× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 33a584a0d4907b063af867fd33cc39362b74e96e72d2ad97db7748131364eab1
File name: output.113814181.txt
Detection ratio: 51 / 68
Analysis date: 2018-08-22 06:00:15 UTC ( 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.20855658 20180822
AegisLab Hacktool.Win32.Generic.3!c 20180822
AhnLab-V3 Malware/Win32.CVE-2015-1701.C1879944 20180822
ALYac Exploit.CVE-2015-1701 20180822
Antiy-AVL Trojan[Exploit]/Win32.CVE-2015-1701 20180822
Arcabit Trojan.Generic.D13E3B6A 20180822
AVG FileRepMetagen [Rtk] 20180821
Avira (no cloud) EXP/CVE-2015-1701.ibnhx 20180821
AVware Trojan.Win32.Generic!BT 20180822
BitDefender Trojan.Generic.20855658 20180822
Bkav W32.RipogadLTAD.Trojan 20180821
CAT-QuickHeal HEUR.Exploit 20180821
CMC Trojan.Win32.GenM!O 20180821
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.412246 20180225
Cyren W64/Trojan.RIAJ-6825 20180822
DrWeb Exploit.CVE-2015-1701.1 20180822
Emsisoft Trojan.Generic.20855658 (B) 20180822
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win64/Exploit.CVE-2015-1701.L 20180822
F-Secure Trojan.Generic.20855658 20180822
Fortinet W32/CVE_2015_1701!exploit 20180822
GData Trojan.Generic.20855658 20180822
Ikarus Trojan.Win64.Exploit 20180821
Jiangmin Exploit.CVE-2015-1701.ah 20180822
K7AntiVirus Trojan ( 005131c61 ) 20180821
K7GW Trojan ( 005131c61 ) 20180822
Kaspersky HEUR:Exploit.Win32.CVE-2015-1701.gen 20180822
Malwarebytes Trojan.Agent.OL 20180822
MAX malware (ai score=100) 20180822
McAfee Artemis!AE3E73041224 20180822
McAfee-GW-Edition Artemis!Trojan 20180822
Microsoft Exploit:Win32/CVE-2015-1701 20180822
eScan Trojan.Generic.20855658 20180822
NANO-Antivirus Exploit.Win64.CVE20151701.epowip 20180822
Panda Generic Malware 20180820
Qihoo-360 Win32/Trojan.Exploit.470 20180822
Rising Exploit.CVE-2015-1701!8.79F (TFE:5:JYeSjnSxoJS) 20180822
Sophos AV Troj/Agent-AXUZ 20180822
Symantec Trojan.Gen.2 20180821
TACHYON Trojan-Exploit/W64.CVE-2015-1701.88576 20180822
Tencent Win32.Exploit.Cve-2015-1701.Lnyc 20180822
TrendMicro TROJ64_EXPLOYT.THFAAAH 20180822
TrendMicro-HouseCall TROJ64_EXPLOYT.THFAAAH 20180822
VBA32 Exploit.CVE-2015-1701 20180821
VIPRE Trojan.Win32.Generic!BT 20180822
ViRobot Trojan.Win64.S.Agent.88576 20180822
Webroot W32.Dropper.Gen 20180822
Yandex Exploit.CVE-2015-1701! 20180820
Zillya Exploit.CVE.Win32.1801 20180821
ZoneAlarm by Check Point HEUR:Exploit.Win32.CVE-2015-1701.gen 20180822
Alibaba 20180713
Avast 20180821
Avast-Mobile 20180820
Babable 20180725
Baidu 20180820
ClamAV 20180821
Comodo 20180822
Cylance 20180822
eGambit 20180822
F-Prot 20180822
Sophos ML 20180717
Kingsoft 20180822
Palo Alto Networks (Known Signatures) 20180822
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180822
Symantec Mobile Insight 20180822
TheHacker 20180821
TotalDefense 20180822
Trustlook 20180822
Zoner 20180821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2017-03-15 17:05:33
Entry Point 0x000024B0
Number of sections 5
PE sections
PE imports
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessWithLogonW
PrivilegeCheck
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetThreadToken
CreateProcessWithTokenW
CreateProcessAsUserW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
TerminateThread
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetACP
CreatePipe
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
RtlVirtualUnwind
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
GetCurrentThread
SetStdHandle
RtlUnwindEx
CreateThread
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
RtlCaptureContext
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
DuplicateHandle
HeapReAlloc
DecodePointer
GetModuleHandleW
WriteConsoleW
IsWow64Process
GetConsoleCP
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
RtlLookupFunctionEntry
CreateFileW
GetStringTypeW
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
SetLastError
LeaveCriticalSection
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2017:03:15 18:05:33+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
50176

LinkerVersion
12.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x24b0

InitializedDataSize
47104

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 ae3e7304122469f2de3ecbd920a768d1
SHA1 d92186b699f81ac7875a57e464eec7f300638dee
SHA256 33a584a0d4907b063af867fd33cc39362b74e96e72d2ad97db7748131364eab1
ssdeep
1536:yIGMPf+1Qs3oGTtJv/mKup2xInR1JuWzovQU7Ezd8n3AsW4d9u6zR:bff+1QIoGTvv/mKuUxIR1JiNpP9u6t

authentihash 0fcd09b17174472b8811e131b466d48de398e7fc5256ffe1bd78e8ee226d73ac
imphash 3caf9b5e0d279ede620adcad0b496971
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
cve-2015-1701 assembly cve-2016-0099 peexe exploit 64bits

VirusTotal metadata
First submission 2017-03-20 04:47:38 UTC ( 2 years, 2 months ago )
Last submission 2019-04-18 14:23:24 UTC ( 1 month ago )
File names 08.exe
output.113666832.txt
output.113110813.txt
33a584a0d4907b063af867fd33cc39362b74e96e72d2ad97db7748131364eab1.bin
o6.exe
output.119411620.txt
ms16.exe
as.exe
64.ZIP
64.exe
33a584a0d4907b06_1603264.exe
2.exe
lpk.exe
output.124295530.txt
1603264.exe
1603264.exe
output.113814181.txt
b.exe
64.zip
output.120030874.txt
output.111840884.txt
ms16-032_x64.exe
o6.exe
O6.EXE
ae3e7304122469f2de3ecbd920a768d1729a0984_Exploit.Win32.cve-2015-1701.sklez
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!