× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e3b7d9029301d972c5e025a6b1752b99c46eb842c1305383a00dcfd96e16714
File name: .
Detection ratio: 42 / 70
Analysis date: 2019-02-11 17:22:06 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190207
Ad-Aware Trojan.GenericKDZ.51306 20190211
ALYac Trojan.GenericKDZ.51306 20190211
Antiy-AVL Trojan/MSIL.Ribaj.a 20190211
Arcabit Trojan.Generic.DC86A 20190210
Avast Win32:MalwareX-gen [Trj] 20190211
AVG Win32:MalwareX-gen [Trj] 20190211
Avira (no cloud) TR/Dropper.Gen 20190211
BitDefender Trojan.GenericKDZ.51306 20190211
ClamAV Win.Packed.Generickdz-6838244-0 20190211
Comodo Virus.MSIL.Ribaj.F@7oybry 20190211
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.a17f73 20190109
Cylance Unsafe 20190211
DrWeb MSIL.Cola.1 20190211
Emsisoft Trojan.GenericKDZ.51306 (B) 20190211
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Ribaj.D 20190211
F-Secure Trojan.TR/Dropper.Gen 20190211
Fortinet MSIL/Ribaj.D 20190211
GData Trojan.GenericKDZ.51306 20190211
Ikarus Virus.MSIL.Ribaj 20190211
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00544e311 ) 20190211
K7GW Trojan ( 00544e311 ) 20190211
Kaspersky HEUR:Virus.MSIL.Lamer.gen 20190211
MAX malware (ai score=87) 20190211
McAfee GenericRXAO-XB!6465B24A17F7 20190211
McAfee-GW-Edition BehavesLike.Win32.Generic.ft 20190211
Microsoft VirTool:MSIL/CryptInject.YA!MTB 20190211
eScan Trojan.GenericKDZ.51306 20190211
NANO-Antivirus Trojan.Win32.Kazy.elhoip 20190211
Qihoo-360 QVM41.1.Malware.Gen 20190211
Rising Trojan.MSIL/Ribaj!1.B577 (CLASSIC) 20190211
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/MSIL-LKP 20190211
Symantec ML.Attribute.HighConfidence 20190211
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R002C0CAA19 20190211
TrendMicro-HouseCall TROJ_GEN.R002C0CAA19 20190211
Yandex Trojan.DR.Agent!1dvZ1AK3xPA 20190210
ZoneAlarm by Check Point HEUR:Virus.MSIL.Lamer.gen 20190211
AegisLab 20190211
AhnLab-V3 20190211
Alibaba 20180921
Avast-Mobile 20190211
Babable 20180917
Baidu 20190201
Bkav 20190201
CAT-QuickHeal 20190210
CMC 20190211
Cyren 20190211
eGambit 20190211
F-Prot 20190211
Jiangmin 20190211
Kingsoft 20190211
Malwarebytes 20190211
Palo Alto Networks (Known Signatures) 20190211
Panda 20190211
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190206
TACHYON 20190210
Tencent 20190211
TheHacker 20190203
TotalDefense 20190210
Trustlook 20190211
VBA32 20190211
ViRobot 20190211
Webroot 20190211
Zillya 20190211
Zoner 20190211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name x1658y.exe
Internal name x1658y.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-11 13:34:57
Entry Point 0x0007E13E
Number of sections 3
.NET details
Module Version ID 5bffcea8-d459-41b1-894c-d1d2bdee6943
PE sections
Overlays
MD5 eee383fa666aed2114e0b3cd670862cc
File type MS Windows PE
Offset 524288
Size 503812
Entropy 5.85
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
8192

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
x1658y.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2019:02:11 05:34:57-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
x1658y.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
512000

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x7e13e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 6465b24a17f73076c1e7e5a73ef56577
SHA1 0211d38075a4f99d835a5e3c20d53da409fb40a0
SHA256 2e3b7d9029301d972c5e025a6b1752b99c46eb842c1305383a00dcfd96e16714
ssdeep
12288:rRrwVu0jp2tzJdN81MJMddwjA0D0af2iFgKrqEy1:rRrwVu0czJdN81MJMddcA0D2itrqE+

authentihash 7c37f5ed7de0f893a59e5fff4a75ae74e59411a139fdd456ba5c74484b0f032c
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1004.0 KB ( 1028100 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Windows ActiveX control (41.4%)
Generic CIL Executable (.NET, Mono, etc.) (26.0%)
Win32 Executable MS Visual C++ (generic) (11.1%)
Win64 Executable (generic) (9.8%)
Windows screen saver (4.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2019-02-11 17:22:06 UTC ( 2 months, 1 week ago )
Last submission 2019-02-11 17:22:06 UTC ( 2 months, 1 week ago )
File names x1658y.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!