× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d5392a9cc29043abc871155cc18803aedef984823cc4770867a3b225a8bb43a
File name: o.exe
Detection ratio: 36 / 70
Analysis date: 2019-01-21 12:10:04 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Trojan.GenericKD.40958117 20190121
ALYac Trojan.GenericKD.40958117 20190121
Avast Win32:Trojan-gen 20190121
AVG Win32:Trojan-gen 20190121
BitDefender Trojan.GenericKD.40958117 20190121
Comodo Malware@#39ivh6qz406uf 20190121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.cef19f 20190109
Cylance Unsafe 20190121
Cyren W32/MSIL_Injector.QG.gen!Eldorado 20190121
Emsisoft Trojan.GenericKD.40958117 (B) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Kryptik.QPE 20190121
F-Secure Trojan.GenericKD.40958117 20190121
Fortinet MSIL/Kryptik.QOG!tr 20190121
GData Win32.Trojan-Stealer.FormBook.XK9DPE 20190121
Ikarus Trojan-Stealer.Win32.FormBook 20190121
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005459db1 ) 20190121
K7GW Trojan ( 005459db1 ) 20190121
Kaspersky HEUR:Backdoor.MSIL.NanoBot.gen 20190121
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20190121
McAfee RDN/Generic BackDoor 20190121
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190121
Microsoft Trojan:Win32/Occamy.C 20190121
eScan Trojan.GenericKD.40958117 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Panda Trj/Genetic.gen 20190120
Qihoo-360 Win32/Backdoor.BO.5c9 20190121
Rising Backdoor.NanoBot!8.28C (CLOUD) 20190121
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/Generic-S 20190121
Symantec Trojan Horse 20190121
Trapmine malicious.high.ml.score 20190103
ZoneAlarm by Check Point HEUR:Backdoor.MSIL.NanoBot.gen 20190121
AegisLab 20190121
AhnLab-V3 20190121
Alibaba 20180921
Antiy-AVL 20190121
Arcabit 20190121
Avast-Mobile 20190121
Avira (no cloud) 20190121
AVware 20180925
Babable 20180918
Baidu 20190125
Bkav 20190121
CAT-QuickHeal 20190121
ClamAV 20190121
CMC 20190121
DrWeb 20190121
eGambit 20190121
F-Prot 20190126
Jiangmin 20190121
Kingsoft 20190121
MAX 20190121
NANO-Antivirus 20190121
SUPERAntiSpyware 20190116
TACHYON 20190121
Tencent 20190121
TheHacker 20190118
TotalDefense 20190121
TrendMicro 20190126
TrendMicro-HouseCall 20190126
Trustlook 20190121
VBA32 20190121
ViRobot 20190121
Webroot 20190121
Zillya 20190125
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 Lam Research Corporation

Product Default Document handler
Original name o.exe
Internal name o.exe
File version 17.3.10.3
Description Default Document handler
Comments umiyehavoyikiwomavaxij
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1971-03-13 22:16:23
Entry Point 0x0005E94E
Number of sections 3
.NET details
Module Version ID 0e607c57-2eaa-4fce-abea-2ef91d834000
TypeLib ID 3a09dcac-2458-4ddf-b5c8-a1008d9235f1
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
umiyehavoyikiwomavaxij

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.3.10.3

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Default Document handler

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x5e94e

OriginalFileName
o.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Lam Research Corporation

FileVersion
17.3.10.3

TimeStamp
1971:03:13 22:16:23+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
o.exe

ProductVersion
17.3.10.3

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lam Research Corporation

CodeSize
379392

ProductName
Default Document handler

ProductVersionNumber
17.3.10.3

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 e67d13a837af8935f301bd7b9e823902
SHA1 25e5d49cef19fb764c5fdaae43fb1a3f2f183b67
SHA256 4d5392a9cc29043abc871155cc18803aedef984823cc4770867a3b225a8bb43a
ssdeep
6144:f9J+Kvt/HmSokpp45cp+LX7upz92yjR6C+hShLpwAElA7A7d18WZIp:maBmSZ4AWmzEwgcpwAErd

authentihash 75a70d7910eee3f0319ac7aa9398f1d83f0a382ca458ee59e45435e554393dd5
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 373.5 KB ( 382464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2019-01-17 22:46:09 UTC ( 4 months, 1 week ago )
Last submission 2019-01-23 11:38:37 UTC ( 4 months ago )
File names o.exe
output.114999278.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!