× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1187e0f441de249caca8e07feb2ae7652cbc95bafcafe1da4d204c932303b642
File name: smoke.exe
Detection ratio: 9 / 66
Analysis date: 2017-11-20 22:27:56 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171120
AVG FileRepMalware 20171120
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.4cebef 20171103
Cylance Unsafe 20171120
ESET-NOD32 a variant of MSIL/GenKryptik.BERL 20171120
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171120
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171120
Ad-Aware 20171120
AegisLab 20171120
AhnLab-V3 20171120
Alibaba 20170911
Antiy-AVL 20171120
Arcabit 20171120
Avast-Mobile 20171119
Avira (no cloud) 20171120
AVware 20171120
Baidu 20171120
BitDefender 20171120
Bkav 20171120
CAT-QuickHeal 20171118
ClamAV 20171120
CMC 20171120
Comodo 20171120
Cyren 20171120
DrWeb 20171120
eGambit 20171120
Emsisoft 20171120
Endgame 20171024
F-Prot 20171120
F-Secure 20171120
Fortinet 20171120
GData 20171120
Jiangmin 20171120
K7AntiVirus 20171120
K7GW 20171120
Kingsoft 20171120
Malwarebytes 20171120
MAX 20171120
McAfee 20171120
McAfee-GW-Edition 20171120
Microsoft 20171120
eScan 20171120
NANO-Antivirus 20171120
nProtect 20171120
Palo Alto Networks (Known Signatures) 20171120
Panda 20171120
Qihoo-360 20171120
Rising 20171120
SentinelOne (Static ML) 20171113
Sophos AV 20171120
SUPERAntiSpyware 20171120
Symantec 20171120
Symantec Mobile Insight 20171117
Tencent 20171120
TheHacker 20171117
TotalDefense 20171120
TrendMicro 20171120
TrendMicro-HouseCall 20171120
Trustlook 20171120
VBA32 20171120
VIPRE 20171120
ViRobot 20171120
Webroot 20171120
WhiteArmor 20171104
Yandex 20171120
Zillya 20171117
Zoner 20171120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
NBPMNM

Product NBPMNM
Original name ERZLB.exe
Internal name ERZLB.exe
File version 0.0.0.8
Description NBPMNM
Comments NBPMNM
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-20 17:34:55
Entry Point 0x0002E2FA
Number of sections 3
.NET details
Module Version ID 120f8dd4-0f89-4fe6-940a-77506e63cad9
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
NBPMNM

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.8

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
NBPMNM

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
7680

EntryPoint
0x2e2fa

OriginalFileName
ERZLB.exe

MIMEType
application/octet-stream

LegalCopyright
NBPMNM

FileVersion
0.0.0.8

TimeStamp
2017:11:20 18:34:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ERZLB.exe

ProductVersion
0.0.0.8

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
181248

ProductName
NBPMNM

ProductVersionNumber
0.0.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.8

Compressed bundles
File identification
MD5 a98124b7707f80d7874e6028799fd2b2
SHA1 b7a2b694cebef6302c8cca94cbf302f491003d5e
SHA256 1187e0f441de249caca8e07feb2ae7652cbc95bafcafe1da4d204c932303b642
ssdeep
3072:TQAI9n4rBaB/oVNqbg+3IpIVdG0uWjSLhiekmSEAeOUA2JUitidVZreOI:hM4UBIqDS0LotkmseVVsYO

authentihash 1bcf8e3c463134e3438108ee2b78b0e9110341fe89a36e38449635be49089000
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 185.0 KB ( 189440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-11-20 22:27:56 UTC ( 1 year, 6 months ago )
Last submission 2018-02-06 03:41:09 UTC ( 1 year, 3 months ago )
File names test (156).exe
VirusShare_a98124b7707f80d7874e6028799fd2b2
smoke.exe
test (11).exe
smoke.exe
ERZLB.exe
Virus(22).vir.exe
3dbcac6a49d9b1445c7062d92bcd1cb1ca9e246b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!