× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ee73d549c83486af46254f702470fa205b2e31e573573e871bd644b0cf22ce7
File name: 301832.exe
Detection ratio: 13 / 56
Analysis date: 2016-12-24 16:31:03 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.GenericKD.mnwP 20161224
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20161207
Cyren W32/MSIL_Troj.DL.gen!Eldorado 20161224
ESET-NOD32 a variant of MSIL/Injector.HHP 20161224
F-Prot W32/MSIL_Troj.DL.gen!Eldorado 20161224
Ikarus Trojan.Msil 20161224
Sophos ML backdoor.msil.bladabindi.g 20161216
Kaspersky UDS:DangerousObject.Multi.Generic 20161224
McAfee Artemis!D871CC36973C 20161224
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cm 20161224
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20161224
Sophos AV Troj/MSIL-ILJ 20161224
Symantec Heur.AdvML.B 20161224
Ad-Aware 20161224
AhnLab-V3 20161224
Alibaba 20161223
ALYac 20161224
Antiy-AVL 20161224
Arcabit 20161224
Avast 20161224
AVG 20161224
Avira (no cloud) 20161224
AVware 20161224
BitDefender 20161224
Bkav 20161224
CAT-QuickHeal 20161224
ClamAV 20161224
CMC 20161224
Comodo 20161224
CrowdStrike Falcon (ML) 20161024
DrWeb 20161224
Emsisoft 20161224
F-Secure 20161224
Fortinet 20161224
GData 20161224
Jiangmin 20161224
K7AntiVirus 20161224
K7GW 20161224
Kingsoft 20161224
Malwarebytes 20161224
Microsoft 20161224
eScan 20161224
NANO-Antivirus 20161224
nProtect 20161224
Panda 20161224
Rising 20161224
SUPERAntiSpyware 20161223
Tencent 20161224
TheHacker 20161222
TotalDefense 20161224
TrendMicro 20161224
TrendMicro-HouseCall 20161224
Trustlook 20161224
VBA32 20161223
VIPRE 20161224
ViRobot 20161224
WhiteArmor 20161221
Yandex 20161223
Zillya 20161223
Zoner 20161224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product Dz4ever
Original name Dz4ever.exe
Internal name Dz4ever.exe
File version 1.0.0.0
Description Dz4ever
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-24 14:28:54
Entry Point 0x000223DE
Number of sections 3
.NET details
Module Version ID 80248355-307b-4819-9eb7-0ba8fc822e41
TypeLib ID f54983d3-d90e-436c-ab50-21d0a0a8d87a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3584

EntryPoint
0x223de

OriginalFileName
Dz4ever.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:12:24 15:28:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dz4ever.exe

ProductVersion
1.0.0.0

FileDescription
Dz4ever

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
132096

ProductName
Dz4ever

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Execution parents
File identification
MD5 d871cc36973c5618d7c09b6039757fb0
SHA1 5c29e5394905770a413672e1db7037d079a699ae
SHA256 1ee73d549c83486af46254f702470fa205b2e31e573573e871bd644b0cf22ce7
ssdeep
3072:e1asdxTvoVnkB/sLmi21Z1mh5UtpWcBkDdYM8AZTPZzD0UvC9u0:UotkB/sLd21OUtpWcsvC

authentihash 2506fdb873d758be067e66f8a7e2ed681211d973e75f789b63a7002e6ce69373
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 133.0 KB ( 136192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.3%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-12-24 16:31:03 UTC ( 2 years, 4 months ago )
Last submission 2016-12-24 16:31:03 UTC ( 2 years, 4 months ago )
File names 301832.exe
Dz4ever.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
TCP connections
UDP communications