× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4eaf9d1d436ff23df58bb9116295cae96d8b4c9beff73229d1c639a09b19a5d5
File name: crypted.120.exe
Detection ratio: 2 / 55
Analysis date: 2015-07-29 11:53:47 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
AVG Malware.509 20150729
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150729
Ad-Aware 20150729
AegisLab 20150729
Yandex 20150728
AhnLab-V3 20150729
Alibaba 20150729
ALYac 20150729
Antiy-AVL 20150729
Arcabit 20150729
Avast 20150729
Avira (no cloud) 20150729
AVware 20150729
Baidu-International 20150729
BitDefender 20150729
Bkav 20150729
ByteHero 20150729
CAT-QuickHeal 20150728
ClamAV 20150729
Comodo 20150729
Cyren 20150729
DrWeb 20150729
Emsisoft 20150729
ESET-NOD32 20150729
F-Prot 20150729
F-Secure 20150729
Fortinet 20150729
GData 20150729
Ikarus 20150729
Jiangmin 20150728
K7AntiVirus 20150729
K7GW 20150729
Kaspersky 20150729
Kingsoft 20150729
Malwarebytes 20150729
McAfee 20150729
McAfee-GW-Edition 20150729
Microsoft 20150729
eScan 20150729
NANO-Antivirus 20150729
nProtect 20150729
Panda 20150729
Rising 20150728
Sophos AV 20150729
SUPERAntiSpyware 20150728
Symantec 20150729
Tencent 20150729
TheHacker 20150728
TrendMicro 20150729
TrendMicro-HouseCall 20150729
VBA32 20150729
VIPRE 20150729
ViRobot 20150729
Zillya 20150729
Zoner 20150729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name DendrochronologyCutestCrasher.exe
Internal name DendrochronologyCutestCrasher.exe
File version .175165
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:25 PM 4/20/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-07-05 13:58:49
Entry Point 0x0003431E
Number of sections 3
.NET details
Module Version ID fbffbe2f-c026-44ee-899e-8e8f376338b3
PE sections
Overlays
MD5 ec81f746b71e2556617767ebc6476d86
File type data
Offset 233472
Size 6680
Entropy 7.50
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KYRGYZ DEFAULT 1
BULGARIAN DEFAULT 1
SPANISH CHILE 1
SPANISH NICARAGUA 1
PUNJABI DEFAULT 1
SPANISH GUATEMALA 1
SPANISH URUGUAY 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
27136

EntryPoint
0x3431e

OriginalFileName
DendrochronologyCutestCrasher.exe

MIMEType
application/octet-stream

FileVersion
.175165

TimeStamp
2004:07:05 14:58:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DendrochronologyCutestCrasher.exe

ProductVersion
.175165

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
205824

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
.175165

File identification
MD5 e751a941b7cb8e85b4949cc3e7e39027
SHA1 8832936a7035e42d020220c12bc776556ae7f044
SHA256 4eaf9d1d436ff23df58bb9116295cae96d8b4c9beff73229d1c639a09b19a5d5
ssdeep
6144:ibU8QuTK3xgBjGqokewyYWLQFsbJiOLmCN0HBRR2lzAl9E1xdJEq:ipRfewcmCN0R2afEzdX

authentihash 67d52042d362b986266c95c72ed8816e2de86a0bbf11efaa57edc13f05114b2e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 234.5 KB ( 240152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (49.5%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2015-07-29 11:01:05 UTC ( 3 years, 3 months ago )
Last submission 2015-10-28 17:27:33 UTC ( 3 years ago )
File names crypted.120(01).exe
8832936a7035e42d020220c12bc776556ae7f044_crypted.120.ex
crypted.120.exe
crypted.120.exe
Marw Kakridi.avi.exe
4042e7c7b52ef641e7548cba7f67f27c-4042e7c7b52ef641e7548cba7f67f27c-1438167589
DendrochronologyCutestCrasher.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EB01GU15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests