× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e7cc2c1b3e8bb6ed8d9016420daed0585d0cbd75d5616830a4c184024371a51
File name: 4b64dc7993800e0fb60410471356a976.exe
Detection ratio: 39 / 55
Analysis date: 2017-01-06 06:21:03 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3772930 20170106
AegisLab Suspar.Gen!c 20170106
AhnLab-V3 JS/Obfus.S172 20170106
ALYac Trojan.GenericKD.3772930 20170106
Antiy-AVL Trojan/Generic.ASMalwRG.94 20170106
Arcabit Trojan.Generic.D399202 20170106
Avast JS:Downloader-DVI [Trj] 20170106
AVG Downloader.Generic_c.ANIZ 20170106
Avira (no cloud) HEUR/Suspar.Gen 20170105
Baidu JS.Trojan-Downloader.Nemucod.pe 20170105
BitDefender Trojan.GenericKD.3772930 20170106
CAT-QuickHeal JS.Locky.JO 20170105
ClamAV Txt.Malware.Agent-1845647 20170105
Comodo TrojWare.Win32.TrojanDownloader.Nemucod.~BQM 20170106
Cyren JS/Locky.BF 20170106
DrWeb JS.DownLoader.2817 20170106
Emsisoft Trojan.GenericKD.3772930 (B) 20170106
ESET-NOD32 JS/TrojanDownloader.Nemucod.BQM 20170106
F-Prot JS/Locky.BF 20170106
F-Secure Trojan.GenericKD.3772930 20170106
Fortinet JS/Nemucod.BQM!tr 20170106
GData Trojan.GenericKD.3772930 20170106
Ikarus Trojan-Downloader.VBS.Agent 20170105
K7AntiVirus Trojan ( 004dfe6d1 ) 20170105
K7GW Trojan ( 004dfe6d1 ) 20170106
Kaspersky Trojan-Downloader.JS.Agent.ned 20170106
McAfee JS/Nemucod.pj 20170106
McAfee-GW-Edition JS/Nemucod.pj 20170106
Microsoft TrojanDownloader:JS/Nemucod.AAS 20170106
eScan Trojan.GenericKD.3772930 20170106
NANO-Antivirus Trojan.Script.Agent.ekbmtd 20170106
Panda Trj/RansomCrypt.E 20170105
Qihoo-360 Win32/Trojan.978 20170106
Rising Trojan.Obfus/JS!1.A601-iGEqIiNerZN (cloud) 20170106
Sophos Mal/DrodZp-A 20170106
Tencent Js.Trojan.Raas.Auto 20170106
TrendMicro JS_NEMUCOD.SMXD1 20170106
ViRobot JS.S.Downloader.12434.A[h] 20170106
Zillya Downloader.Nemucod.JS.70 20170104
Alibaba 20170106
AVware 20170106
Bkav 20170104
CMC 20170105
CrowdStrike Falcon (ML) 20161024
Invincea 20161216
Jiangmin 20170106
Kingsoft 20170106
Malwarebytes 20170106
nProtect 20170106
SUPERAntiSpyware 20170106
Symantec 20170106
TheHacker 20170104
TrendMicro-HouseCall 20170106
Trustlook 20170106
VBA32 20170103
VIPRE 20170106
WhiteArmor 20161221
Yandex 20170105
Zoner 20170106
The file being studied is a compressed stream! More specifically, it is a ZIP file.
Contained files
Compression metadata
Contained files
1
Uncompressed size
12434
Highest datetime
2016-11-25 12:38:18
Lowest datetime
2016-11-25 12:38:18
Contained files by extension
js
1
Contained files by type
unknown
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x4aa68fc0

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
12434

ZipCompressedSize
2766

FileTypeExtension
zip

ZipFileName
HQ4ot7vkx4.js

ZipBitFlag
0

ZipModifyDate
2016:11:25 12:38:09

File identification
MD5 4b64dc7993800e0fb60410471356a976
SHA1 f8492ee8e058b59249d9c4fd45bc58d52da136e0
SHA256 4e7cc2c1b3e8bb6ed8d9016420daed0585d0cbd75d5616830a4c184024371a51
ssdeep
48:9+fs9hDov/JMZ3B55er260/RDjqMh/2yVWTkCZhgUZb9L6d1xeFhHYY90AVZrZL:6s9dovaZR5e0ZKE/GwCrFbp41AhHYurZ

File size 2.8 KB ( 2890 bytes )
File type ZIP
Magic literal
Zip archive data, at least v2.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
attachment zip

VirusTotal metadata
First submission 2016-11-25 10:11:01 UTC ( 7 months ago )
Last submission 2017-01-06 06:21:03 UTC ( 5 months, 2 weeks ago )
File names 42c55daadb0853d6503af00a6d25e927
7a1c6a110ff942d885d278a7112f2ad6
7bd8146188bda9b3771cba9afbabbe8c
f27f702018cf987364be9a22cf740f5f
payment_admin.zip
payment_drzibl.075842.zip
8ea97a71909c2e65be8e372af04098bb
d82733934b863bc0019ee26b8e2f96f002afde66
7a591868c67d644b6975e4d93046cea9
04b95a65682db6e5311a77c13fc4ea9c
d29613164d462fbd9548f21ba14a5b5b
2c146b76b66793badefd9b439061dbe9
79bd86ba2ecc2c7919a64c605402f70c
payment_kohno.zip
3fcb7dd4768a8d8438bbadbf9145e085
9e28d11264e0f29554ccc99a20d5a008
db424145c38a01a33fbadde0044d3b9d
4b64dc7993800e0fb60410471356a976.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!