× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25085ea4997fe39b322a845af97d904aba4750290afca7b0ea7588849fd8febc
File name: nugkezrqontt.exe
Detection ratio: 51 / 68
Analysis date: 2018-07-13 04:07:15 UTC ( 9 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.215005 20180713
AegisLab Troj.W32.Generic!c 20180713
AhnLab-V3 Trojan/Win32.MSILKrypt.C2358962 20180713
ALYac Gen:Variant.Zusy.215005 20180713
Arcabit Trojan.Zusy.D347DD 20180713
Avast Win32:Malware-gen 20180713
AVG Win32:Malware-gen 20180713
Avira (no cloud) BDS/Backdoor.Gen 20180712
AVware Trojan.Win32.Generic!BT 20180713
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9809 20180712
BitDefender Gen:Variant.Zusy.215005 20180713
CAT-QuickHeal Trojan.Generic 20180712
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.f3405b 20180225
Cylance Unsafe 20180713
Cyren W32/Trojan.POPV-4475 20180713
DrWeb Trojan.DownLoader26.43563 20180713
Emsisoft Gen:Variant.Zusy.215005 (B) 20180713
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of MSIL/Packed.MultiPacked.CE 20180713
F-Secure Gen:Variant.Zusy.215005 20180713
Fortinet W32/Generic!tr 20180713
GData Gen:Variant.Zusy.215005 20180713
Ikarus Trojan.MSIL.IRCBot 20180712
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 00517fbc1 ) 20180712
K7GW Trojan ( 00517fbc1 ) 20180712
Kaspersky HEUR:Trojan.Win32.Generic 20180713
Malwarebytes Trojan.Dropper.Generic 20180712
MAX malware (ai score=99) 20180713
McAfee RDN/Generic.dx 20180713
McAfee-GW-Edition BehavesLike.Win32.PUPXEF.jc 20180713
Microsoft Trojan:Win32/Occamy.C 20180713
eScan Gen:Variant.Zusy.215005 20180713
NANO-Antivirus Trojan.Win32.MultiPacked.fbljbw 20180713
Palo Alto Networks (Known Signatures) generic.ml 20180713
Panda Trj/GdSda.A 20180712
Qihoo-360 Win32/Backdoor.50a 20180713
Rising Trojan.Generic!8.C3 (CLOUD) 20180713
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180713
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20180713
Symantec Trojan.Gen.2 20180712
Tencent Win32.Trojan.Generic.Taos 20180713
TrendMicro TROJ_GEN.R038C0WE518 20180713
TrendMicro-HouseCall TROJ_GEN.R038C0WE518 20180713
VIPRE Trojan.Win32.Generic!BT 20180713
ViRobot Trojan.Win32.Z.Zusy.670208.C 20180713
Webroot W32.Malware.gen 20180713
Yandex Trojan.Agent!TkXxsL3iO9g 20180712
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180713
Alibaba 20180712
Antiy-AVL 20180713
Avast-Mobile 20180713
Babable 20180406
Bkav 20180712
ClamAV 20180712
CMC 20180712
Comodo 20180713
eGambit 20180713
F-Prot 20180713
Jiangmin 20180713
Kingsoft 20180713
TACHYON 20180713
TheHacker 20180712
TotalDefense 20180712
Trustlook 20180713
VBA32 20180712
Zillya 20180712
Zoner 20180712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product svchost
Original name svchost.exe
Internal name svchost.exe
File version 1.0.0.0
Description svchost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-03 16:31:07
Entry Point 0x000A4E6E
Number of sections 3
.NET details
Module Version ID 301de89c-9723-4cee-ac34-a16f3f2789fd
TypeLib ID 88b6efb0-83b0-4cbd-a2d9-3a37200bd51b
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2048

ImageVersion
0.0

ProductName
svchost

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
svchost

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
svchost.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2018:05:03 17:31:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
svchost.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
667648

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xa4e6e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 cd66a26f3405bc06199fd24c3b35976f
SHA1 129d53ce8240f43f277f86baba09570a6af92d73
SHA256 25085ea4997fe39b322a845af97d904aba4750290afca7b0ea7588849fd8febc
ssdeep
12288:dVVQqdGcRd5BwMnBrsj8EdT3TPspSfLJ1B66lsC6/AXsA0z6tJ4PiAno84GMq:dVVQqdTrB543T0ADNq

authentihash 88208d186a06635b76510a167b3dbf0502d14f4b4115ae5614f1014c7370e66c
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 654.5 KB ( 670208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-05 18:56:08 UTC ( 11 months, 3 weeks ago )
Last submission 2018-06-19 03:45:15 UTC ( 10 months, 1 week ago )
File names vudaglsuggad.exe
setup.exe
svchost.exe
nugkezrqontt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!