× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40f9d78bc1e149db83128629109165f6dd0830506c2c2690212015bc43692ab2
File name: MATERIALS.exe
Detection ratio: 33 / 66
Analysis date: 2018-05-14 16:42:54 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.52265 20180514
AhnLab-V3 Trojan/Win32.MSIL.C2212204 20180514
ALYac Gen:Variant.Barys.52265 20180514
Arcabit Trojan.Barys.DCC29 20180514
Avast Win32:Evo-gen [Susp] 20180514
AVG Win32:Evo-gen [Susp] 20180514
Avira (no cloud) TR/Dropper.Gen 20180514
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180511
BitDefender Gen:Variant.Barys.52265 20180514
Cylance Unsafe 20180514
Cyren W32/Ursu.F.gen!Eldorado 20180514
Emsisoft Gen:Variant.Barys.52265 (B) 20180514
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Injector.SHI 20180514
F-Secure Gen:Variant.Barys.52265 20180514
Fortinet MSIL/Kryptik.NEC!tr 20180514
GData Gen:Variant.Barys.52265 20180514
Ikarus Trojan-Spy.Agent 20180514
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005265a71 ) 20180514
K7GW Trojan ( 005265a71 ) 20180514
Kaspersky HEUR:Trojan.Win32.Generic 20180514
MAX malware (ai score=85) 20180514
McAfee Packed-XI!F51E87A9C3B3 20180514
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180514
eScan Gen:Variant.Barys.52265 20180514
Qihoo-360 HEUR/QVM03.0.2955.Malware.Gen 20180514
SentinelOne (Static ML) static engine - malicious 20180225
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180514
Symantec ML.Attribute.HighConfidence 20180514
TrendMicro BKDR_ASDROP.SMZVP 20180514
TrendMicro-HouseCall BKDR_ASDROP.SMZVP 20180514
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180514
AegisLab 20180514
Alibaba 20180514
Antiy-AVL 20180514
Avast-Mobile 20180514
AVware 20180428
Babable 20180406
Bkav 20180514
CAT-QuickHeal 20180514
ClamAV 20180514
CMC 20180514
Comodo 20180514
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180514
eGambit 20180514
F-Prot 20180514
Jiangmin 20180514
Kingsoft 20180514
Malwarebytes 20180514
Microsoft 20180514
NANO-Antivirus 20180514
nProtect 20180514
Palo Alto Networks (Known Signatures) 20180514
Panda 20180514
Rising 20180514
Sophos AV 20180514
Symantec Mobile Insight 20180511
Tencent 20180514
TheHacker 20180509
TotalDefense 20180514
Trustlook 20180514
VBA32 20180514
VIPRE 20180514
ViRobot 20180514
Webroot 20180514
Yandex 20180513
Zillya 20180514
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2018 AVAST Software

Original name aswWrcIELoader.exe
Internal name aswWrcIELoader.exe
File version 18.1.1265.0
Description IE Webrep loader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-14 17:00:15
Entry Point 0x000A75BE
Number of sections 4
.NET details
Module Version ID 9e95a962-1e3f-4b55-9cc2-663cfae8c119
PE sections
Overlays
MD5 5a51ef0b9b286c1dd6b214ba9b7803bc
File type ASCII text
Offset 723968
Size 266192
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
45568

ImageVersion
0.0

FileVersionNumber
18.1.1265.0

LanguageCode
Process default

FileFlagsMask
0x003f

FileDescription
IE Webrep loader

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
aswWrcIELoader.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
18.1.1265.0

TimeStamp
2018:05:14 18:00:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aswWrcIELoader.exe

ProductVersion
18.1.1265.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2018 AVAST Software

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
677376

FileSubtype
0

ProductVersionNumber
18.1.1265.0

EntryPoint
0xa75be

ObjectFileType
Executable application

File identification
MD5 f51e87a9c3b3674eecaf153c46bfc917
SHA1 a9844ecf9c67806626d771cf4514ea7d5a9e9885
SHA256 40f9d78bc1e149db83128629109165f6dd0830506c2c2690212015bc43692ab2
ssdeep
12288:74EKMgp2bR3es/436Kz4rFmFiR6yqHSchkqA9ivsjJRa3QS6i+h81Q6z+:gWdrAL40FiR6y+h7A9ivsjC3QtiN6B

authentihash 54b7d74bd20b20ce2107c2e68504439eca8604f84c355e29ade2c2ff3e910563
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 967.0 KB ( 990160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-14 16:42:54 UTC ( 11 months, 2 weeks ago )
Last submission 2018-05-16 06:19:52 UTC ( 11 months, 1 week ago )
File names aswWrcIELoader.exe
MATERIALS.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!