× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c016636f1a818eb7895124928983be4adb6e24f385e94f7185911f46f1f7d2e
File name: 2d4e96f779082a59fff07378aef1b800.virobj
Detection ratio: 51 / 68
Analysis date: 2018-07-19 17:56:52 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40250334 20180719
AegisLab Troj.W32.Generic!c 20180719
ALYac Trojan.GenericKD.40250334 20180719
Arcabit Trojan.Generic.D2662BDE 20180719
Avast Win32:GenX 20180719
AVG Win32:GenX 20180719
Avira (no cloud) TR/Dropper.Gen 20180719
AVware Trojan.Win32.Generic!BT 20180719
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender Trojan.GenericKD.40250334 20180719
CAT-QuickHeal Trojan.IGENERIC 20180719
ClamAV Win.Dropper.Generic-6556847-0 20180719
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.cd1ca4 20180225
Cylance Unsafe 20180719
Cyren W32/MSIL_Troj.NK.gen!Eldorado 20180719
DrWeb Trojan.MulDrop.1161 20180719
Emsisoft Trojan.GenericKD.40250334 (B) 20180719
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of MSIL/Injector.SHI 20180719
F-Prot W32/MSIL_Troj.NK.gen!Eldorado 20180719
F-Secure Trojan.GenericKD.40250334 20180719
Fortinet MSIL/Injector.TAH!tr 20180719
GData Trojan.GenericKD.40250334 20180719
Ikarus Trojan-Spy.Keylogger 20180719
Sophos ML heuristic 20180717
Jiangmin Trojan.MSIL.ihcr 20180719
K7AntiVirus Trojan ( 005265a71 ) 20180719
K7GW Trojan ( 005265a71 ) 20180719
Kaspersky HEUR:Trojan.Win32.Generic 20180719
Malwarebytes Trojan.Dropper 20180719
MAX malware (ai score=99) 20180719
McAfee Packed-XI!2D4E96F77908 20180719
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180719
Microsoft TrojanDropper:Win32/Joiner.AJ 20180719
eScan Trojan.GenericKD.40250334 20180719
NANO-Antivirus Trojan.Win32.Mlw.fbyggq 20180719
Palo Alto Networks (Known Signatures) generic.ml 20180719
Panda Trj/GdSda.A 20180719
Qihoo-360 HEUR/QVM03.0.7D2E.Malware.Gen 20180719
Rising Dropper.Generic!8.35E (CLOUD) 20180719
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180719
Symantec ML.Attribute.HighConfidence 20180719
Tencent Win32.Trojan.Generic.Hsje 20180719
TrendMicro BKDR_ASDROP.SMZSM 20180719
TrendMicro-HouseCall BKDR_ASDROP.SMZSM 20180719
VBA32 TScope.Trojan.MSIL 20180719
VIPRE Trojan.Win32.Generic!BT 20180719
Yandex Trojan.Agent!6ZJPg+oEfFk 20180717
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180719
AhnLab-V3 20180719
Alibaba 20180713
Antiy-AVL 20180719
Avast-Mobile 20180719
Babable 20180406
Bkav 20180719
CMC 20180719
Comodo 20180719
eGambit 20180719
Kingsoft 20180719
SUPERAntiSpyware 20180719
TACHYON 20180719
TheHacker 20180719
TotalDefense 20180719
Trustlook 20180719
ViRobot 20180719
Webroot 20180719
Zillya 20180719
Zoner 20180719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-16 01:47:58
Entry Point 0x0013B8CE
Number of sections 4
.NET details
Module Version ID 20b77ffe-7d33-4fc1-8227-50f4a5088e28
PE sections
Overlays
MD5 b22588687c7b0056daa727d46f4836a7
File type ASCII text
Offset 1330176
Size 38776
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:16 02:47:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1284608

LinkerVersion
6.0

EntryPoint
0x13b8ce

InitializedDataSize
44544

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2d4e96f779082a59fff07378aef1b800
SHA1 d9fb759cd1ca403c5c8aceed40ef455b344466b3
SHA256 3c016636f1a818eb7895124928983be4adb6e24f385e94f7185911f46f1f7d2e
ssdeep
24576:v/CpXTfsdJOna/IwK4OApzx6Hb8kermMuwSm41pqb:v/Ct0dJ9n+gc7iQmeq

authentihash 4452fd5e8814b91af69d863fb435a69cba435ea3836aebcfc40f128c2b97cff3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.3 MB ( 1368952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-16 06:49:08 UTC ( 4 months, 1 week ago )
Last submission 2018-05-30 00:15:39 UTC ( 3 months, 3 weeks ago )
File names 0i1l.exe
1b8c575f1bab37f7e075368253999ba9609e33ac
2d4e96f779082a59fff07378aef1b800.virobj
output.113313614.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications