× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47f892a7e4d594d84dcfc26b224d33a389c64d812e5b57933110ee755c12a848
File name: WindowsFile64984.exe
Detection ratio: 35 / 65
Analysis date: 2018-01-30 12:58:38 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
AegisLab Backdoor.W32.Generic!c 20180130
Avast Win32:Malware-gen 20180130
AVG Win32:Malware-gen 20180130
Avira (no cloud) TR/Dropper.Gen 20180130
AVware Trojan.Win32.Generic!BT 20180130
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180130
CAT-QuickHeal Trojan.Generic.FC.3552 20180130
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.45bb20 20171103
Cylance Unsafe 20180130
DrWeb Trojan.PWS.Stealer.1932 20180130
eGambit Trojan.Generic 20180130
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Kryptik.LRA 20180130
GData Win32.Trojan.Agent.17A9DM 20180130
Ikarus Trojan-Spy.Agent 20180130
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0051d9f31 ) 20180130
K7GW Trojan ( 0051d9f31 ) 20180130
Kaspersky HEUR:Backdoor.Win32.Generic 20180130
Malwarebytes Spyware.Pony 20180130
McAfee Packed-XI!0AF070CC221B 20180130
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20180130
Microsoft PWS:Win32/Fareit 20180130
Palo Alto Networks (Known Signatures) generic.ml 20180130
Panda Trj/GdSda.A 20180129
Qihoo-360 Win32/Backdoor.d55 20180130
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/MSIL-TC 20180130
Symantec Trojan.Gen.2 20180130
Tencent Win32.Backdoor.Generic.Jme 20180130
TrendMicro TROJ_GEN.R002C0PAT18 20180130
TrendMicro-HouseCall TROJ_GEN.R002C0PAT18 20180130
VIPRE Trojan.Win32.Generic!BT 20180130
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Generic 20180130
Ad-Aware 20180130
AhnLab-V3 20180130
Alibaba 20180130
ALYac 20180130
Antiy-AVL 20180130
Arcabit 20180130
Avast-Mobile 20180130
BitDefender 20180130
Bkav 20180130
ClamAV 20180130
CMC 20180130
Comodo 20180130
Cyren 20180130
Emsisoft 20180130
F-Prot 20180130
Fortinet 20180130
Jiangmin 20180130
Kingsoft 20180130
MAX 20180130
eScan 20180130
NANO-Antivirus 20180130
nProtect 20180130
Rising 20180130
SUPERAntiSpyware 20180130
Symantec Mobile Insight 20180126
TheHacker 20180130
Trustlook 20180130
VBA32 20180130
ViRobot 20180130
Webroot 20180130
Yandex 20180112
Zillya 20180129
Zoner 20180130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-28 15:53:59
Entry Point 0x000358FE
Number of sections 4
.NET details
Module Version ID 66ccf99f-cc5a-47c7-a645-ed76c7d80871
PE sections
Overlays
MD5 105efd8384158423549d48a5490f1ca5
File type ASCII text
Offset 216064
Size 76504
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:01:28 16:53:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
211456

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
3584

SubsystemVersion
4.0

EntryPoint
0x358fe

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0af070cc221bacb980a493202e4d1333
SHA1 d7f148c45bb207e40342e9bd5f44530bf245174e
SHA256 47f892a7e4d594d84dcfc26b224d33a389c64d812e5b57933110ee755c12a848
ssdeep
6144:KZy5UN0SnRYc36beuHEhTkGY/UjEwob/H:KZy2NdnRYc3NhQGY/UjT2

authentihash cde106c450527d18ff7452731ac3933e6aefa1f8c07ad2033d4a271cfcb60b0b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 285.7 KB ( 292568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (45.1%)
Win32 Executable MS Visual C++ (generic) (19.2%)
Win64 Executable (generic) (17.0%)
Windows screen saver (8.0%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-01-29 11:01:21 UTC ( 7 months, 3 weeks ago )
Last submission 2018-01-29 11:01:21 UTC ( 7 months, 3 weeks ago )
File names WindowsFile64984.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications