× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a37d6acb46c4cfaeb46b8c4092075a9971bbffe57ac50258e4f2f1e76c8cc9c
File name: malware_dump.ex_
Detection ratio: 17 / 57
Analysis date: 2015-02-21 20:19:53 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20150221
Avast Win32:PUP-gen [PUP] 20150221
AVG ILCrypt 20150221
Avira (no cloud) TR/Ransom.243715 20150221
ClamAV WIN.Spy.Agent-11 20150221
Comodo Heur.Corrupt.PE 20150221
DrWeb Trojan.PWS.Stealer.13025 20150221
ESET-NOD32 a variant of MSIL/PSW.Agent.NEX 20150221
Ikarus Trojan-Spy.MSIL.Golroted 20150221
Jiangmin Monitor.MSIL.l 20150221
Kaspersky not-a-virus:PSWTool.Win32.NetPass.cwx 20150221
Microsoft TrojanSpy:MSIL/Golroted.B 20150221
NANO-Antivirus Trojan.Win32.Ool.dfeejo 20150221
Norman Heuristic_Anomaly.A 20150221
Rising PE:Trojan.MSIL.KeyLogger!1.647D 20150221
TheHacker W32/Behav-Heuristic-CorruptFile-EP 20150219
VBA32 Trojan.MSIL.Inject 20150220
Ad-Aware 20150221
AegisLab 20150221
Yandex 20150221
Alibaba 20150219
ALYac 20150221
Antiy-AVL 20150221
AVware 20150221
Baidu-International 20150221
BitDefender 20150221
Bkav 20150213
ByteHero 20150221
CAT-QuickHeal 20150221
CMC 20150214
Cyren 20150221
Emsisoft 20150221
F-Prot 20150221
F-Secure 20150221
Fortinet 20150221
GData 20150221
K7AntiVirus 20150221
K7GW 20150221
Kingsoft 20150221
Malwarebytes 20150221
McAfee 20150221
McAfee-GW-Edition 20150221
eScan 20150221
nProtect 20150218
Panda 20150221
Qihoo-360 20150221
Sophos AV 20150221
SUPERAntiSpyware 20150221
Symantec 20150221
Tencent 20150221
TotalDefense 20150221
TrendMicro 20150221
TrendMicro-HouseCall 20150221
VIPRE 20150221
ViRobot 20150221
Zillya 20150221
Zoner 20150220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product Debugger
Original name Debugger.exe
Internal name Debugger.exe
File version 1.0.0.0
Description Debugger
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-05 17:19:28
Entry Point 0x70267CEF
Number of sections 3
.NET details
Module Version ID fe1b95b1-c9f2-45a5-9899-c0ddeb1bcffd
TypeLib ID 8fcd4931-91a2-4e18-849b-70de34ab75df
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3584

EntryPoint
0x70267cef

OriginalFileName
Debugger.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1.0.0.0

TimeStamp
2015:02:05 18:19:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Debugger.exe

ProductVersion
1.0.0.0

FileDescription
Debugger

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
954880

ProductName
Debugger

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 3cee56f0872a5ffce091ff09b5832341
SHA1 8668b616e98d0631e1a829974c12870ec9396fbf
SHA256 2a37d6acb46c4cfaeb46b8c4092075a9971bbffe57ac50258e4f2f1e76c8cc9c
ssdeep
24576:HjBDADM0G/FaSbkNxDGG5mOjZGo+5QzCJoEoTn/vbhJ:H1Dn/Fgxf1GroDXb

authentihash 267b6b1b1401b389c2232de19fc41d363edae2075e3e9d176a2463c1eec22732
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 960.0 KB ( 983040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (35.6%)
InstallShield setup (20.9%)
Win32 Executable MS Visual C++ (generic) (15.1%)
Win64 Executable (generic) (13.4%)
Windows screen saver (6.3%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-02-21 20:19:53 UTC ( 3 years, 8 months ago )
Last submission 2015-02-21 20:19:53 UTC ( 3 years, 8 months ago )
File names malware_dump.ex_
Debugger.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!