× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00ce526880d70fa716aada36ac708a2db0516de6df56402e2a1d9f8fe8539bad
File name: 4c039b06c3496bc70df172ef65301a38.virus
Detection ratio: 33 / 62
Analysis date: 2017-04-16 17:36:52 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.231420 20170416
ALYac Gen:Variant.Zusy.231420 20170416
Antiy-AVL Trojan/MSIL.DOTHETUK 20170416
Arcabit Trojan.Zusy.D387FC 20170416
Avast MSIL:GenMalicious-BPD [Trj] 20170416
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20170414
BitDefender Gen:Variant.Zusy.231420 20170416
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Zusy.231420 (B) 20170416
Endgame malicious (high confidence) 20170413
ESET-NOD32 a variant of MSIL/Kryptik.AJE 20170416
F-Secure Gen:Variant.Zusy.231420 20170416
Fortinet MSIL/Generic.AP.1A27F0!tr 20170416
GData Gen:Variant.Zusy.231420 20170416
Ikarus Trojan.MSIL.Crypt 20170416
Sophos ML trojan.win32.skeeyah.a!rfn 20170413
K7AntiVirus Trojan ( 004b94571 ) 20170416
K7GW Trojan ( 004b94571 ) 20170416
Kaspersky Trojan.MSIL.DOTHETUK.drg 20170416
McAfee Generic.ayj 20170416
McAfee-GW-Edition Generic.ayj 20170416
Microsoft Backdoor:MSIL/Bladabindi 20170416
eScan Gen:Variant.Zusy.231420 20170416
NANO-Antivirus Trojan.Win32.Dwn.eegifa 20170416
Panda Trj/GdSda.A 20170416
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170416
Symantec Trojan.Gen.2 20170415
Tencent Win32.Trojan.Bp-autorun.Zclz 20170416
TrendMicro TROJ_GEN.R0C1C0DDA17 20170416
TrendMicro-HouseCall TROJ_GEN.R0C1C0DDA17 20170416
VIPRE Trojan.Win32.Generic!BT 20170416
ZoneAlarm by Check Point Trojan.MSIL.DOTHETUK.drg 20170416
AegisLab 20170414
AhnLab-V3 20170416
Alibaba 20170415
AVG 20170416
Avira (no cloud) 20170416
AVware 20170410
Bkav 20170415
CAT-QuickHeal 20170415
ClamAV 20170416
CMC 20170416
Comodo 20170416
Cyren 20170416
DrWeb 20170416
F-Prot 20170416
Jiangmin 20170416
Kingsoft 20170416
Malwarebytes 20170416
nProtect 20170416
Palo Alto Networks (Known Signatures) 20170416
Qihoo-360 20170416
Rising 20170416
SUPERAntiSpyware 20170416
Symantec Mobile Insight 20170414
TheHacker 20170416
TotalDefense 20170416
Trustlook 20170416
VBA32 20170414
ViRobot 20170416
Webroot 20170416
WhiteArmor 20170409
Yandex 20170414
Zillya 20170414
Zoner 20170416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2017

Product Windows04
Original name Windows04.exe
Internal name Windows04.exe
File version 1.0.0.0
Description Windows04
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-27 17:22:25
Entry Point 0x00039F7E
Number of sections 4
.NET details
Module Version ID fad88361-276b-4aee-ba3b-2292722395c8
TypeLib ID c7168c5c-9561-46c0-5dac-ef8a75b8557f
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
4096

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x39f7e

OriginalFileName
Windows04.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2017

FileVersion
1.0.0.0

TimeStamp
2017:03:27 18:22:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Windows04.exe

ProductVersion
1.0.0.0

FileDescription
Windows04

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
229376

ProductName
Windows04

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 4c039b06c3496bc70df172ef65301a38
SHA1 2a53f12b4908855c1bdeef36bf74c7d8048d2af9
SHA256 00ce526880d70fa716aada36ac708a2db0516de6df56402e2a1d9f8fe8539bad
ssdeep
3072:UbmVcYJHv+0ey5jycp2Po92OZ0TbnWfVWO:UKVBJHm0X5jycpco92OZ0gV

authentihash 698e288b88ece200dcf3d805a56497e299cadb3a2e5d252db9bf3464e5919c15
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 229.0 KB ( 234496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-04-16 17:36:52 UTC ( 1 year, 11 months ago )
Last submission 2017-04-16 17:36:52 UTC ( 1 year, 11 months ago )
File names Windows04.exe
4c039b06c3496bc70df172ef65301a38.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!