× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 422376dc4ba293eefe575012e0456ab2b4e6cd8ca2283940b66964680fe4e70b
File name: RatherWeird@0.2.0.zip
Detection ratio: 1 / 59
Analysis date: 2017-06-03 14:25:21 UTC ( 11 months, 3 weeks ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9815 20170601
Ad-Aware 20170603
AegisLab 20170603
AhnLab-V3 20170603
Alibaba 20170602
ALYac 20170603
Antiy-AVL 20170603
Arcabit 20170603
Avast 20170603
AVG 20170603
Avira (no cloud) 20170603
AVware 20170603
BitDefender 20170603
Bkav 20170602
CAT-QuickHeal 20170603
ClamAV 20170603
CMC 20170603
Comodo 20170603
CrowdStrike Falcon (ML) 20170420
Cyren 20170603
DrWeb 20170603
Emsisoft 20170603
Endgame 20170515
ESET-NOD32 20170603
F-Prot 20170603
F-Secure 20170603
Fortinet 20170603
GData 20170603
Ikarus 20170603
Sophos ML 20170519
Jiangmin 20170603
K7AntiVirus 20170603
K7GW 20170603
Kaspersky 20170603
Kingsoft 20170603
Malwarebytes 20170603
McAfee 20170603
McAfee-GW-Edition 20170603
Microsoft 20170603
eScan 20170603
NANO-Antivirus 20170603
nProtect 20170603
Palo Alto Networks (Known Signatures) 20170603
Panda 20170603
Qihoo-360 20170603
Rising 20170603
SentinelOne (Static ML) 20170516
Sophos AV 20170603
SUPERAntiSpyware 20170603
Symantec 20170603
Symantec Mobile Insight 20170601
Tencent 20170603
TheHacker 20170602
TrendMicro 20170603
TrendMicro-HouseCall 20170603
Trustlook 20170603
VBA32 20170602
VIPRE 20170603
ViRobot 20170603
Webroot 20170603
WhiteArmor 20170601
Yandex 20170602
Zillya 20170602
ZoneAlarm by Check Point 20170603
Zoner 20170603
The file being studied is a compressed stream! More specifically, it is a ZIP file.
Interesting properties
The studied file contains at least one Portable Executable.
Contained files
Compression metadata
Contained files
3
Uncompressed size
36864
Highest datetime
2017-06-03 16:15:28
Lowest datetime
2017-06-03 16:15:26
Contained files by extension
dll
2
exe
1
Contained files by type
Portable Executable
3
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x20bb5639

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
7680

ZipCompressedSize
3295

FileTypeExtension
zip

ZipFileName
DirtyInvocation.dll

ZipBitFlag
0

ZipModifyDate
2017:06:03 16:15:13

File identification
MD5 305046a3a691279dd999000416ab71fe
SHA1 f70e1f5013b3ee2ba62c79368e795361a287bc52
SHA256 422376dc4ba293eefe575012e0456ab2b4e6cd8ca2283940b66964680fe4e70b
ssdeep
384:1MrBLeuGxqqnseFe/YlwuExmM2nZdCEX+HQz8Y4ZOhwS:1QLerxTnsJLxTMT+HsSO/

File size 16.3 KB ( 16686 bytes )
File type ZIP
Magic literal
Zip archive data, at least v2.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
contains-pe zip

VirusTotal metadata
First submission 2017-06-03 14:25:21 UTC ( 11 months, 3 weeks ago )
Last submission 2017-06-03 14:25:21 UTC ( 11 months, 3 weeks ago )
File names RatherWeird@0.2.0.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!