× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 15c34d2b0e834727949dbacea897db33c785a32ac606c0935e3758c8dc975535
File name: License Panel.exe
Detection ratio: 56 / 66
Analysis date: 2018-04-02 22:25:02 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7597928 20180402
AegisLab W32.W.Shakblades.bur!c 20180402
AhnLab-V3 Backdoor/Win32.Azbreg.R35047 20180402
ALYac Backdoor.RAT.Blackshades 20180402
Antiy-AVL Trojan/Win32.Shakblades 20180402
Arcabit Trojan.Generic.D73EF68 20180402
Avast MSIL:Agent-JY [Trj] 20180402
AVG MSIL:Agent-JY [Trj] 20180402
Avira (no cloud) TR/Dropper.MSIL.Gen8 20180402
AVware Trojan.Win32.Generic!BT 20180402
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180402
BitDefender Trojan.Generic.7597928 20180402
CAT-QuickHeal Trojan.Generic 20180402
ClamAV Win.Trojan.Agent-365493 20180402
Comodo UnclassifiedMalware 20180402
Cybereason malicious.1974a4 20180225
Cylance Unsafe 20180402
Cyren W32/Trojan.IODH-5904 20180402
DrWeb BackDoor.Blackshades.4 20180402
Emsisoft Trojan.Generic.7597928 (B) 20180402
Endgame malicious (high confidence) 20180316
ESET-NOD32 Win32/Ainslot.AA 20180402
F-Secure Trojan.Generic.7597928 20180402
Fortinet MSIL/Generic.AP.19E4FFC!tr 20180402
GData Trojan.Generic.7597928 20180402
Ikarus Trojan.MSIL.Agent 20180402
Sophos ML heuristic 20180121
Jiangmin Trojan/Jorik.dikj 20180402
K7AntiVirus Trojan ( 00149d991 ) 20180402
K7GW Trojan ( 00149d991 ) 20180402
Kaspersky HEUR:Trojan.Win32.Generic 20180402
Kingsoft Worm.Shakblades.(kcloud) 20180402
Malwarebytes Trojan.Agent.FVIGen 20180402
MAX malware (ai score=100) 20180402
McAfee Trojan-FBMT!0D1BD081974A 20180402
McAfee-GW-Edition Trojan-FBMT!0D1BD081974A 20180402
eScan Trojan.Generic.7597928 20180402
NANO-Antivirus Trojan.Win32.Win32.dccnym 20180402
Palo Alto Networks (Known Signatures) generic.ml 20180402
Panda Generic Malware 20180402
Qihoo-360 Win32/Trojan.e6d 20180402
Rising Malware.Undefined!8.C (TFE:C:RAMfKZaYVpS) 20180402
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Shades-A 20180402
SUPERAntiSpyware Backdoor.Blackshades/Variant 20180402
Symantec W32.Shadesrat.C 20180402
Tencent Win32.Worm.Ainslot.Fih 20180402
TheHacker Trojan/Generic.aej 20180330
TrendMicro WORM_SHAKBLAD.AX 20180402
TrendMicro-HouseCall WORM_SHAKBLAD.AX 20180402
VBA32 TrojanDropper.Dapato 20180402
VIPRE Trojan.Win32.Generic!BT 20180402
ViRobot Backdoor.Win32.Blackshades.395776 20180402
Yandex Worm.Shakblades!ZMKG2ooBGiU 20180331
Zillya Worm.Shakblades.Win32.1018 20180402
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180402
Alibaba 20180402
Avast-Mobile 20180402
Bkav 20180402
CMC 20180402
CrowdStrike Falcon (ML) 20170201
eGambit 20180402
F-Prot 20180402
Microsoft 20180402
nProtect 20180402
Symantec Mobile Insight 20180401
Trustlook 20180402
WhiteArmor 20180324
Zoner 20180401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Nimoru Software 2011

Product .Net Seal
Original name License Panel.exe
Internal name License Panel.exe
File version 1.3.1.0
Description License Panel
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-05 20:40:51
Entry Point 0x0000DCCE
Number of sections 3
.NET details
Module Version ID cb757372-5731-4915-96b3-b0af9eb3b0d3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
346624

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.1.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0xdcce

OriginalFileName
License Panel.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Nimoru Software 2011

FileVersion
1.3.1.0

TimeStamp
2012:06:05 21:40:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
License Panel.exe

ProductVersion
1.3.1.0

FileDescription
License Panel

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nimoru Software

CodeSize
48640

ProductName
.Net Seal

ProductVersionNumber
1.3.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.3.1.0

File identification
MD5 0d1bd081974a4dcdeee55f025423a72b
SHA1 d202a5737b039abea455ffd48aa806a90a01475b
SHA256 15c34d2b0e834727949dbacea897db33c785a32ac606c0935e3758c8dc975535
ssdeep
6144:HiknTiK8HKUEIlJK8AD7CbntxWsKWIXZl7/Gq6CBhkctK6q7Xy:HjGHqUdACHPKWIXPCJCLwC

authentihash bb494c0cb401a21e1c8ac6a261a46bec4f40f900bd5324514afcfb43b51d3c81
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 386.5 KB ( 395776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2012-06-06 17:20:22 UTC ( 6 years, 2 months ago )
Last submission 2018-04-02 22:25:02 UTC ( 4 months, 2 weeks ago )
File names 5a83c58b-702b-4690-a7a0-f0379af60bab
f392ba57-7546-4037-9cfd-afd0cd6fe9b7
blackshade.bin
0D1BD081974A4DCDEEE55F025423A72B
Blackshades_new_new .pi
15c34d2b0e834727949dbacea897db33c785a32ac606c0935e3758c8dc97553520160421-24942-1onld9q
Blackshades_new_new .pif_0d1bd081974a4dcdeee55f025423a72b.exe
D3D8THK.exe
vti-rescan
new_new .pif
9aca05a0-3e3d-4709-b5b8-d61f691cdc79
Akshay_virus_sample_SyrianRATs_SyrianRAT_Blackshades_new_new_.pif_0d1bd081974a4dcdeee55f025423a72b
License Panel.exe
Blackshades_new_new .pif_0d1bd081974a4dcdeee55f025423a72b
0d1bd081974a4dcdeee55f025423a72b
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!