× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09387e70348f47edd087eeede5f80bfafcb3b7e9b049dfccd3df484ea0392d37
File name: codexgigas_d6e77d82e42923ea43d3f4ae4968422176314b32
Detection ratio: 39 / 67
Analysis date: 2018-02-25 07:39:12 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.261876 20180225
AegisLab Troj.W32.Generic!c 20180225
Arcabit Trojan.Razy.D3FEF4 20180225
Avast Win32:Malware-gen 20180225
AVG Win32:Malware-gen 20180225
Avira (no cloud) TR/Dropper.MSIL.djbkg 20180224
AVware Trojan.Win32.Generic!BT 20180225
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
BitDefender Gen:Variant.Razy.261876 20180225
CAT-QuickHeal Trojan.Generic 20180224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180225
Emsisoft Gen:Variant.Razy.261876 (B) 20180225
ESET-NOD32 a variant of MSIL/Kryptik.MYM 20180225
F-Secure Gen:Variant.Razy.261876 20180225
Fortinet MSIL/Kryptik.MIK!tr 20180225
GData MSIL.Trojan-Stealer.Fareit.AT 20180225
Ikarus Trojan.MSIL.Crypt 20180224
K7AntiVirus Trojan ( 005208091 ) 20180225
K7GW Trojan ( 005208091 ) 20180225
Kaspersky HEUR:Trojan.Win32.Generic 20180225
Malwarebytes Spyware.AgentTesla.Generic 20180225
MAX malware (ai score=98) 20180225
McAfee Packed-TW!385D5B2E8ABD 20180225
McAfee-GW-Edition Packed-TW!385D5B2E8ABD 20180225
Microsoft Trojan:Win32/Dynamer!rfn 20180225
eScan Gen:Variant.Razy.261876 20180225
NANO-Antivirus Trojan.Win32.Kryptik.eyhfzh 20180225
Palo Alto Networks (Known Signatures) generic.ml 20180225
Panda Trj/GdSda.A 20180224
Qihoo-360 Win32/Trojan.62b 20180225
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Generic-S 20180225
Symantec Trojan.Gen.2 20180224
Tencent Win32.Trojan.Generic.Ljuj 20180225
TrendMicro TROJ_GEN.R020C0PBM18 20180225
TrendMicro-HouseCall TROJ_GEN.R020C0PBM18 20180225
VIPRE Trojan.Win32.Generic!BT 20180225
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180225
AhnLab-V3 20180224
Alibaba 20180224
Antiy-AVL 20180224
Avast-Mobile 20180224
Bkav 20180224
ClamAV 20180225
CMC 20180225
Comodo 20180225
Cybereason 20180205
Cyren 20180225
DrWeb 20180225
eGambit 20180225
Endgame 20180223
F-Prot 20180225
Sophos ML 20180121
Jiangmin 20180225
Kingsoft 20180225
nProtect 20180225
Rising 20180225
SUPERAntiSpyware 20180224
Symantec Mobile Insight 20180220
TheHacker 20180224
TotalDefense 20180225
Trustlook 20180225
VBA32 20180223
ViRobot 20180224
Webroot 20180225
WhiteArmor 20180223
Yandex 20180222
Zillya 20180223
Zoner 20180225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2017 Centex

Product Centex New Taker
Original name agftelsa.exe
Internal name agftelsa.exe
File version 6.15.13.16
Description Centex
Comments Centex Take
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-22 07:45:05
Entry Point 0x00048DBE
Number of sections 3
.NET details
Module Version ID fac01e5d-343e-460f-8f9e-eeaf52ff7c14
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Centex Take

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.15.13.16

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Centex

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x48dbe

OriginalFileName
agftelsa.exe

MIMEType
application/octet-stream

LegalCopyright
(c) 2017 Centex

FileVersion
6.15.13.16

TimeStamp
2018:02:22 08:45:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
agftelsa.exe

ProductVersion
6.15.13.16

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Centex

CodeSize
290816

ProductName
Centex New Taker

ProductVersionNumber
6.15.13.16

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
5.15.11.13

File identification
MD5 385d5b2e8abdfb32f6a00bc3f89a351f
SHA1 d6e77d82e42923ea43d3f4ae4968422176314b32
SHA256 09387e70348f47edd087eeede5f80bfafcb3b7e9b049dfccd3df484ea0392d37
ssdeep
6144:5eUvlGUvZwWKCvNIz/KPNdHns03mrNi6bk2Ww+yhR7zJK52:VlGUvZwTCvNIuNBns02tWQ7zcY

authentihash edd9eeca787878002496299c2b0e6be826590604df1306d4d6d3c3ac4db15ed1
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 308.0 KB ( 315392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-02-23 07:17:19 UTC ( 1 year, 2 months ago )
Last submission 2018-06-30 20:48:09 UTC ( 10 months, 3 weeks ago )
File names cnz.exe
Cnz(01).gxe
agftelsa.exe
agftelsa.exe
cnz.exe
output.112918592.txt
agftelsa_upx.exe
agftelsa_pespin.exe
codexgigas_d6e77d82e42923ea43d3f4ae4968422176314b32
385d5b2e8abdfb32f6a00bc3f89a351f.exe
VirusShare_385d5b2e8abdfb32f6a00bc3f89a351f
agftelsa.exe
output.112918712.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!