× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 465df5e4eae9119417397d3e9aaaf36b65dd0511a7106272559f58a39964b551
File name: output.114418620.txt
Detection ratio: 43 / 68
Analysis date: 2018-11-04 07:31:30 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31317802 20181104
AegisLab Trojan.Win32.Inject.4!c 20181104
AhnLab-V3 Malware/Gen.Generic.C2786814 20181103
ALYac Trojan.GenericKD.31317802 20181104
Antiy-AVL GrayWare/Win32.Generic 20181104
Arcabit Trojan.Generic.D1DDDF2A 20181104
Avast Win32:Malware-gen 20181104
AVG Win32:Malware-gen 20181104
Avira (no cloud) HEUR/AGEN.1019144 20181103
BitDefender Trojan.GenericKD.31317802 20181104
Bkav HW32.Packed. 20181102
CAT-QuickHeal Trojan.IGENERIC 20181103
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181104
Cyren W32/Trojan.WVMP-4418 20181104
Emsisoft Trojan.GenericKD.31317802 (B) 20181104
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CNRI 20181103
F-Secure Trojan.GenericKD.31317802 20181104
Fortinet W32/GenKryptik.CNRI!tr 20181104
GData Trojan.GenericKD.31317802 20181104
Ikarus Trojan.Win32.Krypt 20181103
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053f7041 ) 20181104
K7GW Trojan ( 0053f7041 ) 20181104
Kaspersky Trojan.Win32.Inject.akpbn 20181104
Malwarebytes Trojan.Injector 20181104
McAfee Artemis!63F443D9FFCB 20181104
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20181104
Microsoft Trojan:Win32/Skeeyah.A!bit 20181104
eScan Trojan.GenericKD.31317802 20181104
NANO-Antivirus Trojan.Win32.Inject.fjpgdv 20181104
Palo Alto Networks (Known Signatures) generic.ml 20181104
Panda Trj/CI.A 20181103
Qihoo-360 Win32/Trojan.dd3 20181104
Sophos AV Mal/Generic-S 20181104
Symantec Trojan.Gen.2 20181103
Tencent Win32.Trojan.Inject.Wqnc 20181104
TrendMicro TROJ_GEN.R004C0WJP18 20181104
TrendMicro-HouseCall TROJ_GEN.R004C0WJP18 20181104
VBA32 Trojan.Inject 20181102
Zillya Trojan.Inject.Win32.262637 20181102
ZoneAlarm by Check Point Trojan.Win32.Inject.akpbn 20181104
Alibaba 20180921
Avast-Mobile 20181104
Babable 20180918
Baidu 20181102
ClamAV 20181104
CMC 20181103
Cybereason 20180225
DrWeb 20181104
eGambit 20181104
F-Prot 20181104
Jiangmin 20181104
Kingsoft 20181104
MAX 20181104
Rising 20181104
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181104
TheHacker 20181104
TotalDefense 20181104
Trustlook 20181104
VIPRE 20181104
ViRobot 20181103
Webroot 20181104
Yandex 20181102
Zoner 20181104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C)360.cn Inc.All Rights Reserved.

Product 360杀毒
Original name 360sdrun.exe
Internal name 360sdrun.exe
File version 5, 0, 0, 8130
Description 360杀毒 启动程序
Comments Modified by an unpaid evaluation copy of Resource Tuner Console 2. http://www.heaventools.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-19 18:27:41
Entry Point 0x0002336D
Number of sections 6
PE sections
PE imports
GetModuleHandleA
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Modified by an unpaid evaluation copy of Resource Tuner Console 2. http://www.heaventools.com

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
5.0.0.8130

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
360

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
5496832

EntryPoint
0x2336d

OriginalFileName
360sdrun.exe

MIMEType
application/octet-stream

LegalCopyright
(C)360.cn Inc.All Rights Reserved.

FileVersion
5, 0, 0, 8130

TimeStamp
2018:10:19 19:27:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
360sdrun.exe

ProductVersion
5, 0, 0, 8130

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
360.cn

CodeSize
5296128

ProductName
360

ProductVersionNumber
5.0.0.8130

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 63f443d9ffcbbc7daca23a62648a2406
SHA1 86d0758b0302dc22e4a99eafa8e796b3a4ffe500
SHA256 465df5e4eae9119417397d3e9aaaf36b65dd0511a7106272559f58a39964b551
ssdeep
98304:R1oefIdJ2Z6edd/aTQCefIp20W18KiLekVM7fHnwp6Vv:RmY23S9aTnhNPLTa7/nj

authentihash 46bc6aa8e375f9478c2030a67654a25e5935fce8e8f3ecd479aeb9bc0ec0e605
imphash a56f115ee5ef2625bd949acaeec66b76
File size 5.4 MB ( 5644288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-23 07:19:57 UTC ( 1 month, 3 weeks ago )
Last submission 2018-11-04 07:31:30 UTC ( 1 month, 1 week ago )
File names output.114418620.txt
z.exe
360sdrun.exe
z.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Code injections in the following processes
Terminated processes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.