× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17f2abf9e933fcf786ae56e200d8069ea295bd02cf95369fc0f53117bf199bfb
File name: ghost.exe
Detection ratio: 44 / 61
Analysis date: 2017-04-17 15:55:15 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20506702 20170417
AegisLab Troj.W32.Generic!c 20170417
ALYac Trojan.Generic.20506702 20170417
Arcabit Trojan.Generic.D138E84E 20170417
Avast Win32:Malware-gen 20170417
AVG MSIL11.AJRQ 20170417
Avira (no cloud) TR/Dropper.MSIL.llbmk 20170417
AVware Trojan.Win32.Generic!BT 20170417
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170417
BitDefender Trojan.Generic.20506702 20170417
CAT-QuickHeal TrojanPWS.Fareit 20170417
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.SUHV-5430 20170417
DrWeb Trojan.PWS.Stealer.1932 20170417
Emsisoft Trojan.Generic.20506702 (B) 20170417
Endgame malicious (high confidence) 20170413
ESET-NOD32 a variant of MSIL/Injector.RST 20170417
F-Secure Trojan.Generic.20506702 20170417
Fortinet W32/Generic!tr 20170417
GData Trojan.Generic.20506702 20170417
Ikarus Trojan.MSIL.Injector 20170417
Invincea trojan.win32.skeeyah.a!rfn 20170413
Jiangmin Trojan.Generic.aujxy 20170417
K7AntiVirus Trojan ( 005093121 ) 20170417
K7GW Trojan ( 005093121 ) 20170417
Kaspersky HEUR:Trojan.Win32.Generic 20170417
McAfee RDN/Generic.grp 20170417
McAfee-GW-Edition BehavesLike.Win32.Backdoor.hc 20170417
Microsoft PWS:Win32/Fareit.AC 20170417
eScan Trojan.Generic.20506702 20170417
NANO-Antivirus Trojan.Win32.Mlw.emskpk 20170416
Palo Alto Networks (Known Signatures) generic.ml 20170417
Panda Trj/GdSda.A 20170417
Qihoo-360 Win32/Trojan.e6d 20170417
Rising Trojan.Injector!8.C4 (cloud:8e3dP4UpV0R) 20170417
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Mal/Generic-S 20170417
Symantec Trojan.Gen.2 20170417
Tencent Win32.Trojan.Inject.Auto 20170417
TrendMicro TROJ_GEN.R047C0CD217 20170417
TrendMicro-HouseCall TROJ_GEN.R047C0CD217 20170417
VIPRE Trojan.Win32.Generic!BT 20170417
Yandex Trojan.Agent!DxU0yGQ9xDg 20170417
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170417
AhnLab-V3 20170417
Alibaba 20170417
Bkav 20170415
ClamAV 20170417
CMC 20170417
Comodo 20170417
F-Prot 20170417
Kingsoft 20170417
Malwarebytes 20170417
nProtect 20170417
SUPERAntiSpyware 20170417
Symantec Mobile Insight 20170414
TheHacker 20170416
TotalDefense 20170417
Trustlook 20170417
VBA32 20170417
ViRobot 20170417
Webroot 20170417
WhiteArmor 20170409
Zillya 20170414
Zoner 20170417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name ghost.exe
Internal name ghost.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-21 06:55:05
Entry Point 0x0008DB3E
Number of sections 3
.NET details
Module Version ID 355f9f7c-a8b1-4ca3-9590-2a0feb011646
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x8db3e

OriginalFileName
ghost.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:03:21 07:55:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ghost.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
572416

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 f2be9bbe3ce5ac26364f8620ec17c0c2
SHA1 7ef800674d15a0d4b7ee5212f6f021e153a20837
SHA256 17f2abf9e933fcf786ae56e200d8069ea295bd02cf95369fc0f53117bf199bfb
ssdeep
12288:jFoDYD6tVkAJ69sVfOGw065tCcB8x3BQeLcoXYIajI2MoRFsSPhe:pkBnkeEEqgIjeLc0bduFsSPh

authentihash 096ad4d3f183b7681743dd3aa4ded4f43a2c9d4cb5bcb9f4e18cde0613099f1b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 561.0 KB ( 574464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-21 18:48:14 UTC ( 2 months ago )
Last submission 2017-04-17 15:55:15 UTC ( 1 month ago )
File names ghost.exe
PO#21.03.17_pdf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications