× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a2340abdc54055ce776acbcf2a7ee022fed7b2d2a248138b451733d4ef61b6f
File name: 2a2340abdc54055ce776acbcf2a7ee022fed7b2d2a248138b451733d4ef61b6f
Detection ratio: 30 / 66
Analysis date: 2017-11-29 15:01:02 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Filerepmalware.Gen!c 20171129
AhnLab-V3 Win-Trojan/Emotet3.Exp 20171129
Avast Win32:Malware-gen 20171129
AVG Win32:Malware-gen 20171129
Avira (no cloud) TR/Crypt.ZPACK.nuttz 20171129
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171129
BitDefender Trojan.GenericKD.12636544 20171129
Cybereason malicious.2ba2a2 20171103
Cylance Unsafe 20171129
Emsisoft Trojan.Crypt (A) 20171129
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FZTJ 20171129
Fortinet W32/Kryptik.FZTF!tr 20171129
GData Win32.Trojan-Spy.Emotet.GT 20171129
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171129
Malwarebytes Trojan.Emotet 20171129
MAX malware (ai score=85) 20171129
McAfee Artemis!221CDBE07178 20171129
McAfee-GW-Edition BehavesLike.Win32.BadFile.nc 20171129
eScan Trojan.GenericKD.12636544 20171129
Palo Alto Networks (Known Signatures) generic.ml 20171129
Panda Trj/Genetic.gen 20171129
Qihoo-360 HEUR/QVM20.1.816B.Malware.Gen 20171129
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/EncPk-ANR 20171129
Symantec Trojan.Emotet 20171129
TrendMicro-HouseCall Suspicious_GEN.F47V1129 20171129
Webroot W32.Trojan.Emotet 20171129
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171129
Ad-Aware 20171129
Alibaba 20171129
ALYac 20171129
Arcabit 20171129
Avast-Mobile 20171129
AVware 20171129
Bkav 20171129
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
CrowdStrike Falcon (ML) 20171016
Cyren 20171129
DrWeb 20171129
eGambit 20171129
F-Prot 20171129
F-Secure 20171129
Ikarus 20171129
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kingsoft 20171129
Microsoft 20171129
NANO-Antivirus 20171129
nProtect 20171129
Rising 20171129
SUPERAntiSpyware 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TotalDefense 20171129
TrendMicro 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171129
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2017 SteevensMark

Product Steven Mark Slivader
Original name markst.exe
Internal name markst
File version 15.0.1.0
Description Steven Mark Slivader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-29 16:42:14
Entry Point 0x00001760
Number of sections 5
PE sections
PE imports
CryptFormatObject
PeekNamedPipe
OpenThread
GetThreadPriority
CompareFileTime
GetModuleFileNameW
FileTimeToSystemTime
GetOverlappedResult
GetFileTime
CreateFileW
VirtualQuery
TransactNamedPipe
CloseHandle
lstrcmpiW
GetVersion
GetCurrentThread
RasGetSubEntryPropertiesA
PathIsPrefixW
RegisterClassW
GetInputState
wsprintfW
AddPortW
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0x1760

OriginalFileName
markst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2017 SteevensMark

FileVersion
15.0.1.0

TimeStamp
2017:11:29 17:42:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
markst

ProductVersion
15.0.1.0

FileDescription
Steven Mark Slivader

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SteevensMark

CodeSize
13824

ProductName
Steven Mark Slivader

ProductVersionNumber
10.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 221cdbe0717890df3f5f7a962179cccd
SHA1 14cde172ba2a293a3c8a486d910055f332f58821
SHA256 2a2340abdc54055ce776acbcf2a7ee022fed7b2d2a248138b451733d4ef61b6f
ssdeep
1536:2d5+ejj38tW2n0ARfLUnheUAK2y4nMHbmoYbxraBYar6XKUxkgbANJtq8oqvbiPs:2ae/8WvApUnheE27y5YmYar6XKUxkZNd

authentihash 7b498b032df7148fe669a9ab4071063227c0ed542a384c5812c8380ae6c05e6e
imphash a2a24d47a16c2fdfe3071362012639e9
File size 94.5 KB ( 96768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-29 07:50:42 UTC ( 6 months, 3 weeks ago )
Last submission 2018-05-25 18:03:26 UTC ( 4 weeks, 1 day ago )
File names cartnet.exe
markst.exe
u3y0kDJ0q.exe
markst
nyy.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications