× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: a1bac61236353de820ae3ad22633d74d3051679af7dfe75670db2048e9684433
파일 이름: KCleaner.exe
탐지 비율: 1 / 63
분석 날짜: 2017-08-05 09:04:10 UTC ( 3개월, 3주 전 ) 최신 보기
안티바이러스 결과 업데이트
McAfee-GW-Edition BehavesLike.Win32.DlHelper.tc 20170805
Ad-Aware 20170805
AegisLab 20170805
AhnLab-V3 20170804
Alibaba 20170804
ALYac 20170805
Antiy-AVL 20170805
Arcabit 20170805
Avast 20170805
AVG 20170805
Avira (no cloud) 20170805
AVware 20170805
Baidu 20170804
BitDefender 20170805
Bkav 20170805
CAT-QuickHeal 20170805
ClamAV 20170805
CMC 20170805
Comodo 20170805
CrowdStrike Falcon (ML) 20170710
Cylance 20170805
Cyren 20170805
DrWeb 20170805
Emsisoft 20170805
Endgame 20170721
ESET-NOD32 20170805
F-Prot 20170805
F-Secure 20170805
Fortinet 20170805
GData 20170805
Ikarus 20170805
Sophos ML 20170607
Jiangmin 20170805
K7AntiVirus 20170804
K7GW 20170805
Kaspersky 20170805
Kingsoft 20170805
Malwarebytes 20170805
MAX 20170805
McAfee 20170804
Microsoft 20170805
eScan 20170805
NANO-Antivirus 20170805
nProtect 20170805
Palo Alto Networks (Known Signatures) 20170805
Panda 20170805
Qihoo-360 20170805
Rising 20170805
SentinelOne (Static ML) 20170718
Sophos AV 20170805
SUPERAntiSpyware 20170805
Symantec 20170804
Symantec Mobile Insight 20170804
Tencent 20170805
TheHacker 20170804
TrendMicro-HouseCall 20170805
Trustlook 20170805
VBA32 20170803
VIPRE 20170805
ViRobot 20170805
Webroot 20170805
WhiteArmor 20170731
Yandex 20170801
Zillya 20170804
ZoneAlarm by Check Point 20170805
Zoner 20170805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Kilho.net

Product KCleaner
File version 3.0.0.0
Description KCleaner
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-02 19:08:17
Entry Point 0x004BD590
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegSaveKeyW
ImageList_Add
NetWkstaGetInfo
IsEqualGUID
VariantCopy
ShellExecuteW
VerQueryValueW
WinHttpOpen
OpenPrinterW
Number of PE resources by type
RT_STRING 45
RT_RCDATA 34
RT_GROUP_CURSOR 10
RT_BITMAP 10
RT_CURSOR 10
UNICODEDATA 6
RT_ICON 5
RT_MANIFEST 1
VCLSTYLE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 62
ENGLISH US 62
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.0.0

UninitializedDataSize
3710976

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
126976

EntryPoint
0x4bd590

MIMEType
application/octet-stream

LegalCopyright
Kilho.net

FileVersion
3.0.0.0

TimeStamp
2017:08:02 20:08:17+01:00

FileType
Win32 EXE

PEType
PE32

ProgramID
net.kilho.KCleaner

ProductVersion
1.0.0.0

FileDescription
KCleaner

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1257472

ProductName
KCleaner

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5cddde95c2a1554ae69d64116a29d5f0
SHA1 a6511dbfd976ec9f0ea57760672d881f5baabfa2
SHA256 a1bac61236353de820ae3ad22633d74d3051679af7dfe75670db2048e9684433
ssdeep
24576:mUFmvrOqfQTiJCautUJD0asO/QQIhRj55K+0SPHgWJt8Ql+kM+MPOlgG7NLJNokA:h06GCH2D0vyQQajLsEVTV/MHGHJ

authentihash 79ae117b6691ced12d0619a41e68af88425ca7cae6f9d67a52492d6d4e6edffa
imphash f72f46d5936cf06e7722fc879cc8b297
File size 1.3 MB ( 1381888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.3%)
Win32 Executable (generic) (7.0%)
Win16/32 Executable Delphi generic (3.2%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-08-05 09:04:10 UTC ( 3개월, 3주 전 )
Last submission 2017-08-05 09:04:10 UTC ( 3개월, 3주 전 )
파일 이름 KCleaner.exe
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
UDP communications