValue
GetCommandLineA
GetProcAddress
GetProcessHeap
LeaveCriticalSection
CreateMutexA
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
TerminateProcess
CreateProcessA
ReleaseSemaphore
InitializeCriticalSection
lstrcpyA
GetConsoleWindow
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
CompareStringA
ShellExecuteA
GetForegroundWindow
GetParent
EnumWindows
ShowWindowAsync
FindWindowA
SetWindowPos
GetWindowThreadProcessId
IsWindow
GetWindowRect
EnableWindow
PostMessageA
MoveWindow
EnumChildWindows
GetWindow
SystemParametersInfoA
SetWindowTextA
wsprintfA
GetWindowTextA
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
GetDesktopWindow
GetClassNameA
SetForegroundWindow
__p__fmode
malloc
__p__environ
realloc
atexit
abort
_setmode
strtoul
printf
_cexit
fputc
puts
fwrite
_onexit
fputs
sprintf
memcmp
_isctype
_pctype
free
atoi
vfprintf
atol
__getmainargs
calloc
_write
memcpy
strstr
_ltoa
strcmp
__mb_cur_max
__set_app_type
signal
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:30 12:08:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
58880

LinkerVersion
2.22

FileTypeExtension
exe

InitializedDataSize
87552

SubsystemVersion
4.0

EntryPoint
0x1280

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
19968

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 ddd12566b99343b96609afa2524ecec3
SHA1 8fef2c2bc87ef7d135296fdb4cf9ecd9c0322d55
SHA256 767b877e735c425bf05c34683356abfde4070b092f17a4741ea5ac490611f3de
ssdeep
1536:ufVX5SG8cD++OTJ5enxjSiXkSxf5DqWtp0XU1jDBBrjK8o3agdbx583+fs7k+nUI:O5SG7S6/7k+nUwoL1xii2l8NXQUQUlC

authentihash 40cf9e20a70e31f22a5c0b92a3c58fbafceb662dd8762b477f0817915ba05d0a
imphash f7e72b9588bb734ca1a3c1f07de82baa
File size 86.5 კბ ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-01-12 22:53:44 UTC ( 2 წელი, 11 თვე-ის წინ )
Last submission 2017-11-30 12:13:21 UTC ( 2 კვირა, 2 დღე-ის წინ )
ფაილის სახელები fc202c64-4868-89c1-515e-314e95238b53_1d25d2b4b2e5156
wj1s2byz.tbr
a79be139-5c35-4d18-cb9a-45adaed8f648_1d223ef3fbd8050
cmdow.exe
b19c1a5d-ae6f-05de-b260-94473a159fa6_1d1be5c7bba31b0
cmdow.exe"; filename*=utf-8' 'cmdow.exe
cmdow.exe
or3w3hdx.dr5
3343ac01-6ef5-6254-5a77-5aa75f6a8730_1d1e806341b6140
cmdow.exe
28f100fd-84bb-e42a-b15b-e56440bcb910_1d289f5627799f2
zb3pq23w
CMDOW.EXE
cmdow (1).exe
cmdow.exe
99bab61a-7118-c512-1195-f143b0610cd9_1d1c1ad5788e5f3
cmdow.exe
283d7dd3-e0b6-6f00-da56-35d3f13d83d5_1d25ba91af580ff
biteffc.tmp
cmdow.exe
yhqrxuzd.a3m
8c6b.tmp
cg300i3e.14m
filename
cmdow.exe.quarantine
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08OC0OHV15.

Symantec reputation Suspicious.Insight
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.