× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d10f3cdfdca6b0ea4efeb1a4f38f7c147d77fa1a3608e4d14c108c34ec4d43f
File name: 390e4405d366a8292544200773880e79d8b00295
Detection ratio: 21 / 67
Analysis date: 2017-10-21 21:38:19 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20171021
Avast FileRepMalware 20171021
AVG FileRepMalware 20171021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171020
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171021
Endgame malicious (high confidence) 20171016
ESET-NOD32 Win32/Emotet.AZ 20171021
Fortinet W32/GenKryptik.AVEL!tr 20171021
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171021
McAfee Artemis!404DE55C4A43 20171021
McAfee-GW-Edition BehavesLike.Win32.Ipamor.dt 20171021
Palo Alto Networks (Known Signatures) generic.ml 20171021
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazrBNnqqRqVwuq5S7i+vOBhv) 20171021
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171021
Symantec ML.Attribute.HighConfidence 20171021
TrendMicro-HouseCall Suspicious_GEN.F47V1021 20171021
Webroot W32.Trojan.Gen 20171021
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171021
Ad-Aware 20171021
AhnLab-V3 20171021
Alibaba 20170911
ALYac 20171021
Antiy-AVL 20171021
Arcabit 20171021
Avast-Mobile 20171021
Avira (no cloud) 20171021
AVware 20171021
BitDefender 20171021
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171021
CMC 20171018
Comodo 20171021
Cyren 20171021
DrWeb 20171021
eGambit 20171021
Emsisoft 20171021
F-Prot 20171021
F-Secure 20171021
GData 20171021
Ikarus 20171021
Jiangmin 20171021
K7AntiVirus 20171019
K7GW 20171021
Kingsoft 20171021
Malwarebytes 20171021
MAX 20171021
Microsoft 20171021
eScan 20171021
NANO-Antivirus 20171021
nProtect 20171021
Panda 20171021
Qihoo-360 20171021
SUPERAntiSpyware 20171021
Symantec Mobile Insight 20171011
Tencent 20171021
TheHacker 20171017
TotalDefense 20171021
TrendMicro 20171021
Trustlook 20171021
VBA32 20171020
VIPRE 20171021
ViRobot 20171021
WhiteArmor 20171016
Yandex 20171021
Zillya 20171021
Zoner 20171021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name XCOPY.EXE
Internal name xcopy
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extended Copy Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-22 02:30:26
Entry Point 0x0000101E
Number of sections 8
PE sections
PE imports
OpenSCManagerW
GetMUILanguage
CryptExportPublicKeyInfo
GetUserDefaultUILanguage
GetLastError
GetDriveTypeW
GetConsoleOutputCP
FreeLibrary
GetTimeFormatW
FindNLSString
GlobalUnlock
LoadLibraryA
GetConsoleWindow
ConvertFiberToThread
GetCurrentProcess
LocalAlloc
GetCommandLineW
GlobalLock
FlushProcessWriteBuffers
RaiseException
InterlockedExchange
FindFirstFileW
GetProcAddress
GetOEMCP
LocalFree
GlobalAlloc
SafeArrayCreateVector
SHAppBarMessage
SHGetFolderPathA
DeviceCapabilitiesA
WSAIsBlocking
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
255.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
4294967295

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
26752

EntryPoint
0x101e

OriginalFileName
XCOPY.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:10:22 03:30:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xcopy

ProductVersion
6.1.7600.16385

FileDescription
Extended Copy Utility

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 404de55c4a43dd292434862ec2e1f081
SHA1 390e4405d366a8292544200773880e79d8b00295
SHA256 2d10f3cdfdca6b0ea4efeb1a4f38f7c147d77fa1a3608e4d14c108c34ec4d43f
ssdeep
1536:z1XnzsGVz2HIxppJjdLwXF1us/c79qn38LMuu8:1zsGVz/dj2W9qnpz

authentihash 08d6cd2a44290f1334dc02bfc5fb47e918f85f525a39605259b672fe19e274b8
imphash 511cb20027f36021b7c34423c53a149b
File size 223.5 KB ( 228864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-21 17:43:19 UTC ( 1 year, 1 month ago )
Last submission 2017-11-20 09:35:38 UTC ( 1 year ago )
File names XCOPY.EXE
xcopy
1002-390e4405d366a8292544200773880e79d8b00295
sb12Sg16p75bXBuXMY5.exe
390e4405d366a8292544200773880e79d8b00295
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications