× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38c8a65117cba2c27f9c05db2a9b97ec152ebe0548bb0d52c537f18ab5fb2475
File name: 19400061
Detection ratio: 14 / 66
Analysis date: 2018-11-08 16:10:20 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) HEUR/AGEN.1030968 20181108
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.a4f8be 20180225
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Kryptik.PWQ 20181108
Fortinet MSIL/GenKryptik.CNKH!tr 20181108
Sophos ML heuristic 20180717
Kaspersky HEUR:Backdoor.MSIL.Androm.gen 20181108
Malwarebytes Trojan.Crypt.XMP.Generic 20181108
McAfee Trojan-FQGW!DEB0FE55C002 20181108
McAfee-GW-Edition Trojan-FQGW!DEB0FE55C002 20181108
Microsoft VirTool:MSIL/Injector 20181108
Symantec ML.Attribute.HighConfidence 20181108
ZoneAlarm by Check Point HEUR:Backdoor.MSIL.Androm.gen 20181108
Ad-Aware 20181108
AegisLab 20181108
AhnLab-V3 20181108
Alibaba 20180921
ALYac 20181108
Antiy-AVL 20181108
Arcabit 20181108
Avast 20181108
Avast-Mobile 20181108
AVG 20181108
Babable 20180918
Baidu 20181108
BitDefender 20181108
Bkav 20181108
CAT-QuickHeal 20181108
ClamAV 20181108
CMC 20181108
Cylance 20181108
Cyren 20181108
DrWeb 20181108
Emsisoft 20181108
F-Prot 20181108
F-Secure 20181108
GData 20181108
Ikarus 20181108
Jiangmin 20181108
K7AntiVirus 20181108
K7GW 20181108
Kingsoft 20181108
MAX 20181108
eScan 20181108
NANO-Antivirus 20181108
Palo Alto Networks (Known Signatures) 20181108
Panda 20181108
Qihoo-360 20181108
Rising 20181108
SentinelOne (Static ML) 20181011
Sophos AV 20181108
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181108
Tencent 20181108
TheHacker 20181108
TotalDefense 20181108
TrendMicro 20181108
TrendMicro-HouseCall 20181108
VBA32 20181108
VIPRE 20181108
ViRobot 20181108
Webroot 20181108
Yandex 20181107
Zillya 20181107
Zoner 20181108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
3f2c9201-8d51-4f03-809d-3c0efcb8c476

Product e532600e-dcb5-4f66-9e08-07bc4369e398
Original name ab36bd6b-57a5-4d39-a62a-6195424884f0.exe
File version 1.0.0.0
Description 32d75056-d855-48a0-9a23-492e6029384
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-07 17:27:35
Entry Point 0x000D97EE
Number of sections 3
.NET details
Module Version ID 9e0fc617-11c4-4971-b5c0-0523009609d5
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
32d75056-d855-48a0-9a23-492e6029384

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
70144

EntryPoint
0xd97ee

OriginalFileName
ab36bd6b-57a5-4d39-a62a-6195424884f0.exe

MIMEType
application/octet-stream

LegalCopyright
3f2c9201-8d51-4f03-809d-3c0efcb8c476

FileVersion
1.0.0.0

TimeStamp
2018:10:07 19:27:35+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
882688

ProductName
e532600e-dcb5-4f66-9e08-07bc4369e398

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 deb0fe55c002975c49bdfe1db738e761
SHA1 a025c21a4f8be3cf702313a94f1f99e2b45c1698
SHA256 38c8a65117cba2c27f9c05db2a9b97ec152ebe0548bb0d52c537f18ab5fb2475
ssdeep
6144:m35mAadJa1lL8Q3XRb1Ov2pjf2bqr2mt1I8qJQBKt+N6:mN6

authentihash 34644a84fd7b28b6f31fe32762af3ded5b52448966816fdbb8d8e20a7b8e027c
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 931.0 KB ( 953344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-11-08 16:10:20 UTC ( 4 months, 2 weeks ago )
Last submission 2018-12-18 20:31:38 UTC ( 3 months ago )
File names output.114578400.txt
z11zi.exe
ab36bd6b-57a5-4d39-a62a-6195424884f0.exe
z11zi.exe
deb0fe55c002975c49bdfe1db738e761
z11zi.exe
19400061
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!