× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e7b8a8ef41216834f9311a7ce4e2fbb1a48e18f691e21e229cb0199986c0778
File name: Iqiriq5PDPf2kk7w.CIL.exe
Detection ratio: 51 / 66
Analysis date: 2018-07-17 11:03:47 UTC ( 5 days, 5 hours ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.337081 20180717
AegisLab Troj.W32.Generic!c 20180717
AhnLab-V3 Trojan/Win32.MSIL.C2557715 20180717
ALYac Gen:Variant.Razy.337081 20180717
Antiy-AVL Trojan/Win32.AGeneric 20180717
Arcabit Trojan.Razy.D524B9 20180717
Avira (no cloud) HEUR/AGEN.1029315 20180717
AVware Trojan.Win32.Generic!BT 20180717
BitDefender Gen:Variant.Razy.337081 20180717
CAT-QuickHeal Trojan.IGENERIC 20180716
ClamAV Win.Trojan.Agent-6577216-0 20180717
Comodo .UnclassifiedMalware 20180717
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.b4ac3d 20180225
Cylance Unsafe 20180717
Cyren W32/Kryptik.EN.gen!Eldorado 20180717
DrWeb Trojan.PWS.Stealer.23680 20180717
Emsisoft Gen:Variant.Razy.337081 (B) 20180717
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of MSIL/Kryptik.ODU 20180717
F-Prot W32/Kryptik.EN.gen!Eldorado 20180717
F-Secure Gen:Variant.Razy.337081 20180717
Fortinet MSIL/Kryptik.MWY!tr 20180717
GData Gen:Variant.Razy.337081 20180717
Ikarus Trojan-Spy.Zbot 20180717
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 00533df31 ) 20180717
K7GW Trojan ( 00533df31 ) 20180717
Kaspersky HEUR:Trojan.Win32.Generic 20180717
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20180717
MAX malware (ai score=100) 20180717
McAfee Packed-FGN!43BF9CA3E049 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.gh 20180717
Microsoft PWS:Win32/Primarypass.A 20180717
eScan Gen:Variant.Razy.337081 20180717
NANO-Antivirus Trojan.Win32.Kryptik.fdsepk 20180717
Palo Alto Networks (Known Signatures) generic.ml 20180717
Panda Trj/CI.A 20180716
Qihoo-360 HEUR/QVM03.0.AF2B.Malware.Gen 20180717
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Kryptik-BZ 20180717
Symantec Packed.Generic.511 20180717
Tencent Win32.Trojan.Generic.Pdcx 20180717
TrendMicro TSPY_ZBOT.THFAAAH 20180717
TrendMicro-HouseCall TSPY_ZBOT.THFAAAH 20180717
VBA32 TScope.Trojan.MSIL 20180716
VIPRE Trojan.Win32.Generic!BT 20180717
ViRobot Trojan.Win32.Agent.419840.G 20180717
Webroot W32.Trojan.Gen 20180717
Yandex Trojan.Agent!fUorgNo8Ns0 20180716
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180717
Alibaba 20180713
Avast-Mobile 20180717
Babable 20180406
Baidu 20180717
Bkav 20180717
CMC 20180716
eGambit 20180717
Jiangmin 20180717
Kingsoft 20180717
Rising 20180717
SUPERAntiSpyware 20180717
TACHYON 20180717
TheHacker 20180716
TotalDefense 20180717
Trustlook 20180717
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name Iqiriq5PDPf2kk7w.CIL.exe
Internal name Iqiriq5PDPf2kk7w.CIL.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-07 00:00:05
Entry Point 0x000228DE
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
RT_HTML 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 11
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
285696

EntryPoint
0x228de

OriginalFileName
Iqiriq5PDPf2kk7w.CIL.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:06:07 01:00:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Iqiriq5PDPf2kk7w.CIL.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
133632

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Execution parents
File identification
MD5 43bf9ca3e0496c7b8a81ab34397903ec
SHA1 2240e97b4ac3ddafc292bc04e46893cd5433e9a5
SHA256 3e7b8a8ef41216834f9311a7ce4e2fbb1a48e18f691e21e229cb0199986c0778
ssdeep
12288:YDdf86GxOTFoV0emhd839xu47dlfAe9JlJ7fUDvMUsK/V5g:3fRRJ7fGMUsK/V5g

authentihash 0c8928687705a0d84b8ddd9d11edf540966b70dc4cf9808d5a7dad3b7fe2e680
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 410.0 KB ( 419840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-06-07 08:04:57 UTC ( 1 month, 2 weeks ago )
Last submission 2018-06-08 11:44:23 UTC ( 1 month, 2 weeks ago )
File names 7c9d9c0f99824a376584ca5c568fbe07e322d30c
output.113408818.txt
PO.exe
Iqiriq5PDPf2kk7w.CIL.exe
po[1].exe
PO.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!