| SHA256: | 4ad455366097aca956116579d12703032d4beb76c5aa86d4bd1fe0fb6964bda2 |
| File name: | explorer.exe |
| Detection ratio: | 25 / 66 |
| Analysis date: | 2018-05-21 23:14:12 UTC ( 9 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Gen:Variant.Ursu.185134 | 20180521 |
| AhnLab-V3 | Trojan/Win32.Kryptik.R226752 | 20180521 |
| ALYac | Gen:Variant.Ursu.185134 | 20180521 |
| Arcabit | Trojan.Ursu.D2D32E | 20180521 |
| BitDefender | Gen:Variant.Ursu.185134 | 20180521 |
| CAT-QuickHeal | Trojan.Generic.FC.1568 | 20180521 |
| Cylance | Unsafe | 20180522 |
| Emsisoft | Gen:Variant.Ursu.185134 (B) | 20180521 |
| Endgame | malicious (moderate confidence) | 20180507 |
| ESET-NOD32 | a variant of MSIL/Kryptik.NUV | 20180521 |
| F-Secure | Gen:Variant.Ursu.185134 | 20180521 |
| Fortinet | MSIL/Kryptik.NUV!tr | 20180521 |
| GData | Gen:Variant.Ursu.185134 | 20180521 |
| Sophos ML | heuristic | 20180503 |
| K7AntiVirus | Trojan ( 0052f1161 ) | 20180521 |
| K7GW | Trojan ( 0052f1161 ) | 20180521 |
| Kaspersky | HEUR:Trojan.MSIL.Generic | 20180521 |
| MAX | malware (ai score=87) | 20180522 |
| McAfee | Packed-FFT!42C20EBC3194 | 20180521 |
| McAfee-GW-Edition | BehavesLike.Win32.Trojan.gc | 20180521 |
| eScan | Gen:Variant.Ursu.185134 | 20180521 |
| Qihoo-360 | HEUR/QVM03.0.51D1.Malware.Gen | 20180522 |
| SentinelOne (Static ML) | static engine - malicious | 20180225 |
| Webroot | W32.Trojan.Gen | 20180522 |
| ZoneAlarm by Check Point | HEUR:Trojan.MSIL.Generic | 20180521 |
| AegisLab | 20180521 | |
| Alibaba | 20180521 | |
| Antiy-AVL | 20180521 | |
| Avast | 20180521 | |
| Avast-Mobile | 20180520 | |
| AVG | 20180521 | |
| Avira (no cloud) | 20180521 | |
| AVware | 20180521 | |
| Babable | 20180406 | |
| Baidu | 20180521 | |
| Bkav | 20180521 | |
| ClamAV | 20180521 | |
| CMC | 20180521 | |
| Comodo | 20180521 | |
| CrowdStrike Falcon (ML) | 20180202 | |
| Cybereason | None | |
| Cyren | 20180521 | |
| DrWeb | 20180521 | |
| eGambit | 20180522 | |
| F-Prot | 20180521 | |
| Ikarus | 20180521 | |
| Jiangmin | 20180521 | |
| Kingsoft | 20180522 | |
| Malwarebytes | 20180521 | |
| Microsoft | 20180521 | |
| NANO-Antivirus | 20180521 | |
| nProtect | 20180521 | |
| Palo Alto Networks (Known Signatures) | 20180522 | |
| Panda | 20180521 | |
| Rising | 20180521 | |
| Sophos AV | 20180522 | |
| SUPERAntiSpyware | 20180521 | |
| Symantec | 20180521 | |
| Symantec Mobile Insight | 20180518 | |
| Tencent | 20180522 | |
| TheHacker | 20180516 | |
| TotalDefense | 20180520 | |
| TrendMicro | 20180521 | |
| TrendMicro-HouseCall | 20180521 | |
| Trustlook | 20180522 | |
| VBA32 | 20180521 | |
| VIPRE | 20180521 | |
| ViRobot | 20180521 | |
| Yandex | 20180518 | |
| Zillya | 20180521 | |
| Zoner | 20180521 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2018 Microsoft Corporation. All rights reserved.
Product VS Code By Microsoft
Original name VS_Code.exe
Internal name VS_Code.exe
File version 1.22.0.0
Comments VS Code By Microsoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-21 22:06:26
Entry Point 0x0006F82E
Number of sections 3
.NET details
Module Version ID
5b6e4764-eafe-403c-aed2-3d24e6bfb35a
PE sections
PE imports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0
Comments
VS Code By Microsoft
InitializedDataSize
2560
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
1.22.0.0
LanguageCode
Neutral
FileFlagsMask
0x003f
ImageFileCharacteristics
Executable, 32-bit
CharacterSet
Unicode
LinkerVersion
8.0
EntryPoint
0x6f82e
OriginalFileName
VS_Code.exe
MIMEType
application/octet-stream
LegalCopyright
2018 Microsoft Corporation. All rights reserved.
FileVersion
1.22.0.0
TimeStamp
2018:05:21 23:06:26+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
VS_Code.exe
ProductVersion
1.22.0.0
UninitializedDataSize
0
OSVersion
4.0
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CompanyName
Microsoft Corporation
CodeSize
449024
ProductName
VS Code By Microsoft
ProductVersionNumber
1.22.0.0
FileTypeExtension
exe
ObjectFileType
Executable application
AssemblyVersion
1.22.0.0
File identification
MD5 42c20ebc31943be46342e75eba0720ea
SHA1 5c48ea39ea2f1d62caf93939c8fa6aa24793a014
SHA256 4ad455366097aca956116579d12703032d4beb76c5aa86d4bd1fe0fb6964bda2
ssdeep
6144:zyVvC0VQg3YzOxiHYbXaBXsJZDLf+7u16wR4u4zJvYNI+Do06Hh+ViSjSXZu:zSK0V1c2Vqom7O6wR8JvmhDS7X
File size
441.5 KB ( 452096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
| TrID |
Generic CIL Executable (.NET, Mono, etc.) (62.0%) Win64 Executable (generic) (23.4%) Win32 Dynamic Link Library (generic) (5.5%) Win32 Executable (generic) (3.8%) OS/2 Executable (generic) (1.7%) |
Tags
peexe
assembly
VirusTotal metadata
First submission
2018-05-21 23:14:12 UTC ( 9 months ago )
Last submission
2018-05-23 06:01:25 UTC ( 9 months ago )
| File names |
OM Group Inc(07).gxe VS_Code.exe explorer.exe |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.