× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1
File name: Details_client_Information_
Detection ratio: 42 / 63
Analysis date: 2017-07-15 18:38:52 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.MSILKrypt.60 20170715
AegisLab Troj.Msil.Kryptik!c 20170715
AhnLab-V3 Trojan/Win32.Agent.R202708 20170715
ALYac Gen:Variant.MSILKrypt.60 20170715
Antiy-AVL Trojan/Win32.SGeneric 20170715
Arcabit Trojan.MSILKrypt.60 20170715
Avira (no cloud) TR/Dropper.MSIL.iyczw 20170715
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170714
BitDefender Gen:Variant.MSILKrypt.60 20170715
CAT-QuickHeal Trojanpws.Primarypass 20170715
Comodo UnclassifiedMalware 20170715
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170710
Cyren W32/Trojan.SW.gen!Eldorado 20170715
DrWeb Trojan.PWS.Stealer.17779 20170715
Emsisoft Gen:Variant.MSILKrypt.60 (B) 20170715
Endgame malicious (high confidence) 20170713
ESET-NOD32 a variant of MSIL/Kryptik.JLR 20170715
F-Secure Gen:Variant.MSILKrypt.60 20170715
Fortinet MSIL/Generic.AP.F7634!tr 20170629
Ikarus Trojan.MSIL.Crypt 20170715
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 0050fe7c1 ) 20170714
K7GW Trojan ( 0050fe7c1 ) 20170715
Kaspersky Trojan.MSIL.Kryptik.web 20170715
Malwarebytes Spyware.PasswordStealer 20170715
MAX malware (ai score=80) 20170715
Microsoft PWS:Win32/Primarypass.A 20170715
eScan Gen:Variant.MSILKrypt.60 20170715
NANO-Antivirus Trojan.Win32.Kryptik.eqapot 20170715
Palo Alto Networks (Known Signatures) generic.ml 20170715
Panda Trj/GdSda.A 20170715
Qihoo-360 HEUR/QVM03.0.810C.Malware.Gen 20170715
Rising Trojan.Kryptik!8.8 (cloud:QflWppHcfYU) 20170715
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/MSIL-OM 20170715
Symantec Trojan.Gen.2 20170715
Tencent Msil.Trojan.Kryptik.Lnyp 20170715
VBA32 Trojan.MSIL.Kryptik 20170714
ViRobot Trojan.Win32.Z.Kryptik.203264.CI 20170715
Webroot W32.Trojan.Gen 20170715
Yandex Trojan.Kryptik!QR0sp1Cq32I 20170714
ZoneAlarm by Check Point Trojan.MSIL.Kryptik.web 20170715
Alibaba 20170714
Avast 20170715
AVG 20170715
AVware 20170715
Bkav 20170715
ClamAV 20170715
CMC 20170714
Cylance 20170715
F-Prot 20170715
GData 20170715
Jiangmin 20170715
Kingsoft 20170715
McAfee 20170715
McAfee-GW-Edition 20170715
nProtect 20170715
SUPERAntiSpyware 20170715
Symantec Mobile Insight 20170713
TheHacker 20170712
TrendMicro 20170715
TrendMicro-HouseCall 20170715
Trustlook 20170715
VIPRE 20170715
WhiteArmor 20170713
Zillya 20170714
Zoner 20170715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product Infrastructure
Original name Infrastructure .exe
File version 12.1.12777.0
Description Infrastructure service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-13 21:54:58
Entry Point 0x00032F8E
Number of sections 3
.NET details
Module Version ID c06a2fb7-4eaf-4531-989a-90da05cd9181
TypeLib ID 92b6a0ab-9e88-41dc-acd5-4df6bf8b91f9
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH UK 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.1.12777.0

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
Infrastructure service

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x32f8e

OriginalFileName
Infrastructure .exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
12.1.12777.0

TimeStamp
2017:06:13 23:54:58+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
12.0.78313

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
200704

ProductName
Infrastructure

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3eab5d298c5423ff30cef60036c43472
SHA1 4fd1130b9c5fd2d11e5aa8f2d600fed73b59e636
SHA256 4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1
ssdeep
3072:DErMEDi9nIjSs4Ioycodk89fWFzBrwWtRJMCuodJUu40UCzPcVV:AZ2xssYdD9fWFV7tH0odn41CDc

authentihash bdbb26b69c93131e5f1106407c18649d45631c320c0bb68204aeb4fcdc02a76e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 198.5 KB ( 203264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-06-15 05:14:22 UTC ( 1 year, 11 months ago )
Last submission 2019-03-06 04:02:29 UTC ( 2 months, 2 weeks ago )
File names 4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1.exe
Details_client_Information_#676.Doc.exe
c3Z3wfmNc.ocx
Details_of_payment-copy_Nos__534.xls.exe
4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1.exe
4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1.exe
app.exe
A5A74383.exe.mwr
3eab5d298c5423ff30cef60036c43472
4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1.exe
Details_client_Information_#676.Doc.exe
Infrastructure .exe
app.exe
Details_client_Information_
3eab5d298c5423ff30cef60036c43472
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!