× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20c5d6e3f55eb1a5e0ab1867edb3ed590648088bb56b1a7009fc14e354ff0625
File name: 1vo7ca1TzlrGzSMjXgNe.exe
Detection ratio: 47 / 57
Analysis date: 2016-12-22 13:16:09 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.120509 20161222
AegisLab Troj.W32.Generic!c 20161222
AhnLab-V3 Win-Trojan/MDA.630F094C 20161222
ALYac Gen:Variant.Zusy.120509 20161222
Antiy-AVL Trojan[Dropper]/Win32.FrauDrop 20161222
Arcabit Trojan.Zusy.D1D6BD 20161222
Avast MSIL:GenMalicious-BUQ [Trj] 20161222
AVG MSIL6.NGN 20161222
Avira (no cloud) TR/Dropper.MSIL.Gen 20161222
AVware Trojan.Win32.Generic!BT 20161222
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Gen:Variant.Zusy.120509 20161222
CAT-QuickHeal Trojan.Dacic 20161222
ClamAV Win.Trojan.Agent-1241186 20161222
Comodo UnclassifiedMalware 20161222
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.Inject.5077 20161222
Emsisoft Gen:Variant.Zusy.120509 (B) 20161222
ESET-NOD32 MSIL/Bladabindi.BH 20161222
F-Secure Gen:Variant.Zusy.120509 20161222
Fortinet MSIL/Injector.GXJ!tr 20161222
GData Gen:Variant.Zusy.120509 20161222
Ikarus Trojan.MSIL6 20161222
Sophos ML backdoor.msil.bladabindi.an 20161216
Jiangmin TrojanDropper.FrauDrop.svj 20161222
K7AntiVirus Trojan ( 00493a0c1 ) 20161222
K7GW Trojan ( 00493a0c1 ) 20161222
Kaspersky HEUR:Trojan.Win32.Generic 20161222
Malwarebytes Trojan.Agent.MSIL 20161222
McAfee RDN/Generic Dropper 20161222
McAfee-GW-Edition RDN/Generic Dropper 20161222
Microsoft Trojan:Win32/Dacic.A!rfn 20161222
eScan Gen:Variant.Zusy.120509 20161222
NANO-Antivirus Trojan.Win32.Inject.dpngzd 20161222
Panda Trj/CI.A 20161221
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20161222
Rising Trojan.Generic-sABu4zLtCbH (cloud) 20161222
Sophos AV Mal/Generic-S 20161222
Symantec Heur.AdvML.C 20161222
Tencent Win32.Trojan.Generic.Eeo 20161222
TheHacker Trojan/Bladabindi.bh 20161219
TrendMicro TROJ_GEN.R08NC0DKI16 20161222
TrendMicro-HouseCall TROJ_GEN.R08NC0DKI16 20161222
VBA32 TrojanDropper.FrauDrop 20161222
VIPRE Trojan.Win32.Generic!BT 20161222
Yandex Trojan.Agent!DSzsUrWRA7s 20161221
Zillya Trojan.Bladabindi.Win32.38692 20161220
Alibaba 20161222
Bkav 20161222
CMC 20161222
Cyren 20161222
F-Prot 20161222
Kingsoft 20161222
nProtect 20161222
SUPERAntiSpyware 20161222
TotalDefense 20161222
Trustlook 20161222
ViRobot 20161222
WhiteArmor 20161221
Zoner 20161222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name tee.exe
Internal name tee.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-21 17:55:18
Entry Point 0x0008A89E
Number of sections 3
.NET details
Module Version ID c659710e-a6ab-4fdc-9d53-91c872d4ba88
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
34304

EntryPoint
0x8a89e

OriginalFileName
tee.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2014:12:21 18:55:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tee.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
559616

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 0b0621bcc9a100387849ce1bc56f2da5
SHA1 d21b8958a9616f66c0355373ec89f94eb409a78d
SHA256 20c5d6e3f55eb1a5e0ab1867edb3ed590648088bb56b1a7009fc14e354ff0625
ssdeep
12288:hFwS6tJXYq1KQKUvYJsbgNYRUgGiI5HdShjScdomiT//G2OD:NkJXtKQK+hYh5gfamq2B

authentihash 553ccc5663074b4d0b0d229da3dc66adf3650c5f74250c47f594ed1ca6c96b33
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 580.5 KB ( 594432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-03-25 19:35:22 UTC ( 3 years, 11 months ago )
Last submission 2016-12-22 13:16:09 UTC ( 2 years, 2 months ago )
File names 6e1a6e11f33d6ce42ac115fba22627d8.exe
explorer.exe
tee.exe
explorer.exe
explorer.exe
1vo7ca1TzlrGzSMjXgNe.exe
Explorer.exe
6e1a6e11f33d6ce42ac115fba22627d8.exe
explorer.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0DCV15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!