× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 039058cd0f349c8987a4a61a3de12660b78007235126ee75228933fda2343e4f
File name: news.exe
Detection ratio: 10 / 55
Analysis date: 2014-10-07 23:35:21 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.383082 20141007
Avast MSIL:Agent-BHE [Trj] 20141007
BitDefender Gen:Variant.Kazy.383082 20141007
Comodo Backdoor.Win32.Delf.~EC 20141008
Emsisoft Gen:Variant.Kazy.383082 (B) 20141007
ESET-NOD32 a variant of MSIL/Injector.DNA 20141007
F-Secure Gen:Variant.Kazy.383082 20141007
GData Gen:Variant.Kazy.383082 20141007
Malwarebytes Trojan.MSIL.UL 20141007
eScan Gen:Variant.Kazy.383082 20141007
AegisLab 20141007
Yandex 20141007
AhnLab-V3 20141007
Antiy-AVL 20141007
AVG 20141007
Avira (no cloud) 20141008
AVware 20141007
Baidu-International 20141007
Bkav 20141007
ByteHero 20141008
CAT-QuickHeal 20141007
ClamAV 20141007
CMC 20141004
Cyren 20141007
DrWeb 20141004
F-Prot 20141007
Fortinet 20141007
Ikarus 20141007
Jiangmin 20141007
K7AntiVirus 20141007
K7GW 20141007
Kaspersky 20141007
Kingsoft 20141008
McAfee 20141007
McAfee-GW-Edition 20141007
Microsoft 20141008
NANO-Antivirus 20141007
Norman 20141007
nProtect 20141007
Panda 20141007
Qihoo-360 20141008
Rising 20141007
Sophos AV 20141008
SUPERAntiSpyware 20141007
Symantec 20141007
Tencent 20141008
TheHacker 20141006
TotalDefense 20141007
TrendMicro 20141007
TrendMicro-HouseCall 20141007
VBA32 20141007
VIPRE 20141007
ViRobot 20141007
Zillya 20141006
Zoner 20141007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005

Product aF_2_S_6_Q_
Original name 5.exe
Internal name 5.exe
File version 6.8.10.40
Description aB_j_H_H_
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-05 20:05:59
Entry Point 0x0001D418
Number of sections 3
.NET details
Module Version ID 7662fa85-a722-4425-939b-a6b8e06755b4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
LegalTrademarks
ad_J_F_U_a_N_

SubsystemVersion
4.0

InitializedDataSize
4096

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.8.10.40

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
aB_j_H_H_

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x1d418

OriginalFileName
5.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005

FileVersion
6.8.10.40

TimeStamp
2014:10:05 21:05:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
5.exe

ProductVersion
6.8.10.40

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
aQ_u_J_q_7_

CodeSize
112128

ProductName
aF_2_S_6_Q_

ProductVersionNumber
6.8.10.40

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
4.6.8.36

Execution parents
Compressed bundles
File identification
MD5 a8ef5ccebd2e3babdd243a2861673c26
SHA1 297804c895c0c3b86695ce9bae1ce5dddd1f3f89
SHA256 039058cd0f349c8987a4a61a3de12660b78007235126ee75228933fda2343e4f
ssdeep
1536:cd5GNHv320hpbg1xFi57MXk+3bkClU5yU66W2eJVl5LCAYUxc0OA8FX:k5SHv2QpbgDWQXrwC2P1N8NCAYwc28

imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 114.0 KB ( 116736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2014-10-07 23:35:21 UTC ( 2 years, 10 months ago )
Last submission 2017-05-27 11:12:17 UTC ( 2 months, 4 weeks ago )
File names chrome.exe
d5a38e9b5f206c41f8851bf04a251d26.exe
A0005277.exe
news.exe
news.exe
03.exe
news-2.exe
5.exe
039058cd0f349c8987a4a61a3de12660b78007235126ee75228933fda2343e4f.bin
2016_02_22_21_35_41.000525
chrome.exe
2016_02_22_20_27_36.000565
Helper.exe
2016_02_22_23_14_53.000097
6fb3042b3de9221dffb0ff7ab7173d3fa79db062
news.exe
5aebe69c-f8ef-420c-ad2d-f978202de965
chrome.exe
039058CD0F349C8987A4A61A3DE12660B78007235126EE75228933FDA2343E4F.exe
chrome.exe
d5a38e9b5f206c41f8851bf04a251d26.exe
2016_02_24_18_24_27.000512
file-7580629_exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0CLG15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!