× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46e18c07987e6888df1779cfd019f46d0faf5401a16c36611a94abf7e8947b07
File name: system32.exe
Detection ratio: 44 / 66
Analysis date: 2017-11-22 07:02:26 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.164087 20171122
AegisLab Troj.W32.Generic!c 20171122
ALYac Gen:Variant.Razy.164087 20171122
Arcabit Trojan.Razy.D280F7 20171122
Avast Win32:Malware-gen 20171122
AVG Win32:Malware-gen 20171122
Avira (no cloud) TR/ATRAPS.Gen 20171122
AVware Trojan.Win32.Generic!BT 20171122
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171121
BitDefender Gen:Variant.Razy.164087 20171122
CAT-QuickHeal TrjnDwnldr.MSIL.Steamilik.aaq.FC.3828 20171121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171122
Cyren W32/Trojan.GLYA-0888 20171122
DrWeb Trojan.DownLoader25.35759 20171122
Emsisoft Gen:Variant.Razy.164087 (B) 20171122
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.CXG 20171122
F-Secure Gen:Variant.Razy.164087 20171122
Fortinet MSIL/Generic.AP.775754!tr 20171122
GData Gen:Variant.Razy.164087 20171122
Ikarus Trojan-Downloader.MSIL.Agent 20171121
Sophos ML heuristic 20170914
Jiangmin Trojan.Generic.bahjz 20171122
K7AntiVirus Trojan-Downloader ( 005044871 ) 20171122
K7GW Trojan-Downloader ( 005044871 ) 20171122
Kaspersky HEUR:Trojan.Win32.Generic 20171122
Malwarebytes Trojan.Downloader 20171122
MAX malware (ai score=100) 20171122
McAfee GenericRXBP-HI!44D15A8B4C4A 20171122
McAfee-GW-Edition GenericRXBP-HI!44D15A8B4C4A 20171122
Microsoft TrojanDownloader:MSIL/Gendwnurl.BD!bit 20171122
eScan Gen:Variant.Razy.164087 20171122
Palo Alto Networks (Known Signatures) generic.ml 20171122
Panda Trj/GdSda.A 20171121
Qihoo-360 Win32/Trojan.67d 20171122
Sophos AV Mal/Generic-S 20171122
Tencent Msil.Trojan-downloader.Agent.Pefx 20171122
TrendMicro TROJ_GEN.R039C0DKK17 20171122
TrendMicro-HouseCall TROJ_GEN.R039C0DKK17 20171122
VIPRE Trojan.Win32.Generic!BT 20171122
Webroot W32.Malware.gen 20171122
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171122
AhnLab-V3 20171122
Alibaba 20171122
Avast-Mobile 20171122
Bkav 20171121
ClamAV 20171122
CMC 20171121
Comodo 20171122
eGambit 20171122
F-Prot 20171122
Kingsoft 20171122
NANO-Antivirus 20171122
nProtect 20171122
Rising 20171122
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171122
Symantec Mobile Insight 20171121
TheHacker 20171121
TotalDefense 20171122
Trustlook 20171122
VBA32 20171121
ViRobot 20171122
WhiteArmor 20171104
Yandex 20171120
Zillya 20171121
Zoner 20171122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2017

Product system32
Original name system32.exe
Internal name system32.exe
File version 1.2.3.5
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-09 11:10:58
Entry Point 0x000042AE
Number of sections 3
.NET details
Module Version ID 889aa3e8-2d77-438d-bae9-81c996ea3f35
TypeLib ID c32118c8-e3f2-45c3-aa04-d9b851b738d4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.3.5

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x42ae

OriginalFileName
system32.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2017

FileVersion
1.2.3.5

TimeStamp
2017:11:09 12:10:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
system32.exe

ProductVersion
1.2.3.5

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Simple Company

CodeSize
9216

ProductName
system32

ProductVersionNumber
1.2.3.5

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.2.3.5

Compressed bundles
File identification
MD5 44d15a8b4c4acf187cadfced1fbe13cf
SHA1 10cb4da3b4859de3336d0399ce64932b6eafa0f6
SHA256 46e18c07987e6888df1779cfd019f46d0faf5401a16c36611a94abf7e8947b07
ssdeep
192:HECp7Bt5KxYvV1TmdWNF9OvZw4UJQUhpGFzTx:ku7K+nTmduF9OvZw4UbhpmzTx

authentihash b756178d42b1c5ee90f08a0860349c60b2ab32d85274c8432ddcc9804b9bf6d8
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 11.0 KB ( 11264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (72.2%)
Windows screen saver (12.9%)
Win32 Dynamic Link Library (generic) (6.4%)
Win32 Executable (generic) (4.4%)
Generic Win/DOS Executable (1.9%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-11-21 12:09:32 UTC ( 7 months ago )
Last submission 2017-11-22 07:02:26 UTC ( 7 months ago )
File names 1002-10cb4da3b4859de3336d0399ce64932b6eafa0f6
system32.exe
44d15a8b4c4acf187cadfced1fbe13cf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications