× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989
File name: abd1a274.gxe
Detection ratio: 25 / 70
Analysis date: 2018-12-19 12:25:14 UTC ( 5 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
AegisLab Trojan.Win32.Generic.4!c 20181219
Avast Win32:Malware-gen 20181219
AVG FileRepMetagen [Malware] 20181219
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.38f33a 20180225
eGambit PE.Heur.InvalidSig 20181219
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Spy.Agent.AES 20181219
GData Win32.Trojan-Ransom.GandCrab.D3QICN 20181219
Ikarus Win32.Outbreak 20181219
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181219
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20181219
MAX malware (ai score=100) 20181219
McAfee Artemis!ABD1A27434E9 20181219
McAfee-GW-Edition Artemis!Trojan 20181219
Microsoft Trojan:Win32/Fuerboos.A!cl 20181218
Palo Alto Networks (Known Signatures) generic.ml 20181219
Rising Spyware.Agent!8.C6 (CLOUD) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181212
Symantec ML.Attribute.HighConfidence 20181219
Trapmine malicious.high.ml.score 20181205
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181219
Ad-Aware 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181219
Arcabit 20181219
Avast-Mobile 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
Bkav 20181217
CAT-QuickHeal 20181218
ClamAV 20181219
CMC 20181218
Comodo 20181219
Cyren 20181219
DrWeb 20181219
Emsisoft 20181219
F-Prot 20181219
F-Secure 20181219
Fortinet 20181219
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kingsoft 20181219
eScan 20181219
NANO-Antivirus 20181219
Panda 20181219
Qihoo-360 20181219
Sophos AV 20181219
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
VBA32 20181219
VIPRE 20181218
ViRobot 20181219
Webroot 20181219
Yandex 20181219
Zillya 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 Avnet, Inc.

Product Active Directory security and Group Policy Management
Original name r2.exe
Internal name r2.exe
File version 8.11.11.2
Description Active Directory security and Group Policy Management
Comments efadadasakejes
Signature verification The digital signature of the object did not verify.
Signing date 6:11 AM 1/28/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1976-03-13 14:56:59
Entry Point 0x0006FC6E
Number of sections 3
.NET details
Module Version ID 63143b13-56d5-44e9-a584-6c2ea2b24b5d
TypeLib ID a899abcb-e431-4414-a5fd-1e0583d4352a
PE sections
Overlays
MD5 d0f3f8079f6dd78f24f0e44fad7e020b
File type data
Offset 453120
Size 5320
Entropy 7.43
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
efadadasakejes

InitializedDataSize
2560

ImageVersion
0.0

ProductName
Active Directory security and Group Policy Management

FileVersionNumber
8.11.11.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
r2.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.11.11.2

TimeStamp
1976:03:13 15:56:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
r2.exe

ProductVersion
8.11.11.2

FileDescription
Active Directory security and Group Policy Management

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2018 Avnet, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Avnet, Inc.

CodeSize
450048

FileSubtype
0

ProductVersionNumber
8.11.11.2

EntryPoint
0x6fc6e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 abd1a27434e98e8112d83db9fcda8cea
SHA1 6aef25838f33abea1f4a02b8f7b00890893ed751
SHA256 01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989
ssdeep
6144:Sg41DvB1FkeW3PLYY6T/5W1uAPST3oIVf2DwPjIq/FVNRqqMvmbe/F+yNfPUKj8d:STv+oSaY8cuN/Sxc7A6BDN

authentihash 880900cf9db9d61ed2415e7c032c75c4c05b8add3e591ff3cd4ca558ed03521c
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 447.7 KB ( 458440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Windows screen saver (43.3%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.9%)
OS/2 Executable (generic) (6.7%)
Generic Win/DOS Executable (6.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-12-19 02:44:18 UTC ( 5 months ago )
Last submission 2018-12-19 12:25:14 UTC ( 5 months ago )
File names r2.exe
r2_signed.exe
abd1a274.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!