× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 26db50cd3c58ebbf9fa9fe25a76478541dae5595387c8b8fcb54d30ba4002da5
File name: 26DB50CD3C58EBBF9FA9FE25A76478541DAE5595387C8B8FCB54D30BA4002DA5
Detection ratio: 29 / 71
Analysis date: 2019-01-21 04:26:11 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Gen:Variant.Razy.453250 20190121
ALYac Gen:Variant.Razy.453250 20190121
Arcabit Trojan.Razy.D6EA82 20190121
BitDefender Gen:Variant.Razy.453250 20190121
Cybereason malicious.1113e1 20190109
Cylance Unsafe 20190121
Cyren W32/MSIL_Kryptik.BT.gen!Eldorado 20190121
Emsisoft Gen:Variant.Razy.453250 (B) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Kryptik.QPE 20190120
F-Prot W32/MSIL_Kryptik.BT.gen!Eldorado 20190121
F-Secure Gen:Variant.Razy.453250 20190121
Fortinet MSIL/Kryptik.QOG!tr 20190121
GData Gen:Variant.Razy.453250 20190121
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190121
Malwarebytes Spyware.PasswordStealer.MSIL.Generic 20190121
McAfee Packed-FPW!2AEF2B61DA71 20190121
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190121
eScan Gen:Variant.Razy.453250 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Qihoo-360 HEUR/QVM03.0.B00C.Malware.Gen 20190121
Rising Trojan.NanoBot!8.80F2 (TFE:dGZlOg2XMMZAEUsMcQ) 20190121
SentinelOne (Static ML) static engine - malicious 20190118
Symantec ML.Attribute.HighConfidence 20190120
Trapmine malicious.high.ml.score 20190103
TrendMicro-HouseCall TROJ_GEN.R020H0CAK19 20190121
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190121
AegisLab 20190121
AhnLab-V3 20190120
Alibaba 20180921
Antiy-AVL 20190121
Avast 20190121
Avast-Mobile 20190118
AVG 20190121
Avira (no cloud) 20190120
AVware 20180925
Baidu 20190118
Bkav 20190119
CAT-QuickHeal 20190120
ClamAV 20190121
CMC 20190120
Comodo 20190121
CrowdStrike Falcon (ML) 20181023
DrWeb 20190121
eGambit 20190121
Ikarus 20190120
Jiangmin 20190121
K7AntiVirus 20190121
K7GW 20190120
Kingsoft 20190121
MAX 20190121
Microsoft 20190121
NANO-Antivirus 20190121
Panda 20190120
Sophos AV 20190121
SUPERAntiSpyware 20190116
TACHYON 20190121
Tencent 20190121
TheHacker 20190118
TotalDefense 20190120
TrendMicro 20190121
Trustlook 20190125
VBA32 20190118
VIPRE 20190120
ViRobot 20190120
Webroot 20190121
Yandex 20190120
Zillya 20190118
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 Provident Financial Group

Product Complete capacity lifecycle management for your virtual infrastructure
Original name barry.exe
Internal name barry.exe
File version 13.13.26.1
Description Complete capacity lifecycle management for your virtual infrastructure
Comments azeceyokepik
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1977-04-17 00:55:57
Entry Point 0x0005C31E
Number of sections 3
.NET details
Module Version ID 637deac2-dd45-435f-af82-c214862cdfdd
TypeLib ID 0bad5d24-8a00-4338-aaf1-ef82319e4f5b
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
azeceyokepik

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.13.26.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Complete capacity lifecycle management for your virtual infrastructure

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x5c31e

OriginalFileName
barry.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Provident Financial Group

FileVersion
13.13.26.1

TimeStamp
1977:04:17 01:55:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
barry.exe

ProductVersion
13.13.26.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Provident Financial Group

CodeSize
369664

ProductName
Complete capacity lifecycle management for your virtual infrastructure

ProductVersionNumber
13.13.26.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 2aef2b61da71e81073574e7779b0087d
SHA1 e3660e11113e1de734b5cb43964c4fd22c9e98a1
SHA256 26db50cd3c58ebbf9fa9fe25a76478541dae5595387c8b8fcb54d30ba4002da5
ssdeep
6144:wSAn04+Kvt/HmSokpp45cp+LX7upz92yjRI+hShLpwAElA704:taBmSZ4AWmzEw0pwAE

authentihash 48605778c9b41e028eca4d1525396a9387c7cf6d13c71cf21046c5a912b47e2f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 364.0 KB ( 372736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2019-01-21 04:25:07 UTC ( 4 months ago )
Last submission 2019-01-23 12:00:18 UTC ( 3 months, 4 weeks ago )
File names output.114998681.txt
barry.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!