× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30e0abaf6c553fd77496cb7465a42650ceb4fbdcde7157204942864ea953afe2
File name: UN-30th.exe
Detection ratio: 43 / 68
Analysis date: 2018-07-11 13:48:05 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.8285 20180711
AhnLab-V3 Trojan/Win32.Crypt.C2425126 20180711
ALYac Gen:Variant.Barys.8285 20180711
Arcabit Trojan.Barys.D205D 20180711
Avast MSIL:Crypt-AAL [Trj] 20180711
AVG MSIL:Crypt-AAL [Trj] 20180711
Avira (no cloud) TR/Dropper.Gen 20180710
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180711
BitDefender Gen:Variant.Barys.8285 20180711
CAT-QuickHeal Backdoor.Androm.FC.738 20180711
ClamAV Win.Dropper.Razy-6519812-0 20180711
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.465280 20180225
Cylance Unsafe 20180711
Cyren W32/Negasteal.A.gen!Eldorado 20180711
DrWeb Trojan.PWS.Stealer.19347 20180711
Emsisoft Gen:Variant.Barys.8285 (B) 20180711
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of MSIL/Spy.Agent.AES 20180711
F-Prot W32/Negasteal.A.gen!Eldorado 20180711
F-Secure Gen:Variant.Barys.8285 20180711
Fortinet MSIL/Injector.PE!tr 20180711
GData Gen:Variant.Barys.8285 20180711
Ikarus Trojan.MSIL.Spy 20180711
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 0052d5341 ) 20180711
K7GW Trojan ( 0052d5341 ) 20180711
Kaspersky HEUR:Trojan.MSIL.Generic 20180711
Malwarebytes Spyware.AgentTesla.MSIL.Generic 20180711
MAX malware (ai score=84) 20180711
McAfee Trojan-FPEL!071CDC546528 20180711
McAfee-GW-Edition BehavesLike.Win32.Trojan.cm 20180711
Microsoft TrojanSpy:MSIL/AgentTesla.gen!bit 20180711
eScan Gen:Variant.Barys.8285 20180711
Panda Trj/GdSda.A 20180711
Qihoo-360 HEUR/QVM03.0.6EA0.Malware.Gen 20180711
Rising Spyware.Agent!8.C6 (TFE:dGZlOg0HBjnD9lpoLQ) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180711
TrendMicro TSPY_NEGASTEAL.SMILA 20180711
TrendMicro-HouseCall TSPY_NEGASTEAL.SMILA 20180711
VBA32 TScope.Trojan.MSIL 20180711
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Generic 20180711
AegisLab 20180711
Alibaba 20180711
Antiy-AVL 20180711
Avast-Mobile 20180711
AVware 20180711
Babable 20180406
Bkav 20180711
CMC 20180711
Comodo 20180711
eGambit 20180711
Jiangmin 20180711
Kingsoft 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Sophos AV 20180711
SUPERAntiSpyware 20180711
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
Trustlook 20180711
VIPRE 20180711
ViRobot 20180711
Webroot 20180711
Yandex 20180711
Zillya 20180710
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-30 14:29:00
Entry Point 0x0003127E
Number of sections 3
.NET details
Module Version ID 5704dcbb-62e8-4d96-8321-d89d5809960d
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:30 16:29:00+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
193536

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x3127e

InitializedDataSize
2048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 071cdc5465280591c766a97365fa1c4a
SHA1 4e9f181cad565e1970bdecced6ebc385bbe1f99a
SHA256 30e0abaf6c553fd77496cb7465a42650ceb4fbdcde7157204942864ea953afe2
ssdeep
3072:iIsLU3iOMa6ybj/yUIDGLkH+3HjBOoxCDGOdGNud4QQ1alX2oUvORlYQ:CLULMoPyUPHFOoyDdGVql1x

authentihash bc7ef375d95586d87e670f50b6029c6a64023a9f5184fde73176dbd0f6f69792
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 191.5 KB ( 196096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-07-11 13:48:05 UTC ( 9 months, 2 weeks ago )
Last submission 2018-07-11 13:48:05 UTC ( 9 months, 2 weeks ago )
File names UN-30th.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!