× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2200db35ec3ddd8af8396563dd742fef317c418109348132f85017ec4ef973d4
File name: RSLaunch.exe
Detection ratio: 28 / 64
Analysis date: 2018-11-06 22:26:53 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.419633 20181106
ALYac Gen:Variant.Razy.419633 20181106
Arcabit Trojan.Razy.D66731 20181106
Avast Win32:CrypterX-gen [Trj] 20181106
AVG Win32:CrypterX-gen [Trj] 20181106
BitDefender Gen:Variant.Razy.419633 20181106
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.691458 20180225
Cylance Unsafe 20181106
DrWeb Trojan.DownLoader19.14585 20181106
Emsisoft Gen:Variant.Razy.419633 (B) 20181106
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Kryptik.PFW 20181106
F-Secure Gen:Variant.Razy.419633 20181106
Fortinet MSIL/Generic.AP.154D64C!tr 20181106
GData Gen:Variant.Razy.419633 20181106
Sophos ML heuristic 20180717
Jiangmin Trojan.MSIL.kmqr 20181106
Kaspersky HEUR:Trojan.MSIL.Crypt.gen 20181106
MAX malware (ai score=83) 20181106
McAfee GenericRXGO-GZ!04E164E69145 20181106
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20181106
eScan Gen:Variant.Razy.419633 20181106
Panda Trj/GdSda.A 20181106
Qihoo-360 HEUR/QVM03.0.088F.Malware.Gen 20181106
Rising Trojan.Crypt!8.2E3 (TFE:dGZlOgwwDOLirFJWMQ) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Crypt.gen 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
Antiy-AVL 20181106
Avast-Mobile 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
Bkav 20181106
CAT-QuickHeal 20181105
ClamAV 20181106
CMC 20181106
Cyren 20181106
eGambit 20181106
F-Prot 20181106
Ikarus 20181106
K7AntiVirus 20181106
K7GW 20181106
Kingsoft 20181106
Malwarebytes 20181106
Microsoft 20181106
NANO-Antivirus 20181106
Palo Alto Networks (Known Signatures) 20181106
Sophos AV 20181106
SUPERAntiSpyware 20181031
Symantec 20181106
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
Trustlook 20181106
VBA32 20181106
VIPRE 20181106
ViRobot 20181106
Webroot 20181106
Yandex 20181106
Zillya 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright XerMonitor 2018

Product XerMonitor
Original name XerMonitor.exe
Internal name XerMonitor.exe
File version 1.0.0.0
Description XerMonitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-24 00:36:45
Entry Point 0x00089A4E
Number of sections 3
.NET details
Module Version ID c267d6e2-3eef-457c-aa2c-ee673947fe3c
TypeLib ID 9be11231-d14a-49a0-ae2c-e6118c4fd968
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
XerMonitor

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
210944

EntryPoint
0x89a4e

OriginalFileName
XerMonitor.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright XerMonitor 2018

FileVersion
1.0.0.0

TimeStamp
2018:10:24 01:36:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XerMonitor.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
556032

ProductName
XerMonitor

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 04e164e69145888d272ac045357c7912
SHA1 dd06809d2cd2e3c327d2bab490c5cd49f1af39fb
SHA256 2200db35ec3ddd8af8396563dd742fef317c418109348132f85017ec4ef973d4
ssdeep
12288:26QGBrIoowvKdF6ORRyxe9NvA1rIsLnkL22WejfAmbMVXWdT2F3SAwDWaqDeAZ7G:xQC/LKbfaGGIsL2WUtVTgCAFg/Q2sS

authentihash f0406a0adf79d9dca93fbc3d9014cbdd4fa15404d5c8e7d65e8143014499f840
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 749.5 KB ( 767488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-11-06 22:26:53 UTC ( 4 months, 1 week ago )
Last submission 2018-11-06 22:26:53 UTC ( 4 months, 1 week ago )
File names XerMonitor.exe
RSLaunch.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!