Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
Caso: Troyano Policía Federal
→ Análisis detallado de ejecutable
SHA256:
ef6980603136ffa42aebd6b9bfa864fe5223fa09c505bd80b386ee25 3a979aa7
SHA1:
b2b603da28b8c4f7ecac7a4e3c128445f52de44c
MD5:
1c6d8a7bdefb2f70231a828ca1daf719
File size:
177.5 KB ( 181760 bytes )
File name:
123.exe
File type:
Win32 EXE
Detection ratio:
7 / 40
→ Detección de troyano por diferentes Suites de Antivirus
Antivirus
Result
Update
AhnLab-V3
-
20110621
AntiVir
-
20110621
Antiy-AVL
-
20110621
Avast
-
20110620
Avast5
-
20110620
AVG
SHeur3.CFPU
20110620
BitDefender
-
20110621
Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx
Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
Antivirus
Result
Update
CAT-QuickHeal
-
20110621
ClamAV
-
20110621
Comodo
Heur.Suspicious
20110621
DrWeb
-
20110621
eSafe
-
20110619
eTrust-Vet
-
20110620
F-Prot
-
20110621
Fortinet
-
20110621
GData
-
20110621
Ikarus
-
20110621
Jiangmin
-
20110620
K7AntiVirus
-
20110620
Kaspersky
Trojan-Ransom.Win32.Chameleon.mw 20110621
McAfee
-
20110621
McAfee-GW-Edition
-
20110620
Microsoft
-
20110613
NOD32
a variant of Win32/Kryptik.PGF
20110621
Norman
-
20110620
nProtect
-
20110621
Panda
Trj/CI.A
20110620
PCTools
-
20110620
Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx
Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
Antivirus
Result
Update
Prevx
-
20110621
Rising
-
20110620
Sophos
Mal/Generic-L
20110621
SUPERAntiSpyware
Trojan.Agent/Gen-Falprod
20110621
Symantec
-
20110621
TheHacker
-
20110620
TrendMicro
-
20110621
TrendMicro-HouseCall -
20110621
VBA32
-
20110621
VIPRE
-
20110621
ViRobot
-
20110621
VirusBuster
-
20110620
Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx
Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
ssdeep 3072:pMIh6Eu+LSTBHyz68HNah3KQbruhFSU+ag9BdUkqaORiQ/x/5tJ4jjyB/v7:pMR+yHyz68tapx uhFS6g9vUl/Ri4nAjq TrID Win64 Executable Generic (80.9%) Win32 Executable Generic (8.0%) Win32 Dynamic Link Library (generic) (7.1%) Generic Win/DOS Executable (1.8%) DOS Executable Generic (1.8%)
Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx
Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
ExifTool SubsystemVersion.........: 5.1 InitializedDataSize......: 595456 ImageVersion.............: 0.0 ProductName..............: Gje9w8 FileVersionNumber........: 2.0.9.1 UninitializedDataSize....: 0 LanguageCode.............: Unknown (0003) FileFlagsMask............: 0x003f CharacterSet.............: Unicode LinkerVersion............: 10.0 FileOS...................: Windows NT 32-bit MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 2.0.9.1 TimeStamp................: 2011:06:19 09:58:41+01:00 FileType.................: Win32 EXE PEType...................: PE32 InternalName.............: Hgpas.exe ProductVersion...........: 2.0.9.1 FileDescription..........: Hwioe OSVersion................: 5.1 OriginalFilename.........: ashdn.exe LegalCopyright...........: (c) 2011 Avira MachineType..............: Intel 386 or later, and compatibles CompanyName..............: BitDefender CodeSize.................: 102400 FileSubtype..............: 0 ProductVersionNumber.....: 2.0.9.1 EntryPoint...............: 0x1a000 ObjectFileType...........: Executable application
Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx
Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
Sigcheck publisher................: BitDefender product..................: Gje9w8 internal name............: Hgpas.exe copyright................: (c) 2011 Avira original name............: ashdn.exe file version.............: 2.0.9.1 description..............: Hwioe Portable Executable structural information PE Sections...................: Name .text .cs .rdata .data .rsrc .reloc
Virtual Address Virtual Size Raw Size Entropy MD5 4096 101584 101888 6.33 7215422c3df4f440cffe611ee77f6452 106496 157 512 2.20 b7ea74af7d0c057aa1b822ba02ffaf47 110592 52356 52736 6.39 cd881b8f48b817ae5be20b4a6263b5e0 163840 538924 22016 6.61 5f994e780584f2a766593731b5a453bd 704512 2024 2048 4.66 a1fe40abd1c99b9d4fdc54f43aebf613 708608 1308 1536 0.99 22057c9216d4498dc7fe8775771e8d08
PE Imports....................: [[KERNEL32.dll]] InterlockedExchangeAdd, IsDBCSLeadByteEx, ConvertDefaultLocale, BeginUpdateResourceA, OpenMutexW, SetFileApisToOEM, GetVersion, ReadConsoleOutputA, GetCurrentProcess, EscapeCommFunction, CreateWaitableTimerA, EraseTape, SetLocalTime, GetThreadLocale, GetComputerNameW, GetConsoleCursorInfo, SetThreadContext, GetProcessShutdownParameters, HeapAlloc, HeapDestroy, HeapCreate, GetModuleHandleA, ReleaseMutex, GlobalFindAtomA, HeapFree [[msvcrt.dll]] _except_handler3 [[USER32.dll]] LoadCursorA [[COMCTL32.dll]] Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx
Fiscalía General del Estado Centro Estatal de Estadística Criminal Información Delictiva Procesal
First seen by VirusTotal 2011-06-20 11:26:51 UTC ( 1 year, 8 months ago ) Last seen by VirusTotal 2012-01-17 15:08:15 UTC ( 1 year ago ) File names (max. 25) 1. Spanish.ex_ 2. 0.9433782178881365.exe 3. 0.6062516903019214.exe.OLD 4. 123.exe
Km. 3.5 Carrt. Cd. Aldama Tel. 429-7300 Ext. 10035 C.P. 31313 Chihuahua, Chih. www.chihuahua.gob.mx http://fiscalia.chihuahua.gob.mx