× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a5c9db601114830430063e4c4735c0ac9dffdb071831b9438fd3f0ca249839e
File name: conmsyrtl.exe
Detection ratio: 54 / 61
Analysis date: 2017-04-23 07:53:53 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7136652 20170423
AegisLab Troj.W32.Gen.l0po 20170423
AhnLab-V3 Worm/Win32.IRCBot.R76234 20170422
ALYac Trojan.Generic.7136652 20170423
Antiy-AVL Trojan[Spy]/Win32.Zbot.adva 20170423
Arcabit Trojan.Generic.D6CE58C 20170423
Avast Win32:Malware-gen 20170423
AVG PSW.Generic7.BQTW 20170423
Avira (no cloud) TR/Patched.Ren.Gen 20170422
AVware Trojan.Win32.Vbinject.mzob (v) 20170423
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170421
BitDefender Trojan.Generic.7136652 20170423
Bkav W32.Clodce3.Trojan.4dfd 20170422
CAT-QuickHeal Trojan.Vbinjectdz 20170422
CMC Trojan-Spy.Win32.Zbot!O 20170421
Comodo TrojWare.Win32.Injector.dec 20170423
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/VBInject.L.gen!Eldorado 20170423
DrWeb Trojan.VbCrypt.8 20170423
Emsisoft Trojan.Generic.7136652 (B) 20170423
Endgame malicious (high confidence) 20170419
ESET-NOD32 a variant of Win32/Injector.AEN 20170423
F-Prot W32/VBInject.L.gen!Eldorado 20170423
F-Secure Trojan.Generic.7136652 20170423
Fortinet W32/Refroso.BLC!tr 20170423
GData Trojan.Generic.7136652 20170423
Ikarus Trojan.Win32.Zmunik 20170423
Sophos ML generic.a 20170413
Jiangmin TrojanSpy.Zbot.fdxs 20170422
K7AntiVirus Trojan ( 0015546f1 ) 20170423
K7GW Trojan ( 0015546f1 ) 20170423
Kaspersky Trojan-Spy.Win32.Zbot.adva 20170423
McAfee RDN/Generic PWS.y 20170423
McAfee-GW-Edition RDN/Generic PWS.y 20170423
Microsoft VirTool:Win32/VBInject.gen!DZ 20170423
eScan Trojan.Generic.7136652 20170423
NANO-Antivirus Trojan.Win32.VB.bbgpo 20170423
nProtect Trojan-Spy/W32.ZBot.237814 20170423
Palo Alto Networks (Known Signatures) generic.ml 20170423
Panda Trj/Genetic.gen 20170422
Qihoo-360 Malware.Radar01.Gen 20170423
Rising Trojan.VBInject!1.6541 (classic) 20170423
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Inject-Q 20170423
Tencent Win32.Trojan-spy.Zbot.Eibk 20170423
TotalDefense Win32/VBInject.C!generic 20170423
TrendMicro Cryp_Mangled 20170423
TrendMicro-HouseCall Suspicious_GEN.F47V0411 20170423
VBA32 SScope.Trojan.VBO.097 20170421
VIPRE Trojan.Win32.Vbinject.mzob (v) 20170423
ViRobot Trojan.Win32.Zbot.180368[h] 20170423
Webroot Vir.Tool.Gen 20170423
Yandex TrojanSpy.Zbot!Gvt6xe8QydU 20170421
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.adva 20170423
Alibaba 20170421
ClamAV 20170423
Kingsoft 20170423
Malwarebytes 20170423
SUPERAntiSpyware 20170423
Symantec Mobile Insight 20170422
TheHacker 20170420
Trustlook 20170423
WhiteArmor 20170409
Zillya 20170421
Zoner 20170423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-10-02 07:26:33
Entry Point 0x000010E0
Number of sections 3
PE sections
Overlays
MD5 99d0eed4337b8c1fd24c225e239833e7
File type data
Offset 180368
Size 57446
Entropy 8.00
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.0.0.0

LanguageCode
Spanish (Modern)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x10e0

OriginalFileName
stub crypter.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2009:10:02 08:26:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub crypter

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
DOS

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
l ll

CodeSize
167936

ProductName
l l

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ffb4aac3e7e9b4e93b24e697e0660de5
SHA1 64af0bed03333f3524413761e34ae4f25d03e20c
SHA256 4a5c9db601114830430063e4c4735c0ac9dffdb071831b9438fd3f0ca249839e
ssdeep
3072:KLaGyjFQ7YRS2b8gs31pqKgNWQhhCyK4ql:vM4U

authentihash 8708025e6d975719c0d2eac66a9c2bec21de6be8d8c29fa06b3b04344d25498a
File size 232.2 KB ( 237814 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-11 11:01:40 UTC ( 1 year, 8 months ago )
Last submission 2017-04-11 11:01:40 UTC ( 1 year, 8 months ago )
File names conmsyrtl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!