× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 303a8038e7c7ed08c7c6d75f92cdd1ac8cdb07b771fa71c1e68f116f3f2062f0
File name: winhost.exe
Detection ratio: 34 / 67
Analysis date: 2018-01-15 05:56:34 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.7565 20180115
ALYac Gen:Variant.Barys.7565 20180115
Arcabit Trojan.Barys.D1D8D 20180115
Avast Win32:Malware-gen 20180115
AVG Win32:Malware-gen 20180115
Avira (no cloud) TR/Dropper.MSIL.yqogf 20180115
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180115
BitDefender Gen:Variant.Barys.7565 20180115
CAT-QuickHeal Backdoor.Kirts.FC.38 20180113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180115
eGambit Unsafe.AI_Score_64% 20180115
Emsisoft Gen:Variant.Barys.7565 (B) 20180115
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Kryptik.LZU 20180115
F-Secure Gen:Variant.Barys.7565 20180115
Fortinet MSIL/Kryptik.LXI!tr 20180115
GData MSIL.Trojan.Injector.LY 20180115
Sophos ML heuristic 20170914
Kaspersky HEUR:Trojan-Spy.Win32.Generic 20180115
MAX malware (ai score=88) 20180115
McAfee Packed-WA!0B5F532652F3 20180115
McAfee-GW-Edition BehavesLike.Win32.Generic.hc 20180115
Microsoft PWS:Win32/Fareit 20180115
eScan Gen:Variant.Barys.7565 20180115
Panda Trj/GdSda.A 20180114
Qihoo-360 Win32/Trojan.cee 20180115
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/Generic-S 20180115
Symantec Trojan.Gen.2 20180114
TrendMicro-HouseCall TROJ_GEN.R039C0PAD18 20180115
VIPRE Trojan.Win32.Generic!BT 20180115
ZoneAlarm by Check Point HEUR:Trojan-Spy.Win32.Generic 20180115
AegisLab 20180115
AhnLab-V3 20180114
Alibaba 20180114
Antiy-AVL 20180115
Avast-Mobile 20180114
AVware 20180103
Bkav 20180112
ClamAV 20180115
CMC 20180114
Comodo 20180115
Cyren 20180115
DrWeb 20180115
F-Prot 20180115
Ikarus 20180114
Jiangmin 20180115
K7AntiVirus 20180115
K7GW 20180115
Kingsoft 20180115
Malwarebytes 20180115
NANO-Antivirus 20180115
nProtect 20180115
Palo Alto Networks (Known Signatures) 20180115
Rising 20180115
SUPERAntiSpyware 20180115
Symantec Mobile Insight 20180114
Tencent 20180115
TheHacker 20180114
TotalDefense 20180114
Trustlook 20180115
VBA32 20180112
ViRobot 20180115
Webroot 20180115
WhiteArmor 20180110
Yandex 20180112
Zillya 20180112
Zoner 20180115
File identification
MD5 0b5f532652f31e8fd7f5ce1405cc33c5
SHA1 0e0cec3f0e7140f3f9e7f6471631e4cf01f8dddf
SHA256 303a8038e7c7ed08c7c6d75f92cdd1ac8cdb07b771fa71c1e68f116f3f2062f0
ssdeep
12288:fk6Y0I6Nvo8AzFcB7GVwliLINFULFVYuQKRyhchSddLQjwY:c6YiJDAzenrU6hu7

authentihash ff05f2559c06758170fe5815059697bdd08e94a8e35e96f1d9135d2b9976d4ec
File size 555.5 KB ( 568832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-01-15 05:56:34 UTC ( 8 months, 1 week ago )
Last submission 2018-01-15 05:56:34 UTC ( 8 months, 1 week ago )
File names winhost.exe
303a8038e7c7ed08c7c6d75f92cdd1ac8cdb07b771fa71c1e68f116f3f2062f0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections