× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c016636f1a818eb7895124928983be4adb6e24f385e94f7185911f46f1f7d2e
File name: 2d4e96f779082a59fff07378aef1b800.virobj
Detection ratio: 51 / 68
Analysis date: 2018-06-18 00:06:17 UTC ( 1 day, 12 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40250334 20180617
AegisLab Troj.W32.Generic!c 20180617
ALYac Trojan.GenericKD.40250334 20180617
Arcabit Trojan.Generic.D2662BDE 20180618
Avast Win32:GenX 20180617
AVG Win32:GenX 20180617
Avira (no cloud) TR/Dropper.Gen 20180617
AVware Trojan.Win32.Generic!BT 20180617
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
BitDefender Trojan.GenericKD.40250334 20180617
CAT-QuickHeal Trojan.IGENERIC 20180617
ClamAV Win.Dropper.Generic-6556847-0 20180617
Comodo TrojWare.MSIL.Injector.~SHI 20180617
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.cd1ca4 20180225
Cylance Unsafe 20180618
Cyren W32/MSIL_Troj.NK.gen!Eldorado 20180617
DrWeb Trojan.MulDrop.1161 20180617
Emsisoft Trojan.GenericKD.40250334 (B) 20180617
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/Injector.SHI 20180617
F-Prot W32/MSIL_Troj.NK.gen!Eldorado 20180617
F-Secure Trojan.GenericKD.40250334 20180618
Fortinet MSIL/Injector.TAH!tr 20180617
GData Trojan.GenericKD.40250334 20180617
Ikarus Trojan-Spy.Agent 20180617
Sophos ML heuristic 20180601
Jiangmin Trojan.MSIL.ihcr 20180617
K7AntiVirus Trojan ( 005265a71 ) 20180617
K7GW Trojan ( 005265a71 ) 20180618
Kaspersky HEUR:Trojan.Win32.Generic 20180618
Malwarebytes Trojan.Dropper 20180618
MAX malware (ai score=99) 20180618
McAfee Packed-XI!2D4E96F77908 20180617
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180617
eScan Trojan.GenericKD.40250334 20180617
NANO-Antivirus Trojan.Win32.Mlw.fbyggq 20180618
Palo Alto Networks (Known Signatures) generic.ml 20180618
Panda Trj/GdSda.A 20180617
Qihoo-360 HEUR/QVM03.0.7D2E.Malware.Gen 20180618
SentinelOne (Static ML) static engine - malicious 20180617
Sophos AV Mal/Generic-S 20180617
Symantec ML.Attribute.HighConfidence 20180617
Tencent Win32.Trojan.Generic.Hsje 20180618
TrendMicro BKDR_ASDROP.SMZVP 20180617
TrendMicro-HouseCall BKDR_ASDROP.SMZVP 20180617
VBA32 TScope.Trojan.MSIL 20180615
VIPRE Trojan.Win32.Generic!BT 20180617
ViRobot Trojan.Win32.Z.Injector.1368952 20180617
Yandex Trojan.Agent!6ZJPg+oEfFk 20180615
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180617
AhnLab-V3 20180617
Alibaba 20180615
Antiy-AVL 20180618
Avast-Mobile 20180617
Babable 20180406
Bkav 20180616
CMC 20180617
eGambit 20180618
Kingsoft 20180618
Microsoft 20180617
Rising 20180618
SUPERAntiSpyware 20180617
Symantec Mobile Insight 20180614
TACHYON 20180617
TheHacker 20180613
TotalDefense 20180617
Trustlook 20180618
Webroot 20180618
Zillya 20180615
Zoner 20180617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-16 01:47:58
Entry Point 0x0013B8CE
Number of sections 4
.NET details
Module Version ID 20b77ffe-7d33-4fc1-8227-50f4a5088e28
PE sections
Overlays
MD5 b22588687c7b0056daa727d46f4836a7
File type ASCII text
Offset 1330176
Size 38776
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:16 02:47:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1284608

LinkerVersion
6.0

EntryPoint
0x13b8ce

InitializedDataSize
44544

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2d4e96f779082a59fff07378aef1b800
SHA1 d9fb759cd1ca403c5c8aceed40ef455b344466b3
SHA256 3c016636f1a818eb7895124928983be4adb6e24f385e94f7185911f46f1f7d2e
ssdeep
24576:v/CpXTfsdJOna/IwK4OApzx6Hb8kermMuwSm41pqb:v/Ct0dJ9n+gc7iQmeq

authentihash 4452fd5e8814b91af69d863fb435a69cba435ea3836aebcfc40f128c2b97cff3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.3 MB ( 1368952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-16 06:49:08 UTC ( 1 month ago )
Last submission 2018-05-30 00:15:39 UTC ( 2 weeks, 6 days ago )
File names 0i1l.exe
1b8c575f1bab37f7e075368253999ba9609e33ac
2d4e96f779082a59fff07378aef1b800.virobj
output.113313614.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications