× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20c52aedfe32d4a71bf5e3353cf3999ea95b3a43c7e40c8820b1b7d24b9e6cb5
File name: برنامج الفيش.exe
Detection ratio: 29 / 54
Analysis date: 2014-09-16 05:29:07 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.9256566 20140916
Yandex Trojan.DR.Agent!CXfUrruxe+w 20140915
Antiy-AVL Trojan[Dropper]/MSIL.Agent 20140916
AVG Generic33.BITM 20140916
Avira (no cloud) TR/Drop.MSIL.Agent.akkb 20140916
AVware Trojan.Win32.Generic!BT 20140916
Baidu-International Trojan.MSIL.Dropper.AY 20140915
BitDefender Trojan.Generic.9256566 20140916
Comodo UnclassifiedMalware 20140916
Cyren W32/GenBl.7263E1D8!Olympus 20140916
Emsisoft Trojan.Generic.9256566 (B) 20140916
ESET-NOD32 MSIL/TrojanDropper.Agent.VF 20140916
F-Secure Trojan.Generic.9256566 20140916
Fortinet W32/Agent.AKKB!tr 20140916
GData Trojan.Generic.9256566 20140916
Kaspersky Trojan-Dropper.MSIL.Agent.akkb 20140916
Kingsoft Win32.Troj.Undef.(kcloud) 20140916
McAfee Artemis!7263E1D84B35 20140916
McAfee-GW-Edition Artemis 20140916
eScan Trojan.Generic.9256566 20140916
NANO-Antivirus Trojan.Win32.Agent.bvmgwf 20140916
Norman Troj_Generic.MHKPQ 20140915
nProtect Trojan.Generic.9256566 20140915
Qihoo-360 Win32/Trojan.Dropper.748 20140916
Sophos Mal/Generic-S 20140916
Symantec Trojan.Gen 20140916
Tencent Win32.Trojan.Agent.brih 20140916
VBA32 TrojanDropper.MSIL.Agent 20140915
VIPRE Trojan.Win32.Generic!BT 20140916
AegisLab 20140916
AhnLab-V3 20140916
Avast 20140916
Bkav 20140915
ByteHero 20140916
CAT-QuickHeal 20140916
ClamAV 20140915
CMC 20140916
DrWeb 20140916
F-Prot 20140916
Ikarus 20140916
Jiangmin 20140915
K7AntiVirus 20140915
K7GW 20140915
Malwarebytes 20140916
Microsoft 20140916
Panda 20140915
Rising 20140915
SUPERAntiSpyware 20140916
TheHacker 20140915
TotalDefense 20140915
TrendMicro 20140916
TrendMicro-HouseCall 20140916
ViRobot 20140916
Zillya 20140915
Zoner 20140915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013

Product ??????? ?????
Original name ?????? ?????.exe
Internal name ?????? ?????.exe
File version 1.0.0.0
Description ??????? ?????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-20 14:50:29
Entry Point 0x0086009E
Number of sections 4
.NET details
Module Version ID 308774d8-b1c2-4be2-9e45-3f5ea858e387
TypeLib ID 0c154706-d81a-454e-ad68-1f6b7b8c460e
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
222720

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2013:06:20 15:50:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
8774144

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x86009e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 7263e1d84b350c1465bb4c4c77b1bcec
SHA1 ce970ff16b1bcd77ce789fddb1c2baaf7a7a405d
SHA256 20c52aedfe32d4a71bf5e3353cf3999ea95b3a43c7e40c8820b1b7d24b9e6cb5
ssdeep
196608:wPt56sNaad0DBEMjaCX2MGqMSDumaOI4E5wu:a56sMNibtqMSDYObE5

authentihash 991d5cf19f887a2d29e3254602c569f5881aa44186eed26e5dd8cd02667c9063
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 8.6 MB ( 8997888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2013-06-20 03:57:07 UTC ( 3 years, 11 months ago )
Last submission 2017-03-13 13:04:43 UTC ( 2 months, 2 weeks ago )
File names برنامج الفيش.exe
?????? ?????.exe
vt-upload-Aw0eg
Trojan-Dropper.MSIL.Agent.akkb
.exe
vt-upload-vnI5u
vt-upload-UMmaQ
vt-upload-qUXSn
?????? ?????.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EA516.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!