× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 62767ffbeb2113aee189c7421b3ad808f6bab88eca9653f6b0fd56cdb321839d
Имя файла: pss7_v1.83.exe
Показатель выявления: 3 / 52
Дата анализа: 2016-07-06 11:08:00 UTC (1 год, 5 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
DrWeb Trojan.DownLoader11.18272 20160706
McAfee-GW-Edition BehavesLike.Win32.Adware.gc 20160706
Qihoo-360 HEUR/QVM41.2.0000.Malware.Gen 20160706
Ad-Aware 20160706
AegisLab 20160706
AhnLab-V3 20160705
Alibaba 20160706
ALYac 20160706
Antiy-AVL 20160706
Arcabit 20160706
Avast 20160706
AVG 20160705
AVware 20160706
Baidu 20160706
BitDefender 20160706
Bkav 20160705
CAT-QuickHeal 20160705
ClamAV 20160706
CMC 20160704
Comodo 20160705
Cyren 20160706
Emsisoft 20160704
ESET-NOD32 20160706
F-Prot 20160706
F-Secure 20160706
Fortinet 20160706
GData 20160706
Ikarus 20160706
Jiangmin 20160706
K7AntiVirus 20160706
K7GW 20160706
Kaspersky 20160706
Kingsoft 20160706
Malwarebytes 20160706
McAfee 20160706
Microsoft 20160706
eScan 20160706
NANO-Antivirus 20160706
nProtect 20160706
Panda 20160705
Sophos AV 20160706
SUPERAntiSpyware 20160706
Symantec 20160706
Tencent 20160706
TheHacker 20160705
TrendMicro 20160706
TrendMicro-HouseCall 20160706
VBA32 20160706
VIPRE 20160706
ViRobot 20160706
Zillya 20160706
Zoner 20160706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © user 2012

Product WindowsFormsApplication2
Original name pas_step7.exe
Internal name pas_step7.exe
File version 1.0.0.0
Description WindowsFormsApplication2
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-18 18:54:06
Entry Point 0x000148D4
Number of sections 5
PE sections
Overlays
MD5 d0dcfbc90747d7047ee613448589ab70
File type data
Offset 140800
Size 341947
Entropy 8.00
PE imports
GetStdHandle
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
GetCPInfo
GetStringTypeA
GetTempPathW
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
RemoveDirectoryW
FindNextFileW
ResetEvent
FindNextFileA
WaitForMultipleObjects
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
FindFirstFileA
GetACP
GetVersion
CreateProcessA
WideCharToMultiByte
HeapCreate
WriteFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
VariantClear
SysAllocString
ShellExecuteExA
GetWindowLongA
SetTimer
MessageBoxW
LoadIconA
LoadStringA
SetWindowTextA
EndDialog
PostMessageA
CharUpperW
DialogBoxParamW
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
SetWindowLongA
KillTimer
DialogBoxParamA
ShowWindow
CharUpperA
DestroyWindow
Number of PE resources by type
RT_STRING 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
46080

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x148d4

OriginalFileName
pas_step7.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright user 2012

FileVersion
1.0.0.0

TimeStamp
2011:04:18 19:54:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pas_step7.exe

ProductVersion
1.0.0.0

FileDescription
WindowsFormsApplication2

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
user

CodeSize
104448

ProductName
WindowsFormsApplication2

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 a29b94bee9629453a3a673e751e3a001
SHA1 27b879fc325ebb6a2d40ce3653157b32502ab4f9
SHA256 62767ffbeb2113aee189c7421b3ad808f6bab88eca9653f6b0fd56cdb321839d
ssdeep
12288:JG5knZfFKe8G5QTf6lCOLArfeQU22BPG/kY0BjI:JG50ZfFKfGhAkeWQ32BPTBjI

authentihash 51305c837374a882173baee5bc6e60b6a099ea8a58aa3218128628a038996dd6
imphash e00de6e48b9b06aceb12a81e7bf494c9
Размер файла 471.4 KБ ( 482747 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-07-06 07:31:57 UTC (1 год, 5 месяцев назад)
Last submission 2017-06-18 09:58:12 UTC (5 месяцев, 4 недель назад)
Имена файлов pss7.exe
pss7_v1.83.exe
pas_step7.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
UDP communications