× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2dd633cbe3d5f120bca460bcbb16036570453d7bd5d502eb9ce9088208c876a4
File name: tuhnm.exe
Detection ratio: 44 / 68
Analysis date: 2017-11-16 08:23:29 UTC ( 2 days, 20 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12568804 20171116
AegisLab Troj.W32.Generic!c 20171116
AhnLab-V3 Win-Trojan/MSILKrypt03.Exp 20171115
Antiy-AVL Trojan/Win32.AGeneric 20171116
Avast Win32:Malware-gen 20171116
AVG Win32:Malware-gen 20171116
Avira (no cloud) TR/Dropper.MSIL.uytrm 20171116
AVware Trojan.Win32.Generic!BT 20171116
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171116
BitDefender Trojan.GenericKD.12568804 20171116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.d38fe8 20171103
Cylance Unsafe 20171116
Cyren W32/Trojan.UYIR-4105 20171116
DrWeb Trojan.Inject2.62887 20171116
eGambit Unsafe.AI_Score_70% 20171116
Emsisoft Trojan.GenericKD.12568804 (B) 20171116
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/Injector.TDS 20171116
F-Secure Trojan.GenericKD.12568804 20171116
Fortinet MSIL/Injector.TDS!tr 20171116
GData Trojan.GenericKD.12568804 20171116
Ikarus Win32.Outbreak 20171116
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0051be131 ) 20171116
K7GW Trojan ( 0051be131 ) 20171116
Kaspersky HEUR:Trojan.Win32.Generic 20171116
Malwarebytes Spyware.LokiBot 20171116
McAfee GenericRXDE-PD!563C13F3583C 20171116
McAfee-GW-Edition BehavesLike.Win32.Fareit.fc 20171116
Microsoft VirTool:MSIL/Subti.N 20171116
eScan Trojan.GenericKD.12568804 20171116
Palo Alto Networks (Known Signatures) generic.ml 20171116
Panda Trj/GdSda.A 20171115
Qihoo-360 Win32/Trojan.e6d 20171116
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Generic-S 20171116
Symantec Trojan.Gen 20171116
Tencent Win32.Trojan.Generic.Suee 20171116
TrendMicro TROJ_GEN.R011C0DKF17 20171116
TrendMicro-HouseCall TROJ_GEN.R011C0DKF17 20171116
VIPRE Trojan.Win32.Generic!BT 20171116
Yandex Trojan.Agent!SpISqykaV48 20171116
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171116
Alibaba 20170911
ALYac 20171116
Arcabit 20171116
Avast-Mobile 20171116
Bkav 20171116
CAT-QuickHeal 20171116
ClamAV 20171115
CMC 20171109
Comodo 20171116
F-Prot 20171116
Jiangmin 20171116
Kingsoft 20171116
MAX 20171116
NANO-Antivirus 20171116
nProtect 20171116
Rising 20171116
SUPERAntiSpyware 20171116
Symantec Mobile Insight 20171116
TheHacker 20171112
TotalDefense 20171116
Trustlook 20171116
VBA32 20171116
ViRobot 20171116
Webroot 20171116
WhiteArmor 20171104
Zillya 20171115
Zoner 20171116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name tuhnm.exe
Internal name tuhnm.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-13 21:12:03
Entry Point 0x0006147E
Number of sections 3
.NET details
Module Version ID 4c21b340-3e33-4945-874d-eb5167b42d29
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x6147e

OriginalFileName
tuhnm.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:11:13 22:12:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tuhnm.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
390656

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 563c13f3583c39ae81f93839bcf95596
SHA1 febbb3bd38fe81886a07721016e0712aa5a05b23
SHA256 2dd633cbe3d5f120bca460bcbb16036570453d7bd5d502eb9ce9088208c876a4
ssdeep
6144:2IwuhWV3SdomGPgwFue2TUAHQiFYSpdYzsrtk45X723LJg37umzSDnJzJy1G9gZj:2IwuhqmGPPKnHQiFrnZpreW37gvWG

authentihash e0d2568826451db6c07900970e166ade343d9096a7f637c67c7bc9c29fc5fcdf
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 383.5 KB ( 392704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-11-14 08:15:43 UTC ( 4 days, 20 hours ago )
Last submission 2017-11-16 08:23:29 UTC ( 2 days, 20 hours ago )
File names 2DD633CBE3D5F120BCA460BCBB16036570453D7BD5D502EB9CE9088208C876A4
tuhnm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications