× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25123554b87899455bee60cc9f625c95bf44d87d0e7824c4c7c78e2ee9bbf447
File name: ban.exe
Detection ratio: 22 / 67
Analysis date: 2018-04-24 09:20:47 UTC ( 10 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20180424
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9845 20180424
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cylance Unsafe 20180424
Cyren W32/GenBl.D20E7AA9!Olympus 20180424
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of MSIL/Kryptik.MWY 20180424
Fortinet MSIL/Kryptik.NSD!tr 20180424
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180424
Malwarebytes Trojan.MalPack 20180424
McAfee Artemis!D20E7AA9DBAB 20180424
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180423
Microsoft Trojan:Win32/Cloxer.D!cl 20180424
Palo Alto Networks (Known Signatures) generic.ml 20180424
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Kryptik-BZ 20180424
Symantec Trojan.Gen.2 20180424
TrendMicro TROJ_FRS.VSN18D18 20180424
ViRobot Trojan.Win32.Z.Kryptik.201728.EX 20180424
Webroot W32.Trojan.Gen 20180424
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180424
Ad-Aware 20180424
AhnLab-V3 20180424
Alibaba 20180424
ALYac 20180424
Antiy-AVL 20180418
Arcabit 20180424
Avast 20180424
Avast-Mobile 20180423
AVG 20180424
Avira (no cloud) 20180424
AVware 20180424
Babable 20180406
BitDefender 20180424
Bkav 20180424
CAT-QuickHeal 20180424
ClamAV 20180424
CMC 20180423
Comodo 20180424
Cybereason None
DrWeb 20180424
eGambit 20180424
Emsisoft 20180424
F-Prot 20180424
F-Secure 20180424
GData 20180424
Ikarus 20180424
Jiangmin 20180424
K7AntiVirus 20180424
K7GW 20180424
Kingsoft 20180424
MAX 20180424
eScan 20180424
NANO-Antivirus 20180424
nProtect 20180424
Panda 20180423
Qihoo-360 20180424
Rising 20180424
SUPERAntiSpyware 20180424
Symantec Mobile Insight 20180419
Tencent 20180424
TheHacker 20180423
TotalDefense 20180424
TrendMicro-HouseCall 20180424
Trustlook 20180424
VBA32 20180423
VIPRE 20180424
Yandex 20180424
Zillya 20180423
Zoner 20180424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name oQxRx9T71I7fP7YA.Program.exe
Internal name oQxRx9T71I7fP7YA.Program.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-24 05:44:00
Entry Point 0x00004A7E
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
RT_HTML 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
189952

EntryPoint
0x4a7e

OriginalFileName
oQxRx9T71I7fP7YA.Program.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:04:23 22:44:00-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
oQxRx9T71I7fP7YA.Program.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
11264

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 d20e7aa9dbab236fd8630781f16a4eeb
SHA1 7335c34ccf9e678313d6ef8b59149af9a069f6ef
SHA256 25123554b87899455bee60cc9f625c95bf44d87d0e7824c4c7c78e2ee9bbf447
ssdeep
3072:UnWXOsL8ZQ2BNXkxaw62BNn+taLYJh9f9aGWwdpXfmOQ/HkSvQ:hKQ2BNUx562B4takJHf9aItfm4Sv

authentihash 92383b6459b92ca04129376b47635237b092d40e420f59c96e6b71527ff4c9af
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 197.0 KB ( 201728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-04-24 06:51:41 UTC ( 10 months ago )
Last submission 2018-05-02 20:45:20 UTC ( 9 months, 3 weeks ago )
File names oQxRx9T71I7fP7YA.Program.exe
ban.exe_
ban.exe
output.113176314.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!