× Cookies er deaktivert! Denne siden krever at cookies er aktivert for å fungere optimalt.
SHA256: 0624ed0bad3edf8308004b323d6f3cfd70751395dc93bd1108f7a6df87223102
Filnavn: TwoFace.exe
Deteksjonsrate: 8 / 58
Analysedato: 2017-03-05 16:47:18 UTC ( 9 måneder, 1 uke siden ) Se siste
Antivirus Resultat Oppdatér
AVG Linux/ShellCode.AA 20170305
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9600 20170303
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170222
Sophos ML trojanspy.win32.skeeyah.a!rfn 20170203
Kaspersky HEUR:Trojan.Win32.Generic 20170305
Microsoft Trojan:Win32/Swrort.A 20170305
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170305
Ad-Aware 20170305
AegisLab 20170305
AhnLab-V3 20170305
Alibaba 20170228
ALYac 20170305
Antiy-AVL 20170305
Arcabit 20170305
Avast 20170305
Avira (no cloud) 20170305
AVware 20170305
BitDefender 20170305
Bkav 20170303
CAT-QuickHeal 20170304
ClamAV 20170305
CMC 20170305
Comodo 20170305
Cyren 20170305
DrWeb 20170305
Emsisoft 20170305
ESET-NOD32 20170305
F-Prot 20170305
F-Secure 20170305
Fortinet 20170305
GData 20170305
Ikarus 20170305
Jiangmin 20170301
K7AntiVirus 20170305
K7GW 20170305
Kingsoft 20170305
Malwarebytes 20170305
McAfee 20170305
McAfee-GW-Edition 20170305
eScan 20170305
NANO-Antivirus 20170305
nProtect 20170305
Panda 20170305
Rising 20170305
Sophos AV 20170305
SUPERAntiSpyware 20170305
Symantec 20170304
Tencent 20170305
TheHacker 20170305
TrendMicro 20170305
TrendMicro-HouseCall 20170305
Trustlook 20170305
VBA32 20170303
VIPRE 20170305
ViRobot 20170305
Webroot 20170305
WhiteArmor 20170303
Yandex 20170225
Zillya 20170304
Zoner 20170305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-05 16:35:33
Entry Point 0x00001FFD
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetFileType
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:03:05 17:35:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
14.0

EntryPoint
0x1ffd

InitializedDataSize
144896

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 eb7e6a7599d29d5c7c3af82b809b6043
SHA1 88aa13b6d9bfa77b1224d4f8b98040e50ed56982
SHA256 0624ed0bad3edf8308004b323d6f3cfd70751395dc93bd1108f7a6df87223102
ssdeep
3072:+glWFxNR6BnoDecAgZ7GJWsTVcuVY/VzVtZKCbnsKl0SkO6Mgbt:2FHuoDeKpwVY5VtwCbnsK796j

authentihash 646bbf6f7b1f04126aee9a6a5d66ace380be4d87b882725856f4531bfd230f03
imphash 63033a84fea47a4dd7ef3c109113e2db
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-05 16:47:18 UTC ( 9 måneder, 1 uke siden )
Last submission 2017-08-24 22:50:38 UTC ( 3 måneder, 2 uker siden )
Filnavn TwoFace.exe
TwoFace.exe
Ingen kommentarer. Ingen av VirusTotals medlemmer har kommentert denne enheten, bli den første til å gjøre det!

Skriv en kommentar...

?
Send kommentar

Du har ikke logget inn. Bare registrerte brukere kan skrive kommentarer. Logg inn og bli hørt!

Ingen stemmer. Ingen har stemt på denne ennå, bli den første til å gjøre det!