× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25dce7b28ee3a857a5b7be9dca54f8111525bcc7bfc1316b5ee72e990709779c
File name: .
Detection ratio: 43 / 64
Analysis date: 2019-03-03 18:23:11 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Zusy.294328 20190303
AegisLab Trojan.Win32.Vtflooder.lnTD 20190303
AhnLab-V3 Trojan/Win32.Agent.R255238 20190303
ALYac Gen:Variant.Zusy.294328 20190303
Antiy-AVL Trojan[Dropper]/Win32.Agent 20190303
Arcabit Trojan.Zusy.D47DB8 20190303
Avast Win32:Evo-gen [Susp] 20190303
AVG Win32:Evo-gen [Susp] 20190303
Avira (no cloud) TR/Dropper.Gen 20190303
BitDefender Gen:Variant.Zusy.294328 20190303
CAT-QuickHeal Backdoor.Poison.18050 20190303
CMC Virus.Win32.Sality!O 20190303
Comodo TrojWare.Win32.Protux.NAS1@6ldg0s 20190303
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.d7e75c 20190109
Cyren W32/S-c05ff0cd!Eldorado 20190303
DrWeb Trojan.MulDrop8.31902 20190303
Emsisoft Gen:Variant.Zusy.294328 (B) 20190303
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Protux.NAU 20190303
F-Secure Trojan.TR/Dropper.Gen 20190303
Fortinet W32/Generic.AC.43AD2D!tr 20190303
GData Gen:Variant.Zusy.294328 20190303
Ikarus Trojan-PSW.Win32.Steam 20190303
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.Agent.gfww 20190303
K7AntiVirus Trojan ( 0053b1491 ) 20190302
K7GW Trojan ( 0053b1491 ) 20190302
Kaspersky Trojan-Dropper.Win32.Agent.sbra 20190303
MAX malware (ai score=82) 20190303
McAfee-GW-Edition BehavesLike.Win32.Conficker.bc 20190302
Microsoft Backdoor:Win32/Protux.C!bit 20190303
eScan Gen:Variant.Zusy.294328 20190303
NANO-Antivirus Trojan.Win32.Protux.fneszq 20190303
Panda Trj/Genetic.gen 20190302
Qihoo-360 HEUR/QVM18.1.99DD.Malware.Gen 20190303
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190302
Trapmine malicious.high.ml.score 20190228
VBA32 BScope.Trojan.Tiggre 20190301
Yandex Trojan.DR.Agent!YZc9fLTIGVo 20190301
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.sbra 20190303
Alibaba 20180921
Avast-Mobile 20190303
Babable 20180917
Baidu 20190214
ClamAV 20190303
eGambit 20190303
Kingsoft 20190303
Malwarebytes 20190303
McAfee 20190303
Palo Alto Networks (Known Signatures) 20190303
Sophos AV 20190303
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190302
Tencent 20190303
TheHacker 20190224
TotalDefense 20190303
Trustlook 20190303
VIPRE 20190302
ViRobot 20190303
Webroot 20190303
Zoner 20190302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-03 13:48:00
Entry Point 0x00005165
Number of sections 2
PE sections
Overlays
MD5 8744a2f4d1491782bec69add91dc9ef6
File type data
Offset 8704
Size 734850
Entropy 8.00
PE imports
GetProcAddress
GetModuleHandleA
wvnsprintfA
wsprintfA
WinHttpOpen
connect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:04:03 06:48:00-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
5120

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x5165

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4665be73241b1cbfa1843b97b4dddba6
SHA1 c41e290d7e75ccc9c8909ad60b3962e41776a954
SHA256 25dce7b28ee3a857a5b7be9dca54f8111525bcc7bfc1316b5ee72e990709779c
ssdeep
12288:/YXv1xmNIhQsmiDCr+bwGtnJ/gnhNICFxmpeX8SIi53ASHkg6dh:/YXf2IQB6wMntoDDX8/fGkj3

authentihash bb94859ffd6ddf8ca9ec9fcaf8fe195772c0d382f5f8437ac3138344be8ff4ca
imphash ecb7b72622589b1455e030ea6738cfb6
File size 726.1 KB ( 743554 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-03 18:23:11 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-03 18:23:11 UTC ( 1 month, 3 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs