× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7
File name: 9835afe5bc5eb192408bfe63959616aabf2e133c
Detection ratio: 23 / 68
Analysis date: 2017-12-14 10:10:26 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Spy.Msil!c 20171214
Avast FileRepMalware 20171214
AVG FileRepMalware 20171214
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171212
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.b45a72 20171103
Cylance Unsafe 20171214
eGambit Unsafe.AI_Score_75% 20171214
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Kryptik.LXI 20171214
Fortinet MSIL/Kryptik.LXI!tr 20171214
GData Win32.Trojan.Agent.9VDP3W 20171214
Ikarus Trojan-Downloader.GenKrypt 20171214
Sophos ML heuristic 20170914
Kaspersky HEUR:Trojan-Spy.MSIL.Generic 20171214
McAfee Artemis!AB426B32E4E1 20171214
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20171214
Palo Alto Networks (Known Signatures) generic.ml 20171214
Qihoo-360 Win32/Trojan.Spy.c29 20171214
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171214
TrendMicro-HouseCall TROJ_GEN.R049H0DLE17 20171214
ZoneAlarm by Check Point HEUR:Trojan-Spy.MSIL.Generic 20171214
Ad-Aware 20171214
AhnLab-V3 20171214
Alibaba 20171214
ALYac 20171214
Antiy-AVL 20171214
Arcabit 20171214
Avast-Mobile 20171214
Avira (no cloud) 20171213
AVware 20171214
BitDefender 20171214
Bkav 20171213
CAT-QuickHeal 20171214
ClamAV 20171214
CMC 20171214
Comodo 20171214
Cyren 20171214
DrWeb 20171214
Emsisoft 20171214
F-Prot 20171214
F-Secure 20171214
Jiangmin 20171214
K7AntiVirus 20171214
K7GW 20171214
Kingsoft 20171214
Malwarebytes 20171214
MAX 20171214
Microsoft 20171214
eScan 20171214
NANO-Antivirus 20171214
nProtect 20171214
Panda 20171213
Rising 20171214
SUPERAntiSpyware 20171214
Symantec 20171214
Symantec Mobile Insight 20171213
Tencent 20171214
TheHacker 20171210
TotalDefense 20171214
TrendMicro 20171214
Trustlook 20171214
VBA32 20171213
VIPRE 20171214
ViRobot 20171214
Webroot 20171214
WhiteArmor 20171204
Yandex 20171212
Zillya 20171213
Zoner 20171214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
bEisWzebis

Product QQqW7eovOV
Original name awhy.exe
Internal name awhy.exe
File version 14.92.12.90
Description cocXy5js0Q
Comments v2bFeKlcJN
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-12 14:28:03
Entry Point 0x0004547E
Number of sections 3
.NET details
Module Version ID 64e53afc-343e-4708-a67e-a9c4b49881cd
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
v2bFeKlcJN

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.92.12.90

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
cocXy5js0Q

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x4547e

OriginalFileName
awhy.exe

MIMEType
application/octet-stream

LegalCopyright
bEisWzebis

FileVersion
14.92.12.90

TimeStamp
2017:12:12 15:28:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
awhy.exe

ProductVersion
14.92.12.90

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
vsaaovb9u0

CodeSize
275968

ProductName
QQqW7eovOV

ProductVersionNumber
14.92.12.90

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
99.33.91.77

Compressed bundles
File identification
MD5 ab426b32e4e1567db6ecb7d48bdcd64d
SHA1 3b376b9b45a721a4f468a3eeb7c3e90600ab29db
SHA256 4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7
ssdeep
6144:ceHmh27PYt9G7ZGyqzvHwEm3DEFA4BHSCO3Il5rzl6Fx6WD:2hH3EZp0HwreBPOYPrh6Fx6WD

authentihash db6ded387063244ec3c8683a769990d82272df30fec7bf8abaef0f46596741bb
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 271.5 KB ( 278016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-12-14 07:10:18 UTC ( 1 year, 5 months ago )
Last submission 2018-05-24 21:30:41 UTC ( 12 months ago )
File names 9835afe5bc5eb192408bfe63959616aabf2e133c
ab426b32e4e1567db6ecb7d48bdcd64d.exe
awhy.exe
output.112597071.txt
VirusShare_ab426b32e4e1567db6ecb7d48bdcd64d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications