× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 427fd74383e0956d40b7098ea8e94bca5acba84e6aa4ccbd0dda3a4a30b7eeb3
File name: fuck_mpgh.exe
Detection ratio: 20 / 56
Analysis date: 2016-12-23 11:47:43 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4005869 20161223
Arcabit Trojan.Generic.D3D1FED 20161223
Avast Win32:Malware-gen 20161223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9532 20161207
BitDefender Trojan.GenericKD.4005869 20161223
CrowdStrike Falcon (ML) malicious_confidence_97% (W) 20161024
DrWeb Trojan.KillProc.49613 20161223
Emsisoft Trojan.GenericKD.4005869 (B) 20161223
ESET-NOD32 a variant of MSIL/KillMBR.A 20161223
F-Secure Trojan.GenericKD.4005869 20161223
GData Trojan.GenericKD.4005869 20161223
Ikarus Virus.MBR.Overwriter 20161223
K7AntiVirus Trojan ( 005012191 ) 20161223
K7GW Trojan ( 005012191 ) 20161223
Kaspersky Trojan.Win32.DiskWriter.qs 20161223
Malwarebytes Bootkit.Agent.MBR 20161223
eScan Trojan.GenericKD.4005869 20161223
Rising Trojan.KillMBR!8.F58-Nk6IUEeqjlS (cloud) 20161223
Symantec Heur.AdvML.C 20161223
ViRobot Trojan.Win32.Agent.75776.AO[h] 20161223
AegisLab 20161223
AhnLab-V3 20161222
Alibaba 20161223
ALYac 20161223
Antiy-AVL 20161223
AVG 20161223
Avira (no cloud) 20161223
AVware 20161223
Bkav 20161222
CAT-QuickHeal 20161223
ClamAV 20161223
CMC 20161223
Comodo 20161223
Cyren 20161223
F-Prot 20161223
Fortinet 20161223
Sophos ML 20161216
Jiangmin 20161223
Kingsoft 20161223
McAfee 20161223
McAfee-GW-Edition 20161223
Microsoft 20161223
NANO-Antivirus 20161223
nProtect 20161223
Panda 20161222
Qihoo-360 20161223
Sophos AV 20161223
SUPERAntiSpyware 20161223
Tencent 20161223
TheHacker 20161222
TrendMicro 20161223
TrendMicro-HouseCall 20161223
Trustlook 20161223
VBA32 20161223
VIPRE 20161223
WhiteArmor 20161221
Yandex 20161222
Zillya 20161223
Zoner 20161223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product OverwriteMBR
Original name OverwriteMBR.exe
Internal name OverwriteMBR.exe
File version 1.0.0.0
Description OverwriteMBR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-21 15:04:44
Entry Point 0x00013CDE
Number of sections 3
.NET details
Module Version ID 113f2d8a-789e-4ce3-b380-f26b2e432a37
TypeLib ID 5dc515cb-a4da-4271-86f9-f3fb2239d793
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x13cde

OriginalFileName
OverwriteMBR.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:12:21 16:04:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OverwriteMBR.exe

ProductVersion
1.0.0.0

FileDescription
OverwriteMBR

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
73216

ProductName
OverwriteMBR

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 541ab5bfff8e7f063310d01090301ee8
SHA1 e6a982ea9b172c6da7d240ac9f7a60a97c9e9990
SHA256 427fd74383e0956d40b7098ea8e94bca5acba84e6aa4ccbd0dda3a4a30b7eeb3
ssdeep
1536:tkYxJH2rH7AaxlCfIUSKZuPwg0yM96vTlQPX9:WYxJH2rH7AaxlCfI0OTM96vhQPX9

authentihash a90003cad326cb24ddc1ad70b16b20464526d1c9f11bf79fe2ab17975c470106
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 74.0 KB ( 75776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-12-22 10:49:37 UTC ( 2 years, 1 month ago )
Last submission 2016-12-26 02:57:45 UTC ( 2 years, 1 month ago )
File names fuck_mpgh.exe.vir
MBR OVERWRITER
aujimc.bin
aujimc.png
MBR Virus.dat
OverwriteMBR.exe
fuck_mpgh.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!