× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 280eab3053c7da029531c438b453eb57e2f6992ecdcaf84da4560bd67e1eb724
Detection ratio: 37 / 67
Analysis date: 2018-04-22 17:47:48 UTC ( 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30638612 20180422
AegisLab Uds.Dangerousobject.Multi!c 20180422
Arcabit Trojan.Generic.D1D38214 20180422
Avira (no cloud) TR/Dropper.MSIL.Gen 20180422
AVware Trojan.Win32.Generic!BT 20180422
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20180421
BitDefender Trojan.GenericKD.30638612 20180422
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cybereason malicious.9e99a0 20180225
Cylance Unsafe 20180422
Cyren W32/Trojan.LENW-2187 20180422
DrWeb Trojan.PWS.Stealer.23680 20180422
Emsisoft Trojan.GenericKD.30638612 (B) 20180422
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of MSIL/Kryptik.NJW 20180422
F-Secure Trojan.GenericKD.30638612 20180422
Fortinet MSIL/Kryptik.NJW!tr 20180422
GData Trojan.GenericKD.30638612 20180422
Ikarus Trojan.MSIL.Crypt 20180422
Sophos ML heuristic 20180121
K7GW Trojan ( 0052b82f1 ) 20180422
Kaspersky Backdoor.Win32.Androm.pqyb 20180422
Malwarebytes Spyware.LokiBot 20180422
MAX malware (ai score=95) 20180422
McAfee RDN/Generic.grp 20180422
McAfee-GW-Edition BehavesLike.Win32.Trojan.bm 20180422
Microsoft PWS:Win32/Primarypass.A 20180422
eScan Trojan.GenericKD.30638612 20180422
Palo Alto Networks (Known Signatures) generic.ml 20180422
Panda Trj/GdSda.A 20180422
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180422
Symantec Trojan.Gen.2 20180421
TrendMicro-HouseCall TROJ_GEN.R020H0ADL18 20180422
VIPRE Trojan.Win32.Generic!BT 20180422
ViRobot Trojan.Win32.Z.Kryptik.736768 20180422
ZoneAlarm by Check Point Backdoor.Win32.Androm.pqyb 20180422
AhnLab-V3 20180422
Alibaba 20180422
ALYac 20180422
Antiy-AVL 20180418
Avast 20180422
Avast-Mobile 20180422
AVG 20180422
Babable 20180406
Bkav 20180410
CAT-QuickHeal 20180422
ClamAV 20180422
CMC 20180422
Comodo 20180422
eGambit 20180422
F-Prot 20180422
Jiangmin 20180422
K7AntiVirus 20180422
Kingsoft 20180422
NANO-Antivirus 20180422
nProtect 20180422
Qihoo-360 20180422
Rising 20180422
SUPERAntiSpyware 20180422
Symantec Mobile Insight 20180419
Tencent 20180422
TheHacker 20180415
TrendMicro 20180422
Trustlook 20180422
VBA32 20180420
Webroot 20180422
Yandex 20180420
Zillya 20180420
Zoner 20180421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ExpressVPN © 2015, All rights reserved.

Product ExpressVPN
Original name ExpressVpn.exe
Internal name ExpressVpn.exe
File version 6.5.1.3605
Description ExpressVpn
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-12 19:22:52
Entry Point 0x0005AA3E
Number of sections 3
.NET details
Module Version ID 259bb83e-85c0-4a14-a180-ba4baf008da8
TypeLib ID 03226d20-3f21-4d48-8253-b5a36168f5f9
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
372736

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.5.1.3605

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ExpressVpn

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x5aa3e

OriginalFileName
ExpressVpn.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ExpressVPN 2015, All rights reserved.

FileVersion
6.5.1.3605

TimeStamp
2017:07:12 20:22:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ExpressVpn.exe

ProductVersion
6.5.1.3605

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ExpressVPN

CodeSize
363520

ProductName
ExpressVPN

ProductVersionNumber
6.5.1.3605

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
6.5.1.3605

File identification
MD5 17ea5492a8cef847a8c9e5a7193be671
SHA1 0fa31bf9e99a0d98c9df06b4c92bf736780c86a3
SHA256 280eab3053c7da029531c438b453eb57e2f6992ecdcaf84da4560bd67e1eb724
ssdeep
6144:Erbup8b1BwWkOvs6Q4OmUCbql61n+zP0pF11wMb52z:E+pzss/uql+AWz152

authentihash 159d0dc6db76934af516cabd9179ace5e6967ab5382bed5f7b9a06acc4846981
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 719.5 KB ( 736768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-04-21 18:19:07 UTC ( 10 months ago )
Last submission 2018-04-30 23:27:11 UTC ( 9 months, 3 weeks ago )
File names ExpressVpn.exe
output.113049857.txt
adobe.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!