× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b3fb1cc0c9fb34b06fda489890d2bf8f3e0eb29629a9a82d4a1d8b0c6716ac5
File name: Virus.exe.exe
Detection ratio: 41 / 53
Analysis date: 2016-06-29 16:31:19 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.MSIL.Krypt.5 20160629
AegisLab Troj.W32.Gen.medT 20160629
AhnLab-V3 Trojan/Win32.Agent.R134764 20160629
Antiy-AVL RiskWare[PSWTool]/Win32.NetPass.cif 20160629
Arcabit Trojan.MSIL.Krypt.5 20160629
Avast MSIL:Stealer-BH [PUP] 20160629
AVG PSW.ILUSpy 20160629
Avira (no cloud) TR/Hijacker.A.31 20160629
AVware Trojan-Spy.MSIL.Golroted.a (v) 20160629
Baidu Win32.Trojan-Spy.KeyLogger.b 20160629
BitDefender Gen:Heur.MSIL.Krypt.5 20160629
ClamAV Win.Trojan.Agent-1300246 20160629
Comodo TrojWare.MSIL.TrojanSpy.Golroted.ED 20160629
Cyren W32/Netpass.A2.gen!Eldorado 20160629
DrWeb Trojan.PWS.Stealer.13025 20160629
Emsisoft Gen:Heur.MSIL.Krypt.5 (B) 20160629
ESET-NOD32 a variant of MSIL/Autorun.Spy.Agent.AU 20160629
F-Prot W32/Netpass.A2.gen!Eldorado 20160629
F-Secure Gen:Heur.MSIL.Krypt.5 20160629
Fortinet MSIL/Injector.PE!tr 20160629
GData Gen:Heur.MSIL.Krypt.5 20160629
Ikarus Worm.MSIL.Autorun 20160629
Jiangmin Trojan/MSIL.anzh 20160629
K7AntiVirus Trojan ( 700000121 ) 20160629
K7GW Trojan ( 700000121 ) 20160629
Kaspersky not-a-virus:PSWTool.Win32.NetPass.cif 20160629
Malwarebytes Spyware.HawkEyeKeyLogger 20160629
McAfee Dropper-FNT!314DB3D02E61 20160629
McAfee-GW-Edition Dropper-FNT!314DB3D02E61 20160629
Microsoft TrojanSpy:MSIL/Golroted.A 20160629
eScan Gen:Heur.MSIL.Krypt.5 20160629
NANO-Antivirus Trojan.Win32.Inject.didvzl 20160629
Panda Trj/CI.A 20160629
Qihoo-360 QVM03.0.Malware.Gen 20160629
Sophos AV Troj/MSIL-GZJ 20160629
Symantec W32.Golroted!gen2 20160629
Tencent Win32.Trojan.Hijacker.Lgtp 20160629
TrendMicro TSPY_MSILOG.SM 20160629
TrendMicro-HouseCall TSPY_MSILOG.SM 20160629
VBA32 Trojan.MSIL.Inject 20160629
VIPRE Trojan-Spy.MSIL.Golroted.a (v) 20160629
Alibaba 20160629
ALYac 20160629
Bkav 20160629
CAT-QuickHeal 20160629
CMC 20160627
Kingsoft 20160629
nProtect 20160629
SUPERAntiSpyware 20160629
TheHacker 20160628
ViRobot 20160629
Zillya 20160629
Zoner 20160629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product Phulli
Original name Phulli.exe
Internal name Phulli.exe
File version 1.0.0.0
Description Phulli
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-28 22:52:43
Entry Point 0x00080C5E
Number of sections 3
.NET details
Module Version ID fe1b95b1-c9f2-45a5-9899-c0ddeb1bcffd
TypeLib ID 8fcd4931-91a2-4e18-849b-70de34ab75df
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
13312

EntryPoint
0x80c5e

OriginalFileName
Phulli.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1.0.0.0

TimeStamp
2016:06:28 23:52:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Phulli.exe

ProductVersion
1.0.0.0

FileDescription
Phulli

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
519680

ProductName
Phulli

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 314db3d02e6192d758b6d881a076bb87
SHA1 468ea7145e177a8ec993fb64494b25750aa36db9
SHA256 4b3fb1cc0c9fb34b06fda489890d2bf8f3e0eb29629a9a82d4a1d8b0c6716ac5
ssdeep
6144:3ueqaudlbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9S:idlQtqB5urTIoYWBQk1E+VF9mOx9Yi

authentihash 7472b268c96eb4b70575ed043f0906b9f287033b3542cfda4760db4ec3733ddc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 521.0 KB ( 533504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (42.5%)
InstallShield setup (25.0%)
Win64 Executable (generic) (16.0%)
Windows screen saver (7.6%)
Win32 Dynamic Link Library (generic) (3.8%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-06-29 03:00:59 UTC ( 2 years, 8 months ago )
Last submission 2016-06-29 16:31:19 UTC ( 2 years, 8 months ago )
File names Virus.exe.exe
Phulli.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications