× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d2af17c1eef5d884d4fbc0c789aae86dfe2b0fe0bae00dc6932f8b57860ffba
File name: 2015-11-11-RIG-EK-Payload.exe
Detection ratio: 18 / 54
Analysis date: 2015-11-12 00:07:01 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.ZBot 20151111
Arcabit Trojan.Dropper.XSJ 20151111
Avast Win32:Malware-gen 20151111
AVG Generic_r.GHB 20151111
AVware Trojan.Win32.Generic!BT 20151111
BitDefender Trojan.Dropper.XSJ 20151111
Bkav HW32.Packed.BF8A 20151110
Emsisoft Trojan.Dropper.XSJ (B) 20151111
ESET-NOD32 a variant of Win32/Injector.CMEZ 20151112
F-Secure Trojan.Dropper.XSJ 20151111
GData Trojan.Dropper.XSJ 20151111
K7GW Trojan ( 700001211 ) 20151111
Malwarebytes Trojan.InfoStealer 20151111
eScan Trojan.Dropper.XSJ 20151112
Qihoo-360 QVM20.1.Malware.Gen 20151112
Sophos Mal/Zbot-UH 20151112
Symantec Infostealer 20151111
VIPRE Trojan.Win32.Generic!BT 20151111
AegisLab 20151111
Yandex 20151111
Alibaba 20151111
ALYac 20151111
Antiy-AVL 20151111
Avira (no cloud) 20151111
Baidu-International 20151111
ByteHero 20151112
CAT-QuickHeal 20151110
ClamAV 20151111
CMC 20151109
Comodo 20151111
Cyren 20151111
DrWeb 20151111
F-Prot 20151111
Fortinet 20151111
Ikarus 20151111
Jiangmin 20151111
K7AntiVirus 20151111
Kaspersky 20151111
McAfee 20151111
McAfee-GW-Edition 20151112
Microsoft 20151112
NANO-Antivirus 20151112
nProtect 20151111
Panda 20151111
Rising 20151111
SUPERAntiSpyware 20151111
Tencent 20151112
TheHacker 20151110
TrendMicro 20151111
TrendMicro-HouseCall 20151111
VBA32 20151111
ViRobot 20151111
Zillya 20151111
Zoner 20151111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2011

Product test
Original name test.EXE
Internal name test
File version 1, 0, 0, 1
Description test?Micr?soft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 09:29:35
Entry Point 0x00001BDF
Number of sections 4
PE sections
Overlays
MD5 f91d8b6c109f36e8267e3515cdcbada1
File type data
Offset 23040
Size 58370
Entropy 7.72
Number of PE resources by type
RT_STRING 10
RT_DIALOG 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French (Canadian)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
20480

EntryPoint
0x1bdf

OriginalFileName
test.EXE

MIMEType
application/octet-stream

LegalCopyright
(C) 2011

FileVersion
1, 0, 0, 1

TimeStamp
2016:04:02 10:29:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
test

ProductVersion
1, 0, 0, 1

FileDescription
test Micr soft

OSVersion
4.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

ProductName
test

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c0d1c2988c244ddb98505bbf2ba451e9
SHA1 f71a00e40061a1f9c495a980f3dfdd9339840975
SHA256 1d2af17c1eef5d884d4fbc0c789aae86dfe2b0fe0bae00dc6932f8b57860ffba
ssdeep
1536:a6MbaD2RC4j3mFYOj8EVYBC0FCFIqmyDEPsYwRAvMMvtu2u4t4H:a6bimYOjZaaBwwRApFO4uH

authentihash 392d02697320fa4023fdee5d1a2048de375748652c14e476707140025f8e7384
File size 79.5 KB ( 81410 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-12 00:07:01 UTC ( 1 year, 6 months ago )
Last submission 2015-11-12 00:07:01 UTC ( 1 year, 6 months ago )
File names test
2015-11-11-RIG-EK-Payload.exe
test.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!