× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4fe374d377dcc5a746e2c3e5ff0161e481d053bc10901e8f0ad6481a5df2f7af
File name: Downloads.exe
Detection ratio: 59 / 65
Analysis date: 2017-09-18 00:08:38 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.MSIL.Agent.BJN 20170918
AegisLab Troj.MSIL.Agent.bhkp!c 20170917
AhnLab-V3 Worm/Win32.Agent.R47867 20170917
ALYac Trojan.MSIL.Agent.BJN 20170917
Antiy-AVL Worm/MSIL.Agent.aet 20170917
Arcabit Trojan.MSIL.Agent.BJN 20170917
Avast MSIL:Agent-ABU [Trj] 20170918
AVG MSIL:Agent-ABU [Trj] 20170918
Avira (no cloud) TR/Spy.Gen8 20170917
AVware Trojan.Win32.Generic!BT 20170917
Baidu Win32.Worm.Agent.x 20170915
BitDefender Trojan.MSIL.Agent.BJN 20170917
CAT-QuickHeal Worm.Mofin.A3 20170916
ClamAV Win.Trojan.Agent-1344665 20170917
Comodo Worm.MSIL.Agent.AY 20170917
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170918
Cyren W32/MSIL_Agent.K.gen!Eldorado 20170917
DrWeb Trojan.MulDrop7.36864 20170917
Emsisoft Trojan.MSIL.Agent.BJN (B) 20170917
Endgame malicious (high confidence) 20170821
ESET-NOD32 MSIL/Agent.AY 20170917
F-Prot W32/MSIL_Agent.K.gen!Eldorado 20170917
F-Secure Trojan.MSIL.Agent.BJN 20170917
Fortinet MSIL/Agent.QBS!tr 20170917
GData Trojan.MSIL.Agent.BJN 20170917
Ikarus Worm.Win32.Msil 20170917
Sophos ML heuristic 20170914
Jiangmin Worm.MSIL.aaf 20170918
K7AntiVirus NetWorm ( 0040f2cb1 ) 20170917
K7GW NetWorm ( 0040f2cb1 ) 20170917
Kaspersky Worm.MSIL.Agent.aet 20170917
Kingsoft Win32.Troj.Agent.al.(kcloud) 20170918
Malwarebytes Trojan.Agent.MSIL 20170917
MAX malware (ai score=86) 20170918
McAfee GenericRXAE-NK!529039EA1E25 20170917
McAfee-GW-Edition GenericRXAE-NK!529039EA1E25 20170917
Microsoft Worm:MSIL/Mofin.A 20170917
eScan Trojan.MSIL.Agent.BJN 20170917
NANO-Antivirus Trojan.Win32.Agent.cqkyab 20170917
Palo Alto Networks (Known Signatures) generic.ml 20170918
Panda Generic Malware 20170917
Qihoo-360 HEUR/Malware.QVM03.Gen 20170918
Rising Trojan.Generic (cloud:F9nc3ZHdiVS) 20170917
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Mofin-A 20170918
SUPERAntiSpyware Worm.Necast 20170917
Symantec Infostealer 20170917
Tencent Msil.Worm.Agent.Suxk 20170918
TheHacker Trojan/Agent.ay 20170916
TotalDefense Win32/Tnega.ASFT 20170917
TrendMicro TROJ_SPNR.06HF13 20170917
TrendMicro-HouseCall TROJ_SPNR.06HF13 20170918
VBA32 Trojan.MSIL.Agent 20170915
VIPRE Trojan.Win32.Generic!BT 20170917
Webroot W32.Rogue.Gen 20170918
Yandex Trojan.Agent!Ic9Jam9pr4A 20170908
Zillya Worm.Agent.Win32.24791 20170916
ZoneAlarm by Check Point Worm.MSIL.Agent.aet 20170918
Alibaba 20170911
Avast-Mobile 20170829
CMC 20170917
nProtect 20170917
Symantec Mobile Insight 20170917
Trustlook 20170918
ViRobot 20170917
WhiteArmor 20170829
Zoner 20170917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011

Product WindowsFormsApplication5
Original name WindowsFormsApplication5.exe
Internal name WindowsFormsApplication5.exe
File version 1.0.0.0
Description Host Process for Windows Services
Comments Host Process for Windows Services
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00005E1E
Number of sections 3
.NET details
Module Version ID e395e0e4-dd99-4c0b-950a-1917cd4ef52a
TypeLib ID c427b839-4281-417b-85d9-a6960db7031f
PE sections
Overlays
MD5 811cb88be5661d42f5514d1ecbd2345f
File type data
Offset 215040
Size 14336
Entropy 7.94
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Host Process for Windows Services

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Host Process for Windows Services

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
89088

EntryPoint
0x5e1e

OriginalFileName
WindowsFormsApplication5.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
1.0.0.0

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
WindowsFormsApplication5.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
16384

ProductName
WindowsFormsApplication5

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 529039ea1e25c7d74567e9ee935a4778
SHA1 e8f012fffc3d0b5b206aae3a1ca1bcdffe111dd2
SHA256 4fe374d377dcc5a746e2c3e5ff0161e481d053bc10901e8f0ad6481a5df2f7af
ssdeep
6144:X3znqksQRa/8vx9hFVrZaWPhtyA+T8Z0Y7v6tR:X3znqks6u87hFBDT+cmtR

authentihash 3a51d5354d66c281de24be9e8fa0766ec8bbc7cf3ddb9b409b3ece13faf9564f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2013-07-22 03:49:28 UTC ( 5 years, 10 months ago )
Last submission 2019-03-06 04:02:41 UTC ( 2 months, 2 weeks ago )
File names IntruderP.exe
fonts.exe
flags.exe
font.exe
payment.exe
WindowsFormsApplication5.exe
16.exe
My Music.exe
images.exe
media.exe
slate.exe
vt-upload-2Zfkj
suchost..gxe
4fe374d377dcc5a746e2c3e5ff0161e481d053bc10901e8f0ad6481a5df2f7af.bin
colorpicker.exe
plugins.exe
ui-lightness.exe
js.exe
ow.exe
svchost..exe
529039ea1e25c7d74567e9ee935a4778.vir
529039ea1e25c7d74567e9ee935a4778
128.exe
64.exe
movies.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!