× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 179aa7250870f8103b98b7982c9af7491057d6c2925198e6ff7ded844490994a
File name: virustotal-submit-pipe
Detection ratio: 20 / 66
Analysis date: 2018-05-15 21:55:58 UTC ( 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Johnnie.99712 20180515
ALYac Gen:Variant.Johnnie.99712 20180515
Arcabit Trojan.Johnnie.D18580 20180515
Avast Win32:Malware-gen 20180515
AVG Win32:Malware-gen 20180515
Avira (no cloud) TR/RedCap.zzzmf 20180515
BitDefender Gen:Variant.Johnnie.99712 20180515
CAT-QuickHeal TrojanDownloader.Adodb 20180515
ClamAV Win.Exploit.CVE_2018_8120-6530080-0 20180515
Emsisoft Gen:Variant.Johnnie.99712 (B) 20180515
F-Secure Gen:Variant.Johnnie.99712 20180515
GData Gen:Variant.Johnnie.99712 20180515
Jiangmin Exploit.CVE-2018-8120.a 20180515
MAX malware (ai score=85) 20180515
eScan Gen:Variant.Johnnie.99712 20180515
Panda Trj/GdSda.A 20180515
Qihoo-360 HEUR/QVM10.1.2EE1.Malware.Gen 20180515
Symantec Trojan Horse 20180515
VBA32 BScope.Trojan-Dropper.Injector 20180515
VIPRE Trojan.Win32.Generic!BT 20180515
AegisLab 20180515
AhnLab-V3 20180515
Alibaba 20180515
Antiy-AVL 20180515
Avast-Mobile 20180515
AVware 20180428
Babable 20180406
Baidu 20180511
Bkav 20180515
CMC 20180515
Comodo 20180515
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cylance 20180515
Cyren 20180515
DrWeb 20180515
eGambit 20180515
Endgame 20180507
ESET-NOD32 20180515
F-Prot 20180515
Fortinet 20180515
Ikarus 20180515
Sophos ML 20180503
K7AntiVirus 20180515
K7GW 20180515
Kaspersky 20180515
Kingsoft 20180515
Malwarebytes 20180515
McAfee 20180515
McAfee-GW-Edition 20180515
Microsoft 20180515
NANO-Antivirus 20180515
nProtect 20180515
Palo Alto Networks (Known Signatures) 20180515
Rising 20180515
SentinelOne (Static ML) 20180225
Sophos AV 20180515
SUPERAntiSpyware 20180515
Symantec Mobile Insight 20180515
Tencent 20180515
TheHacker 20180509
TotalDefense 20180515
TrendMicro 20180515
TrendMicro-HouseCall 20180515
Trustlook 20180515
ViRobot 20180515
Webroot 20180515
Yandex 20180513
Zillya 20180514
ZoneAlarm by Check Point 20180515
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-19 09:52:54
Entry Point 0x0000278B
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetSystemInfo
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
SetThreadAffinityMask
GetProcAddress
GetStringTypeA
GetCurrentThread
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
DuplicateHandle
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
AddVectoredExceptionHandler
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxA
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:19 10:52:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38912

LinkerVersion
9.0

EntryPoint
0x278b

InitializedDataSize
23552

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 04da95ce68e81c53812699ea552c6a43
SHA1 92c7e548884d882bd6920ecbc22086316d681ed6
SHA256 179aa7250870f8103b98b7982c9af7491057d6c2925198e6ff7ded844490994a
ssdeep
768:fLL/Gr+H+2S0BWPeAzoHb3G4TKefqR3pDGcfvF3qRkwPW7D9FxnwY5USe:fLLBS0BgkLnu3FGc12kEK9FxR5UB

authentihash 3408156d072c3e41a82ac84c76fd9022defa75a86c3be754f92cc6bab579800a
imphash be22d397fa000a0ee4ed50976f230c98
File size 62.0 KB ( 63488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (50.8%)
Windows screen saver (21.3%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe cve-2018-8120 exploit

VirusTotal metadata
First submission 2018-05-15 21:55:58 UTC ( 1 week ago )
Last submission 2018-05-21 10:22:54 UTC ( 2 days, 2 hours ago )
File names virustotal-submit-pipe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs