× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 274828e0694b0538eb14ad060aacbfd82d8dc64143debb4fe817427d239f8791
File name: لدئكظ.exe
Detection ratio: 49 / 67
Analysis date: 2017-12-06 17:29:34 UTC ( 1 week, 2 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.MSILPerseus.7037 20171206
AegisLab Troj.Ransom.W32.Blocker!c 20171206
AhnLab-V3 Malware/Win32.Generic.C1323843 20171206
ALYac Gen:Variant.MSILPerseus.7037 20171206
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20171206
Arcabit Trojan.MSILPerseus.D1B7D 20171206
Avast Win32:Dropper-gen [Drp] 20171206
AVG Win32:Dropper-gen [Drp] 20171206
Avira (no cloud) TR/Dropper.MSIL.198625 20171206
AVware Trojan.Win32.Generic!BT 20171206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171206
BitDefender Gen:Variant.MSILPerseus.7037 20171206
CAT-QuickHeal Backdoor.Noancooe 20171206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171206
DrWeb Trojan.Starter.2890 20171206
Emsisoft Gen:Variant.MSILPerseus.7037 (B) 20171206
Endgame malicious (high confidence) 20171130
ESET-NOD32 MSIL/NanoCore.E 20171206
F-Secure Gen:Variant.MSILPerseus.7037 20171206
Fortinet MSIL/Injector.NII!tr 20171206
GData Gen:Variant.MSILPerseus.7037 20171206
Ikarus Trojan.MSIL.NanoCore 20171206
Jiangmin Trojan.Blocker.avl 20171206
K7AntiVirus Trojan ( 700000121 ) 20171205
K7GW Trojan ( 700000121 ) 20171206
Kaspersky HEUR:Trojan.Win32.Generic 20171206
MAX malware (ai score=87) 20171206
McAfee Artemis!BC9CBAE942A8 20171206
McAfee-GW-Edition Artemis!Trojan 20171206
eScan Gen:Variant.MSILPerseus.7037 20171206
NANO-Antivirus Trojan.Win32.Starter.dzjioc 20171206
nProtect Trojan/W32.Blocker.467678 20171206
Palo Alto Networks (Known Signatures) generic.ml 20171206
Panda Trj/GdSda.A 20171206
Qihoo-360 Win32/Trojan.Dropper.72a 20171206
Sophos AV Mal/Generic-S 20171206
Symantec Trojan.Gen 20171206
Tencent Win32.Trojan.Generic.Pika 20171206
TrendMicro TROJ_GEN.R002C0WKP17 20171206
TrendMicro-HouseCall TROJ_GEN.R002C0WKP17 20171206
VBA32 Hoax.Blocker 20171206
VIPRE Trojan.Win32.Generic!BT 20171206
ViRobot Trojan.Win32.S.Agent.467678 20171206
Webroot Trojan.Dropper.Gen 20171206
Yandex Trojan.Blocker!Ojj3Dm/UIQc 20171205
Zillya Trojan.Bladabindi.Win32.63820 20171206
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171206
Alibaba 20171206
Avast-Mobile 20171206
Bkav 20171206
ClamAV 20171206
CMC 20171206
Comodo 20171206
Cyren 20171206
eGambit 20171206
F-Prot 20171206
Sophos ML 20170914
Kingsoft 20171206
Malwarebytes 20171206
Microsoft 20171206
Rising 20171206
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171206
Symantec Mobile Insight 20171206
TheHacker 20171205
Trustlook 20171206
WhiteArmor 20171204
Zoner 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name لدئكظ.exe
Internal name لدئكظ.exe
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-22 15:58:30
Entry Point 0x0002D62A
Number of sections 3
.NET details
Module Version ID 0382d591-998b-4011-bf75-3579f4857891
TypeLib ID 84285bfe-1796-4503-9833-db4c79b4d2f2
PE sections
Overlays
MD5 d4466add45efe2d423c0f3dd5e678793
File type ASCII text
Offset 190464
Size 277214
Entropy 6.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
48.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11776

EntryPoint
0x2d62a

OriginalFileName
.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2015:12:22 16:58:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
178176

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 bc9cbae942a88a95182e68f88b459c7e
SHA1 60933f47e6a2979b0100d2dd7824a6e43bc3bc38
SHA256 274828e0694b0538eb14ad060aacbfd82d8dc64143debb4fe817427d239f8791
ssdeep
6144:dF2dRjktkbbklxFC+w84GWbCJXIYvd9GbF/5zFep7POXc5kr3P5qyyn:ddkbbkFCD8Ob+Ia0bF/5xymM2tO

authentihash 73d22eb3084b3cd057bac6c6c9e313bb55f757d5e47a09f07a047c2aace64f30
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 456.7 KB ( 467678 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.3%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2015-12-24 08:47:12 UTC ( 1 year, 11 months ago )
Last submission 2017-12-06 17:29:34 UTC ( 1 week, 2 days ago )
File names image_057.scr";filename*=UTF-8''image_057.scr
60933f47e6a2979b0100d2dd7824a6e43bc3bc38.exe
1a.exe
لدئكظ.exe
?????.exe
image_057.scr
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R072C0DLP15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!