× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00a279110fd96fce66fc2109517c6aa786cbd42a51c38031f317e55edd2dac2c
File name: help.pdf.exe.bin
Detection ratio: 12 / 62
Analysis date: 2017-03-28 14:19:41 UTC ( 2 years ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.nbrdn 20170328
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170328
Bkav HW32.Packed.3145 20170328
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170317
Sophos ML ransom.win32.tescrypt.a 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170328
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170328
SentinelOne (Static ML) static engine - malicious 20170315
Symantec ML.Attribute.HighConfidence 20170328
Webroot W32.Trojan.Gen 20170328
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170328
Ad-Aware 20170328
AegisLab 20170328
AhnLab-V3 20170328
Alibaba 20170328
ALYac 20170328
Antiy-AVL 20170328
Arcabit 20170328
Avast 20170328
AVG 20170328
AVware 20170328
BitDefender 20170328
CAT-QuickHeal 20170327
ClamAV 20170328
CMC 20170328
Comodo 20170328
Cyren 20170328
DrWeb 20170328
Emsisoft 20170328
ESET-NOD32 20170328
F-Prot 20170328
F-Secure 20170328
Fortinet 20170328
GData 20170328
Ikarus 20170328
Jiangmin 20170328
K7AntiVirus 20170328
K7GW 20170328
Kingsoft 20170328
Malwarebytes 20170328
McAfee 20170328
McAfee-GW-Edition 20170328
Microsoft 20170328
eScan 20170328
NANO-Antivirus 20170328
nProtect 20170328
Palo Alto Networks (Known Signatures) 20170328
Panda 20170328
Rising 20170328
Sophos AV 20170328
SUPERAntiSpyware 20170328
Symantec Mobile Insight 20170328
Tencent 20170328
TheHacker 20170327
TotalDefense 20170328
TrendMicro 20170328
TrendMicro-HouseCall 20170328
Trustlook 20170328
VBA32 20170328
VIPRE 20170328
ViRobot 20170328
WhiteArmor 20170327
Yandex 20170327
Zillya 20170328
Zoner 20170328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Licrosolt Corporation. All rights reserved.

Product Licrosolt® Mindoms
Original name mono.dll
Internal name mono.dll
File version 6.5.9600.17415 (winblue_r4.141028-1500)
Description Mult1med1a Realt1me Runt1me
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-27 14:06:10
Entry Point 0x000019D0
Number of sections 9
PE sections
PE imports
ImmEscapeW
ImmDestroyContext
GetUserDefaultUILanguage
DeviceIoControl
GetProcessIoCounters
GetDiskFreeSpaceExA
InterlockedExchangeAdd
GetUserDefaultLangID
GetSystemRegistryQuota
GlobalAddAtomA
GetSystemDefaultLCID
CopyFileA
Sleep
EnumTimeFormatsA
FreeConsole
CompareStringOrdinal
LoadLibraryA
GetProcAddress
DsMakeSpnW
SetupOpenFileQueue
SHCreateProcessAsUserW
FindExecutableW
wnsprintfA
IsWindowEnabled
GetSystemMetrics
perror
fopen
wcstol
FreePropVariantArray
UrlMkSetSessionOption
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Mult1med1a Realt1me Runt1me

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
176128

EntryPoint
0x19d0

OriginalFileName
mono.dll

MIMEType
application/octet-stream

LegalCopyright
Licrosolt Corporation. All rights reserved.

FileVersion
6.5.9600.17415 (winblue_r4.141028-1500)

TimeStamp
2017:03:27 16:06:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
mono.dll

ProductVersion
6.5.9600.17415

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Licrosolt Corporation

CodeSize
16384

ProductName
Licrosolt Mindoms

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a459ce7a0dcae58ac235b0444b89ada5
SHA1 1e410e16b49a378c373743f84ea743b8988fe949
SHA256 00a279110fd96fce66fc2109517c6aa786cbd42a51c38031f317e55edd2dac2c
ssdeep
3072:AmnfZ75gB+6o+J2WcjPFbtB5OrsRzUMlnyrF1gsIAn2vT:A8jt2cWgthDOrazUWyrvIAi

authentihash ab8753500f3b877857dc5c88a5d1da7b982b7af76395ca18c54650f99ed2769b
imphash 98cf7433e0a60b12d744ec8a602d499f
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-28 14:19:41 UTC ( 2 years ago )
Last submission 2019-03-16 13:04:37 UTC ( 1 month, 1 week ago )
File names 00a279110fd96fce66fc2109517c6aa786cbd42a51c38031f317e55edd2dac2c.exe
help.pdf.exe.bin
mono.dll
a459ce7a0dcae58ac235b0444b89ada5.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!