× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 131efddbceafce4e4d5809023b6ea35038b94e191358703ead07a1b4b04faf9a
File name: bz.exe
Detection ratio: 18 / 71
Analysis date: 2019-04-09 04:58:04 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190409
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.254f33 20190403
Cylance Unsafe 20190409
Cyren W32/Trojan.SW.gen!Eldorado 20190409
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of MSIL/Kryptik.RHZ 20190409
F-Prot W32/Trojan.SW.gen!Eldorado 20190409
FireEye Generic.mg.2a16c7f641857c61 20190409
Fortinet MSIL/Kryptik.RHZ!tr 20190409
Sophos ML heuristic 20190313
McAfee-GW-Edition BehavesLike.Win32.Generic.gc 20190409
Palo Alto Networks (Known Signatures) generic.ml 20190409
Qihoo-360 HEUR/QVM03.0.661D.Malware.Gen 20190409
SentinelOne (Static ML) DFI - Suspicious PE 20190407
Symantec ML.Attribute.HighConfidence 20190408
Trapmine malicious.high.ml.score 20190325
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190409
Ad-Aware 20190409
AegisLab 20190409
AhnLab-V3 20190408
Alibaba 20190402
ALYac 20190409
Antiy-AVL 20190409
Arcabit 20190409
Avast 20190409
Avast-Mobile 20190408
AVG 20190409
Avira (no cloud) 20190408
Babable 20180918
Baidu 20190318
BitDefender 20190409
Bkav 20190408
CAT-QuickHeal 20190407
ClamAV 20190408
CMC 20190321
Comodo 20190409
DrWeb 20190409
eGambit 20190409
Emsisoft 20190409
F-Secure 20190408
GData 20190409
Ikarus 20190408
Jiangmin 20190409
K7AntiVirus 20190408
K7GW 20190409
Kaspersky 20190409
Kingsoft 20190409
Malwarebytes 20190409
MAX 20190409
McAfee 20190409
Microsoft 20190409
eScan 20190409
NANO-Antivirus 20190409
Panda 20190408
Rising 20190409
Sophos AV 20190409
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190408
TACHYON 20190409
Tencent 20190409
TheHacker 20190405
TotalDefense 20190408
TrendMicro 20190409
TrendMicro-HouseCall 20190409
Trustlook 20190409
VBA32 20190408
ViRobot 20190408
Webroot 20190409
Yandex 20190408
Zillya 20190408
Zoner 20190409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2040

Product P0mkIn8DqFjl1q/P
Original name h6.exe
Internal name h6.exe
File version 7.11.15.18
Description P0mkIn8DqFjl1q/P
Comments OxjYeQ+CqN+y0siNqtEcNt8=
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-12-06 13:16:28
Entry Point 0x0007D84E
Number of sections 3
.NET details
Module Version ID 1179e69f-8b9e-40c3-a9d7-c1387d71c572
TypeLib ID d11b7705-9004-47c0-8a2d-096fbb2cc769
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
OxjYeQ+CqN+y0siNqtEcNt8=

InitializedDataSize
2048

ImageVersion
0.0

ProductName
P0mkIn8DqFjl1q/P

FileVersionNumber
7.11.15.18

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
h6.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.11.15.18

TimeStamp
1996:12:06 14:16:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
h6.exe

ProductVersion
7.11.15.18

FileDescription
P0mkIn8DqFjl1q/P

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2040

MachineType
Intel 386 or later, and compatibles

CompanyName
odonaranuxafopenefuzes

CodeSize
506368

FileSubtype
0

ProductVersionNumber
7.11.15.18

EntryPoint
0x7d84e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 2a16c7f641857c61aeda3af4e4e8b8ce
SHA1 920c9ea254f337c60bb3dc983d09c41767908567
SHA256 131efddbceafce4e4d5809023b6ea35038b94e191358703ead07a1b4b04faf9a
ssdeep
12288:/lj9cVr6ccVr6lvR9Xlj9cVr6ccVr6lvR9jgW3acK2xU2qo:/h9c56cc56lvR9Xh9c56cc56lvR9jgW3

authentihash 2cfd157eec759ef3d013aeb63b661317b38ee8c3e54a4aa885e9b21601c28d85
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 497.0 KB ( 508928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2019-04-09 04:58:04 UTC ( 1 month, 1 week ago )
Last submission 2019-04-09 04:58:04 UTC ( 1 month, 1 week ago )
File names bz.exe
h6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!