× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3aa18c98b6236a67fa8502010f5414d87faeab5236ba358f64980127cf76059d
File name: LGjnnKhmErlhKJSlqD8.exe
Detection ratio: 13 / 69
Analysis date: 2018-11-25 10:47:37 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast Win32:MdeClass 20181125
AVG Win32:MdeClass 20181125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181125
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CSCW 20181125
Fortinet W32/Kryptik.GMZS!tr 20181125
Sophos ML heuristic 20181108
Palo Alto Networks (Known Signatures) generic.ml 20181125
Qihoo-360 HEUR/QVM20.1.70BE.Malware.Gen 20181125
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181124
Trapmine malicious.high.ml.score 20180918
Ad-Aware 20181125
AegisLab 20181125
AhnLab-V3 20181125
Alibaba 20180921
ALYac 20181125
Antiy-AVL 20181125
Arcabit 20181125
Avast-Mobile 20181125
Avira (no cloud) 20181125
Babable 20180918
Baidu 20181123
BitDefender 20181125
Bkav 20181123
CAT-QuickHeal 20181124
ClamAV 20181125
CMC 20181124
Comodo 20181125
Cybereason 20180225
Cyren 20181125
DrWeb 20181125
eGambit 20181125
Emsisoft 20181125
F-Prot 20181125
F-Secure 20181125
GData 20181125
Ikarus 20181125
Jiangmin 20181125
K7AntiVirus 20181125
K7GW 20181125
Kaspersky 20181125
Kingsoft 20181125
Malwarebytes 20181125
MAX 20181125
McAfee 20181125
McAfee-GW-Edition 20181125
Microsoft 20181125
eScan 20181125
NANO-Antivirus 20181125
Panda 20181125
Rising 20181125
Sophos AV 20181125
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181125
Tencent 20181125
TheHacker 20181118
TotalDefense 20181125
TrendMicro 20181125
TrendMicro-HouseCall 20181125
Trustlook 20181125
VBA32 20181123
ViRobot 20181124
Webroot 20181125
Yandex 20181123
Zillya 20181123
ZoneAlarm by Check Point 20181125
Zoner 20181125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft®
Internal name catsrvps
File version 3.00.
Description V
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-25 10:43:12
Entry Point 0x00056216
Number of sections 5
PE sections
PE imports
RegSetKeySecurity
GetFontLanguageInfo
GetStringScripts
SetConsoleCP
GetNamedPipeClientProcessId
GetTimeZoneInformation
DeleteFileA
EnumSystemGeoID
SetDefaultCommConfigA
GetModuleHandleW
MprConfigInterfaceCreate
VarR4FromR8
VarDateFromI4
RasEnumConnectionsW
RasFreeEapUserIdentityW
NdrSimpleStructMarshall
RpcServerUnregisterIfEx
SetupDiSetDeviceRegistryPropertyW
SetupDiCancelDriverInfoSearch
StrChrNW
MapVirtualKeyA
DdeConnect
GetMenuItemID
GetClipboardOwner
GetClassNameA
SCardGetProviderIdA
CoGetCallerTID
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.1

ImageVersion
5.0

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
V

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
57344

EntryPoint
0x56216

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All

FileVersion
3.00.

TimeStamp
2018:11:25 11:43:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
catsrvps

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
689152

ProductName
Microsoft

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 0a66afb42ff6f01175bab19c54db9ad5
SHA1 2a8ca3e98acd476c476656327feb8ec7a4e49d2c
SHA256 3aa18c98b6236a67fa8502010f5414d87faeab5236ba358f64980127cf76059d
ssdeep
3072:L9EEemJyTZm1IHLLd6dyoJGgqC4wtSiesQp4zvP0yFL95b3yl0:+EpAZyeLd6dyeGtC4wtSieLSvP9

authentihash 79c0239fbaf8f9458e70616b018470fe9a0e02573ac667d05b347dd5ec262e32
imphash f5050392d3e639e6a7031a74b38a71d8
File size 400.0 KB ( 409600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-25 10:47:37 UTC ( 2 months, 3 weeks ago )
Last submission 2019-01-22 08:48:46 UTC ( 4 weeks ago )
File names catsrvps
0052[1].exe
0a66afb42ff6f01175bab19c54db9ad5
0a66afb42ff6f01175bab19c54db9ad5
LGjnnKhmErlhKJSlqD8.exe
knowncompon.exe
77923.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!