× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fc2354d39643163cdf9db2c8859cddf7f92710495b66c9297f53a36a0f0a95f
File name: 287782734f94678617b7028b029320ab.vir
Detection ratio: 51 / 67
Analysis date: 2018-10-25 21:44:26 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31031191 20181025
AegisLab Trojan.MSIL.Generic.4!c 20181025
AhnLab-V3 Trojan/Win32.MSIL.C2589088 20181025
ALYac Trojan.GenericKD.31031191 20181025
Antiy-AVL Trojan/MSIL.Agent 20181025
Arcabit Trojan.Generic.D1D97F97 20181025
Avast Win32:Malware-gen 20181025
AVG Win32:Malware-gen 20181025
Avira (no cloud) TR/Dropper.Gen 20181025
BitDefender Trojan.GenericKD.31031191 20181025
CAT-QuickHeal TrojanDownloader.Dofoil 20181025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.a37eb9 20180225
Cylance Unsafe 20181025
Cyren W32/Ransom.AY.gen!Eldorado 20181025
DrWeb Trojan.Inject1.54688 20181025
Emsisoft Trojan.GenericKD.31031191 (B) 20181025
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Injector.TSV 20181025
F-Prot W32/Ransom.AY.gen!Eldorado 20181025
F-Secure Trojan.GenericKD.31031191 20181022
Fortinet MSIL/GenKryptik.BLNS!tr 20181025
GData Trojan.GenericKD.31031191 20181025
Ikarus Trojan.MSIL.Injector 20181025
Sophos ML heuristic 20180717
Jiangmin Trojan.Generic.chtqt 20181025
K7AntiVirus Trojan ( 005361111 ) 20181025
K7GW Trojan ( 005361111 ) 20181025
Kaspersky HEUR:Trojan.MSIL.Agent.gen 20181025
MAX malware (ai score=95) 20181025
McAfee Trojan-FGZT!287782734F94 20181025
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20181025
Microsoft TrojanDownloader:Win32/Dofoil.AC 20181025
eScan Trojan.GenericKD.31031191 20181025
NANO-Antivirus Trojan.Win32.Inject1.feqjla 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Panda Trj/GdSda.A 20181025
Qihoo-360 HEUR/QVM03.0.2A1F.Malware.Gen 20181025
Rising Dropper.Generic!8.35E (CLOUD) 20181025
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181025
Symantec ML.Attribute.HighConfidence 20181025
Tencent Msil.Trojan.Agent.Hrpf 20181025
TrendMicro TROJ_FRS.VSN07G18 20181025
TrendMicro-HouseCall TROJ_FRS.VSN07G18 20181025
VBA32 TScope.Trojan.MSIL 20181025
VIPRE Win32.Malware!Drop 20181025
Webroot Trojan.Msil.Coinminer.Gen 20181025
Yandex Trojan.Agent!J5Foq37bthI 20181025
Zillya Trojan.Agent.Win32.905295 20181024
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Agent.gen 20181025
Alibaba 20180921
Avast-Mobile 20181025
Babable 20180918
Baidu 20181024
Bkav 20181025
ClamAV 20181024
CMC 20181025
eGambit 20181025
Kingsoft 20181025
Malwarebytes 20181025
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
TACHYON 20181025
TheHacker 20181024
TotalDefense 20181025
ViRobot 20181025
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name bnm.exe
Internal name bnm.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-29 04:24:44
Entry Point 0x0004C35E
Number of sections 3
.NET details
Module Version ID 579f874d-e4b7-4077-a3d2-e39b9c4d88be
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 309248
Size 512
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x4c35e

OriginalFileName
bnm.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:06:29 06:24:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
bnm.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
304128

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 287782734f94678617b7028b029320ab
SHA1 65a981aa37eb961d93a90cefcf90560b30137aa4
SHA256 1fc2354d39643163cdf9db2c8859cddf7f92710495b66c9297f53a36a0f0a95f
ssdeep
6144:0sfrsfhibr/SguQAsJ1/y3UN8Xu8D5N1QSrziG0eXm7:lsfSSgUKNSvQWhm

authentihash 00f46b6265faf4d951d2849d604ccfe7e5e0c1ba16a37032f79d88c62df6a4cc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 302.5 KB ( 309760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-06-30 04:51:26 UTC ( 8 months, 3 weeks ago )
Last submission 2019-01-22 07:23:08 UTC ( 2 months ago )
File names image.exe
287782734f94678617b7028b029320ab.vir
bnm.exe
287782734f94678617b7028b029320ab
287782734f94678617b7028b029320ab
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!