× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 15c34d2b0e834727949dbacea897db33c785a32ac606c0935e3758c8dc975535
File name: License Panel.exe
Detection ratio: 55 / 61
Analysis date: 2017-04-26 04:13:23 UTC ( 19 hours, 20 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7597928 20170425
AegisLab W32.W.Shakblades.bur!c 20170425
AhnLab-V3 Backdoor/Win32.Azbreg.R35047 20170425
ALYac Backdoor.RAT.Blackshades 20170425
Antiy-AVL Trojan/Win32.Shakblades 20170425
Arcabit Trojan.Generic.D73EF68 20170425
Avast MSIL:Agent-JY [Trj] 20170425
AVG Win32/Herz.B 20170425
Avira (no cloud) TR/Dropper.MSIL.Gen8 20170425
AVware Trojan.Win32.Generic!BT 20170425
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170424
BitDefender Trojan.Generic.7597928 20170425
CAT-QuickHeal Trojan.Generic 20170425
ClamAV Win.Trojan.Agent-365493 20170425
Comodo UnclassifiedMalware 20170425
CrowdStrike Falcon (ML) malicious_confidence_93% (W) 20170130
Cyren W32/Trojan.IODH-5904 20170425
DrWeb BackDoor.Blackshades.4 20170425
Emsisoft Trojan.Generic.7597928 (B) 20170425
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/Ainslot.AA 20170425
F-Secure Trojan.Generic.7597928 20170425
Fortinet MSIL/Generic.AP.19E4FFC!tr 20170425
GData Trojan.Generic.7597928 20170425
Ikarus Trojan.MSIL.Agent 20170425
Invincea trojan.win32.skeeyah.a!rfn 20170413
Jiangmin Trojan/Jorik.dikj 20170425
K7AntiVirus Trojan ( 00149d991 ) 20170425
K7GW Trojan ( 00149d991 ) 20170425
Kaspersky HEUR:Trojan.Win32.Generic 20170425
Malwarebytes Trojan.Agent.FVIGen 20170425
McAfee Trojan-FBMT!0D1BD081974A 20170425
McAfee-GW-Edition Trojan-FBMT!0D1BD081974A 20170425
Microsoft Worm:Win32/Ainslot.A 20170425
eScan Trojan.Generic.7597928 20170425
NANO-Antivirus Trojan.Win32.Win32.dccnym 20170425
nProtect Trojan/W32.Agent.395776.GF 20170425
Palo Alto Networks (Known Signatures) generic.ml 20170426
Panda Generic Malware 20170424
Qihoo-360 Win32/Trojan.e6d 20170426
Rising Trojan.Generic (cloud:EVnNSIXQO3Q) 20170425
Sophos Troj/Shades-A 20170425
SUPERAntiSpyware Backdoor.Blackshades/Variant 20170425
Symantec W32.Shadesrat.C 20170425
Tencent Win32.Worm.Ainslot.Fih 20170426
TheHacker Trojan/Generic.aej 20170424
TrendMicro WORM_SHAKBLAD.AX 20170425
TrendMicro-HouseCall WORM_SHAKBLAD.AX 20170425
VBA32 TrojanDropper.Dapato 20170421
VIPRE Trojan.Win32.Generic!BT 20170425
ViRobot Backdoor.Win32.Blackshades.395776[h] 20170425
Webroot W32.Malware.gen 20170426
Yandex Worm.Shakblades!ZMKG2ooBGiU 20170424
Zillya Worm.Shakblades.Win32.1018 20170425
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170425
Alibaba 20170425
CMC 20170421
F-Prot 20170425
Kingsoft 20170426
SentinelOne (Static ML) 20170330
Symantec Mobile Insight 20170424
TotalDefense 20170425
Trustlook 20170426
WhiteArmor 20170409
Zoner 20170425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Nimoru Software 2011

Product .Net Seal
Original name License Panel.exe
Internal name License Panel.exe
File version 1.3.1.0
Description License Panel
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-05 20:40:51
Entry Point 0x0000DCCE
Number of sections 3
.NET details
Module Version ID cb757372-5731-4915-96b3-b0af9eb3b0d3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
346624

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.1.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0xdcce

OriginalFileName
License Panel.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Nimoru Software 2011

FileVersion
1.3.1.0

TimeStamp
2012:06:05 21:40:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
License Panel.exe

ProductVersion
1.3.1.0

FileDescription
License Panel

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nimoru Software

CodeSize
48640

ProductName
.Net Seal

ProductVersionNumber
1.3.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.3.1.0

File identification
MD5 0d1bd081974a4dcdeee55f025423a72b
SHA1 d202a5737b039abea455ffd48aa806a90a01475b
SHA256 15c34d2b0e834727949dbacea897db33c785a32ac606c0935e3758c8dc975535
ssdeep
6144:HiknTiK8HKUEIlJK8AD7CbntxWsKWIXZl7/Gq6CBhkctK6q7Xy:HjGHqUdACHPKWIXPCJCLwC

authentihash bb494c0cb401a21e1c8ac6a261a46bec4f40f900bd5324514afcfb43b51d3c81
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 386.5 KB ( 395776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2012-06-06 17:20:22 UTC ( 4 years, 10 months ago )
Last submission 2016-09-07 10:25:07 UTC ( 7 months, 3 weeks ago )
File names 5a83c58b-702b-4690-a7a0-f0379af60bab
f392ba57-7546-4037-9cfd-afd0cd6fe9b7
blackshade.bin
0D1BD081974A4DCDEEE55F025423A72B
Blackshades_new_new .pi
15c34d2b0e834727949dbacea897db33c785a32ac606c0935e3758c8dc97553520160421-24942-1onld9q
Blackshades_new_new .pif_0d1bd081974a4dcdeee55f025423a72b.exe
D3D8THK.exe
vti-rescan
new_new .pif
9aca05a0-3e3d-4709-b5b8-d61f691cdc79
Akshay_virus_sample_SyrianRATs_SyrianRAT_Blackshades_new_new_.pif_0d1bd081974a4dcdeee55f025423a72b
License Panel.exe
Blackshades_new_new .pif_0d1bd081974a4dcdeee55f025423a72b
0d1bd081974a4dcdeee55f025423a72b
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!