× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 249fe2f998bdf1cf7e12bca6b9ae6e6e4d50917633af9eb3409fd1318e3b0a63
File name: windowns7.exe
Detection ratio: 47 / 62
Analysis date: 2017-05-11 02:43:47 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.234711 20170511
AegisLab Troj.Msil.Disfa!c 20170511
ALYac Gen:Variant.Zusy.234711 20170511
Antiy-AVL Trojan[Backdoor]/MSIL.Bladabindi 20170511
Arcabit Trojan.Zusy.D394D7 20170511
Avast Win32:Malware-gen 20170511
AVG Generic38.BKUY 20170511
Avira (no cloud) TR/Dropper.Gen 20170511
AVware Trojan.Win32.Generic!BT 20170508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Gen:Variant.Zusy.234711 20170511
CAT-QuickHeal Backdoor.Bladabindi 20170510
Comodo UnclassifiedMalware 20170510
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.RDIX-8527 20170511
DrWeb Trojan.DownLoader24.50521 20170511
Emsisoft Gen:Variant.Zusy.234711 (B) 20170511
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of MSIL/Injector.SCH 20170511
F-Secure Gen:Variant.Zusy.234711 20170511
GData Gen:Variant.Zusy.234711 20170511
Ikarus Trojan.SuspectCRC 20170510
Sophos ML trojan.win32.skeeyah.a!rfn 20170413
K7AntiVirus Trojan ( 004915961 ) 20170510
K7GW Trojan ( 004915961 ) 20170510
Kaspersky Trojan.MSIL.Disfa.lblq 20170510
McAfee RDN/Generic.grp 20170511
McAfee-GW-Edition RDN/Generic.grp 20170510
Microsoft Backdoor:MSIL/Bladabindi 20170511
eScan Gen:Variant.Zusy.234711 20170511
NANO-Antivirus Trojan.Win32.Disfa.eobsba 20170511
Palo Alto Networks (Known Signatures) generic.ml 20170511
Panda Trj/CI.A 20170510
Qihoo-360 Win32/Trojan.Dropper.b73 20170511
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170511
SUPERAntiSpyware Trojan.Agent/Gen-MSFake[Less] 20170510
Symantec Trojan.Gen 20170510
Tencent Msil.Trojan.Disfa.Hnax 20170511
TrendMicro TROJ_GEN.R02KC0CE217 20170511
TrendMicro-HouseCall TROJ_GEN.R02KC0CE217 20170511
VBA32 TScope.Trojan.MSIL 20170510
VIPRE Trojan.Win32.Generic!BT 20170511
ViRobot Trojan.Win32.Z.Zusy.530148[h] 20170510
Webroot W32.Email.Worm.Silly 20170511
Yandex Trojan.DOTHETUK! 20170510
ZoneAlarm by Check Point Trojan.MSIL.Disfa.lblq 20170511
AhnLab-V3 20170510
Alibaba 20170511
Bkav 20170511
ClamAV 20170510
CMC 20170510
F-Prot 20170511
Fortinet 20170511
Jiangmin 20170510
Kingsoft 20170511
Malwarebytes 20170510
nProtect 20170511
Rising None
Symantec Mobile Insight 20170511
TheHacker 20170508
TotalDefense 20170510
Trustlook 20170511
WhiteArmor 20170502
Zillya 20170505
Zoner 20170511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product Microsoft
Original name x.exe
Internal name x.exe
File version 1.0.0.0
Description Microsoft
Comments Microsoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-25 19:00:27
Entry Point 0x000752FE
Number of sections 3
.NET details
Module Version ID 54548390-5833-4204-9c50-17903b5abb69
TypeLib ID a9b87e0f-904d-49d2-a3e2-24a67d67f438
PE sections
Overlays
MD5 bf79d2b4aa720b7da6a25eeff55dcad1
File type data
Offset 486912
Size 43236
Entropy 6.02
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
LegalTrademarks
Microsoft

SubsystemVersion
4.0

Comments
Microsoft

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Microsoft

CharacterSet
Unicode

InitializedDataSize
14336

EntryPoint
0x752fe

OriginalFileName
x.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2017:04:25 20:00:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
x.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
436736

ProductName
Microsoft

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Execution parents
File identification
MD5 230300c10da82231a86af3d5da19c5e9
SHA1 7951c8c0a954c28c47ef311e6c9e9806fe1bef31
SHA256 249fe2f998bdf1cf7e12bca6b9ae6e6e4d50917633af9eb3409fd1318e3b0a63
ssdeep
6144:1LJil2GhN+W1KFANbBLL/nAcMI2QgVEO2secFsZOF:02iN+saANZLtuDeG

authentihash 9f1e40d2163a8ef3a440bcad5d4b6d9c0a493b2944c7497259d09eb38136d7e1
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 517.7 KB ( 530148 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2017-04-28 16:02:39 UTC ( 1 year, 12 months ago )
Last submission 2017-04-28 16:02:39 UTC ( 1 year, 12 months ago )
File names 47218722af6bbe2960523d8a5641ef19.exe
47218722af6bbe2960523d8a5641ef19.exe
windowns7.exe
x.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!