× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24ea0426c48020f344496ce2a3ef0033f266b7919dc53b57c182984298c57ab9
File name: Stealer.exe
Detection ratio: 35 / 55
Analysis date: 2014-09-30 14:29:08 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.MSIL.Krypt.5 20140930
AegisLab AdWare.MSIL.Geni 20140930
AhnLab-V3 Trojan/Win32.Golroted 20140930
Avast Win32:Malware-gen 20140930
AVG ILCrypt 20140930
Avira (no cloud) TR/Ransom.243715 20140930
Baidu-International Hacktool.Win32.NetPass.AL 20140930
BitDefender Gen:Heur.MSIL.Krypt.5 20140930
Cyren W32/GenBl.EDDA4635!Olympus 20140930
DrWeb Trojan.PWS.Stealer.13025 20140930
Emsisoft Gen:Heur.MSIL.Krypt.5 (B) 20140930
ESET-NOD32 a variant of MSIL/Autorun.Spy.Agent.AU 20140930
F-Secure Gen:Heur.MSIL.Krypt.5 20140930
Fortinet MSIL/Injector.PE!tr 20140930
GData Gen:Heur.MSIL.Krypt.5 20140930
Ikarus Trojan-Spy.MSIL.Golroted 20140930
Jiangmin Trojan/MSIL.blwy 20140929
Kaspersky not-a-virus:HEUR:Monitor.MSIL.KeyLogger.heur 20140930
Malwarebytes Backdoor.Agent.PDL 20140930
McAfee Artemis!EDDA46353EAC 20140930
McAfee-GW-Edition BehavesLike.Win32.Backdoor.hh 20140929
Microsoft HackTool:Win32/BrowserPassview 20140930
eScan Gen:Heur.MSIL.Krypt.5 20140930
NANO-Antivirus Trojan.Win32.Inject.deaicr 20140930
Norman Injector.gen!r 20140930
Panda Trj/CI.A 20140930
Qihoo-360 Win32/Trojan.895 20140930
Rising PE:Trojan.MSIL.KeyLogger!1.647D 20140930
Sophos AV Mal/MsilKlog-D 20140930
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20140930
Symantec WS.Reputation.1 20140930
Tencent Msil.Worm.Agent.Apda 20140930
TrendMicro TSPY_MSILOG.SM 20140930
TrendMicro-HouseCall TSPY_MSILOG.SM 20140930
VBA32 Trojan.MSIL.Inject 20140930
Yandex 20140930
Antiy-AVL 20140930
AVware 20140930
Bkav 20140930
ByteHero 20140930
CAT-QuickHeal 20140930
ClamAV 20140929
CMC 20140930
Comodo 20140930
F-Prot 20140929
K7AntiVirus 20140930
K7GW 20140930
Kingsoft 20140930
nProtect 20140930
TheHacker 20140929
TotalDefense 20140930
VIPRE 20140930
ViRobot 20140930
Zillya 20140930
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © 2014

Original name Debugger.exe
Internal name Debugger.exe
File version 1.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-20 22:29:08
Entry Point 0x0007EA8E
Number of sections 3
PE sections
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
File identification
MD5 edda46353eacad327a5bd500e835e772
SHA1 8733c65d079361bdf868edb4ccb29aabd6f793a9
SHA256 24ea0426c48020f344496ce2a3ef0033f266b7919dc53b57c182984298c57ab9
ssdeep
6144:0bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9DHI:0QtqB5urTIoYWBQk1E+VF9mOx9k

authentihash f8d4337215f00fb21491724b5fda7143a20b73ffca7f16ced7b3f3409d5fee9f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 502.5 KB ( 514560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (42.5%)
InstallShield setup (25.0%)
Win64 Executable (generic) (16.0%)
Windows Screen Saver (7.6%)
Win32 Dynamic Link Library (generic) (3.8%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-09-25 17:42:33 UTC ( 2 years, 11 months ago )
Last submission 2014-09-30 14:29:08 UTC ( 2 years, 10 months ago )
File names Stealer.exe
Debugger.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections