× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01e6c3b8dc9daea09b24f5b0052613bc0b35760c6cc1fab7e20d9cc243bca4d7
File name: PO-76489343.exe
Detection ratio: 50 / 67
Analysis date: 2017-12-27 23:19:42 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1909391 20171225
AegisLab Troj.W32.Generic!c 20171227
AhnLab-V3 Malware/Win32.Generic.C610242 20171227
ALYac Trojan.GenericKD.1909391 20171227
Arcabit Trojan.Generic.D1D228F 20171227
Avast MSIL:Injector-IZ [Cryp] 20171227
AVG MSIL:Injector-IZ [Cryp] 20171227
Avira (no cloud) TR/Dropper.MSIL.Gen2 20171227
AVware Win32.Malware!Drop 20171227
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171227
BitDefender Trojan.GenericKD.1909391 20171227
CAT-QuickHeal Trojan.Generic 20171227
Comodo UnclassifiedMalware 20171227
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171228
Cyren W32/Msil.AVOA-2456 20171227
DrWeb Trojan.PWS.Panda.7278 20171227
eGambit Unsafe.AI_Score_99% 20171228
Emsisoft Trojan.GenericKD.1909391 (B) 20171227
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.BCM 20171227
F-Prot W32/Msil.EG 20171227
F-Secure Trojan.GenericKD.1909391 20171227
Fortinet MSIL/Agent.BCM!tr 20171227
GData Trojan.GenericKD.1909391 20171227
Ikarus Trojan.Fakeav 20171227
Sophos ML heuristic 20170914
Jiangmin Trojan/MSIL.cbqc 20171227
K7AntiVirus Trojan ( 004ac3541 ) 20171227
K7GW Trojan ( 004ac3541 ) 20171227
Kaspersky HEUR:Trojan.Win32.Generic 20171227
Malwarebytes Trojan.Agent.MTAGen 20171227
MAX malware (ai score=100) 20171227
McAfee PWSZbot-FHN 20171227
McAfee-GW-Edition PWSZbot-FHN 20171227
eScan Trojan.GenericKD.1909391 20171227
Palo Alto Networks (Known Signatures) generic.ml 20171228
Panda Trj/Chgt.H 20171227
Qihoo-360 HEUR/Malware.QVM03.Gen 20171228
Sophos AV Troj/MSIL-ANW 20171227
Symantec Backdoor.Breut 20171227
Tencent Win32.Trojan.Bp-generic.Ixrn 20171228
TheHacker Trojan/Dropper.Agent.bcm 20171226
TrendMicro TROJ_GEN.R002C0OIN17 20171227
TrendMicro-HouseCall TROJ_GEN.R002C0OIN17 20171227
VIPRE Win32.Malware!Drop 20171227
Webroot W32.Malware.Gen 20171228
Yandex Trojan.DR.Agent!MCBFTVV33QY 20171225
Zillya Trojan.Cryptos.Win32.3290 20171226
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171227
Alibaba 20171227
Antiy-AVL 20171228
Avast-Mobile 20171227
Bkav 20171227
ClamAV 20171227
CMC 20171227
CrowdStrike Falcon (ML) 20171016
Kingsoft 20171228
Microsoft 20171227
nProtect 20171227
Rising 20171227
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20171227
Symantec Mobile Insight 20171227
TotalDefense 20171227
Trustlook 20171228
VBA32 20171227
ViRobot 20171227
WhiteArmor 20171226
Zoner 20171227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
copyright-2014

Product PO-76489343
Original name aaaa.exe
Internal name aaaa.exe
File version 1.0.0.0
Description PO-76489343
Comments PO-76489343
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-08 07:24:15
Entry Point 0x0001AB64
Number of sections 3
.NET details
Module Version ID 85475cbe-9730-46c9-bf20-012eb29bb06d
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
LegalTrademarks
PO-76489343

SubsystemVersion
4.0

Comments
PO-76489343

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
PO-76489343

CharacterSet
Unicode

InitializedDataSize
25600

EntryPoint
0x1ab64

OriginalFileName
aaaa.exe

MIMEType
application/octet-stream

LegalCopyright
copyright-2014

FileVersion
1.0.0.0

TimeStamp
2014:10:08 08:24:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aaaa.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PO-76489343

CodeSize
512512

ProductName
PO-76489343

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 cda52292c0ab9b3e4fa074e141c4a6ed
SHA1 c4fa9e79b0376c2b73cf9e12ccf07aea36b8b913
SHA256 01e6c3b8dc9daea09b24f5b0052613bc0b35760c6cc1fab7e20d9cc243bca4d7
ssdeep
12288:A7jL56nqEf3/czZIzgZifGOnYi9D9VCrKRnzh7y:o6n9PqIzgkbnY8qrV

authentihash c02053bd7c113b3999aab08b979d3de55844f9fa1d498df87160670e55d78f3d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 526.0 KB ( 538624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-10-08 18:13:26 UTC ( 4 years, 7 months ago )
Last submission 2017-12-27 23:19:42 UTC ( 1 year, 4 months ago )
File names cda52292c0ab9b3e4fa074e141c4a6ed.malware
01e6c3b8dc9daea09b24f5b0052613bc0b35760c6cc1fab7e20d9cc243bca4d7.bin
aaaa.exe
vti-rescan
01e6c3b8dc9daea09b24f5b0052613bc0b35760c6cc1fab7e20d9cc243bca4d7.exe
cda52292c0ab9b3e4fa074e141c4a6ed
PO-76489343.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0CJC15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests