× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 486c91c9abc472ac9adb9fd70fa7368fbbef4c2f1bbe62686125a911397651e6
File name: juan.exe
Detection ratio: 40 / 49
Analysis date: 2014-03-19 03:54:46 UTC ( 1 month ago )
Antivirus Result Update
AVG Dropper.Generic9.BZG 20140317
Ad-Aware Trojan.GenericKD.1439239 20140319
Agnitum Trojan.DR.Sysn! 20140318
AhnLab-V3 Trojan/Win32.Sysn 20140318
AntiVir TR/Crypt.Xpack.6866 20140319
Antiy-AVL Trojan[Dropper]/Win32.Sysn 20140319
Avast Win32:Dropper-gen [Drp] 20140319
Baidu-International Trojan.Win32.Sysn.AKW 20140318
BitDefender Trojan.GenericKD.1439239 20140319
CAT-QuickHeal Trojan.Sisron 20140318
Commtouch W32/Trojan.POPR-6174 20140319
Comodo TrojWare.Win32.TrojanDropper.Sysn.~AAHE 20140319
DrWeb Tool.BtcMine.130 20140319
ESET-NOD32 MSIL/CoinMiner.FN 20140319
Emsisoft Trojan.GenericKD.1439239 (B) 20140319
F-Secure Trojan.GenericKD.1439239 20140319
Fortinet W32/Sysn.AAHE!tr 20140319
GData Trojan.GenericKD.1439239 20140319
Ikarus Trojan-Dropper.Win32.Sysn 20140319
K7AntiVirus Riskware ( 0040eff71 ) 20140318
K7GW Riskware ( 0040eff71 ) 20140318
Kaspersky Trojan-Dropper.Win32.Sysn.aahe 20140319
Malwarebytes Trojan.Agent.MNR 20140319
McAfee RDN/Generic Dropper!sn 20140319
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E 20140319
MicroWorld-eScan Trojan.GenericKD.1439239 20140319
Microsoft Trojan:Win32/Sisron 20140319
NANO-Antivirus Riskware.Win32.BtcMine.croexq 20140319
Norman Troj_Generic.RPECG 20140318
Panda Trj/CI.A 20140318
Qihoo-360 Win32/Trojan.6d0 20140319
Sophos Mal/Generic-S 20140319
Symantec WS.Reputation.1 20140319
TotalDefense Win32/Tnega.YaEEJID 20140318
TrendMicro TROJ_GEN.R0CBC0DLB13 20140319
TrendMicro-HouseCall TROJ_GEN.R0CBC0DLB13 20140319
VBA32 TrojanDropper.Sysn 20140318
VIPRE Win32.Malware!Drop 20140319
ViRobot Trojan.Win32.Agent.615424.A 20140319
nProtect Trojan-Dropper/W32.Sysn.615424 20140318
Bkav 20140318
ByteHero 20140227
CMC 20140313
ClamAV 20140319
F-Prot 20140319
Jiangmin 20140318
Kingsoft 20140319
Rising 20140318
SUPERAntiSpyware 20140319
TheHacker 20140314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright

Original name juan.exe
Internal name juan.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-28 05:16:43
Link date 6:16 AM 11/28/2013
Entry Point 0x0008A42E
Number of sections 4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
55808

OriginalFilename
juan.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2013:11:28 06:16:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
juan.exe

FileAccessDate
2014:03:19 04:54:49+01:00

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:03:19 04:54:49+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
558592

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x8a42e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 804818386fdde1b2cec4098bad418bb3
SHA1 5dad8cd46be8470b718abcb31b2b7d8b2b945a87
SHA256 486c91c9abc472ac9adb9fd70fa7368fbbef4c2f1bbe62686125a911397651e6
ssdeep
12288:13m9zV6LfPX5BGJupMwZmu3EyH1o3smtN+ctSVaH:1KiZBGJ2Pr3EyHWcm+H8H

imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 601.0 KB ( 615424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2013-11-29 00:22:49 UTC ( 4 months, 3 weeks ago )
Last submission 2013-12-12 14:19:36 UTC ( 4 months, 1 week ago )
File names flashplayerv10.1.57.108.exe
5dad8cd46be8470b718abcb31b2b7d8b2b945a87
17851049
17851051
file-6316123_exe
FlashPlayerV10.1.57.108.exe
juan.exe
output.17851051.txt
FlashPlayerV10.1.57.108.vxe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!