× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: abacc15220b25d00e9905970adcbc5f29e0c754f9b88aa6d33561b75587ceca1
Nome do arquivo: iKaros Application.exe
Taxa de detecção: 5 / 63
Data da análise: 2017-08-20 22:23:34 UTC ( 2 meses atrás )
Antivírus Resultado Atualização
AegisLab Uds.Dangerousobject.Multi!c 20170820
CAT-QuickHeal Udsdangerousobject.Multi 20170819
Kaspersky UDS:DangerousObject.Multi.Generic 20170820
TrendMicro-HouseCall Suspicious_GEN.F47V0501 20170820
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170820
Ad-Aware 20170820
AhnLab-V3 20170820
Alibaba 20170818
ALYac 20170820
Antiy-AVL 20170820
Arcabit 20170820
Avast 20170820
AVG 20170820
Avira (no cloud) 20170820
AVware 20170820
Baidu 20170817
BitDefender 20170820
ClamAV 20170820
CMC 20170820
Comodo 20170820
CrowdStrike Falcon (ML) 20170804
Cylance 20170820
Cyren 20170820
DrWeb 20170820
Emsisoft 20170820
Endgame 20170721
ESET-NOD32 20170820
F-Prot 20170820
F-Secure 20170820
Fortinet 20170820
GData 20170820
Ikarus 20170820
Sophos ML 20170818
Jiangmin 20170820
K7AntiVirus 20170820
K7GW 20170817
Kingsoft 20170820
Malwarebytes 20170820
MAX 20170820
McAfee 20170820
McAfee-GW-Edition 20170820
Microsoft 20170820
eScan 20170820
NANO-Antivirus 20170820
nProtect 20170819
Palo Alto Networks (Known Signatures) 20170820
Panda 20170820
Qihoo-360 20170820
SentinelOne (Static ML) 20170806
Sophos AV 20170820
SUPERAntiSpyware 20170820
Symantec 20170820
Symantec Mobile Insight 20170818
Tencent 20170820
TheHacker 20170817
TotalDefense 20170820
TrendMicro 20170820
Trustlook 20170820
VBA32 20170818
VIPRE 20170820
ViRobot 20170820
Webroot 20170820
WhiteArmor 20170817
Yandex 20170818
Zillya 20170819
Zoner 20170820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:03:36
Entry Point 0x00003217
Number of sections 5
PE sections
Overlays
MD5 201303f7fd2c328a96f6d53be0a86509
File type data
Offset 49152
Size 1282039
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:11 21:03:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
117760

SubsystemVersion
4.0

EntryPoint
0x3217

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 3bcd0b40c3ff8d2bad97c47561c2e6e4
SHA1 ffe19e51f7941971e86bdd7ffd59cefdfd2b493c
SHA256 abacc15220b25d00e9905970adcbc5f29e0c754f9b88aa6d33561b75587ceca1
ssdeep
24576:AJpPFgNC9XiaFQchyXwa9gk56cII+08rh9O3WFwF0lpF0wlK:sngNCgUlBk56VI+0+9Omwyn6

authentihash 045ef2a132d39b85cc070ac3899e07860d2fcbcde2cb7f3c33bcceb1c58adc8a
imphash 59a4a44a250c4cf4f2d9de2b3fe5d95f
File size 1.3 MB ( 1331191 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.9%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-04-30 21:02:03 UTC ( 5 meses, 3 semanas atrás )
Last submission 2017-07-27 19:53:17 UTC ( 2 meses, 4 semanas atrás )
Nomes do arquivo YaTQA-Setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
iKaros Application.exe
yatqa-setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
YaTQA-Setup_[3.7.2].exe
yatqa-setup_3.7.2.exe
YaTQA-Setup_3.7.2.exe
Behaviour characterization
Zemana
dll-injection

Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications