× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50a2e2b2b7c7e9ba312eb589f8dfca32faccab85eafd3db74028f3884c731a98
File name: output.114372027.txt
Detection ratio: 47 / 69
Analysis date: 2018-11-19 19:43:34 UTC ( 5 hours, 5 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40516538 20181119
AegisLab Trojan.Win32.Generic.4!c 20181119
AhnLab-V3 Trojan/Win32.Agent.R239447 20181119
ALYac Trojan.GenericKD.40516538 20181119
Antiy-AVL Trojan/Win32.Mincese 20181119
Arcabit Trojan.Generic.D26A3BBA 20181119
Avast Win32:Malware-gen 20181119
AVG Win32:Malware-gen 20181119
Avira (no cloud) TR/Downloader.Gen 20181119
BitDefender Trojan.GenericKD.40516538 20181119
Cylance Unsafe 20181119
Cyren W32/NewMalware-Rootkit-I-based! 20181119
DrWeb Trojan.DownLoader7.16241 20181119
Emsisoft Trojan.GenericKD.40516538 (B) 20181119
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Agent.ZYP 20181119
F-Prot W32/NewMalware-Rootkit-I-based! 20181119
F-Secure Trojan.GenericKD.40516538 20181119
Fortinet W32/Generic.ZYP!tr 20181119
GData Trojan.GenericKD.40516538 20181119
Ikarus Trojan.Win32.Agent 20181119
Sophos ML heuristic 20181108
Jiangmin Trojan.Generic.cqofd 20181119
K7AntiVirus Riskware ( 0040eff71 ) 20181119
K7GW Riskware ( 0040eff71 ) 20181119
Kaspersky HEUR:Trojan.Win32.Generic 20181119
Malwarebytes Backdoor.Bot 20181119
McAfee RDN/Generic Downloader.x 20181119
McAfee-GW-Edition BehavesLike.Win32.Generic.nh 20181119
Microsoft Trojan:Win32/Mincese.gen!A 20181119
eScan Trojan.GenericKD.40516538 20181119
NANO-Antivirus Trojan.Win32.Mlw.fifhry 20181119
Palo Alto Networks (Known Signatures) generic.ml 20181119
Panda Trj/GdSda.A 20181119
Qihoo-360 Win32/Trojan.Dropper.2ff 20181119
Rising Trojan.Generic!8.C3 (CLOUD) 20181119
Sophos AV Mal/Generic-S 20181119
Symantec Trojan.Gen.2 20181118
Tencent Win32.Trojan.Downloader.Agbf 20181119
TrendMicro TROJ_GEN.R004C0DIQ18 20181119
TrendMicro-HouseCall TROJ_GEN.R004C0DIQ18 20181119
VBA32 Trojan.Downloader 20181119
VIPRE Trojan.Win32.Generic!BT 20181118
ViRobot Trojan.Win32.Z.Mincese.37376 20181119
Webroot W32.Trojan.GenKD 20181119
Zillya Trojan.Generic.Win32.75806 20181119
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181119
Alibaba 20180921
Avast-Mobile 20181119
AVware 20180925
Babable 20180918
Baidu 20181119
Bkav 20181119
CAT-QuickHeal 20181119
ClamAV 20181119
CMC 20181119
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
eGambit 20181119
Kingsoft 20181119
MAX 20181119
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181119
TheHacker 20181118
TotalDefense 20181118
Trustlook 20181119
Yandex 20181119
Zoner 20181119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© System networking. All rights reserved.

Product System networking
File version 1.4.1
Description Executable file
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-23 14:07:53
Entry Point 0x000039C2
Number of sections 4
PE sections
PE imports
RegCloseKey
OpenServiceA
QueryServiceConfigA
RegQueryValueExA
ControlService
LookupAccountSidA
RegCreateKeyExA
DeleteService
UnlockServiceDatabase
CloseServiceHandle
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
CreateProcessAsUserA
LockServiceDatabase
RegisterServiceCtrlHandlerA
EnumServicesStatusExA
StartServiceCtrlDispatcherA
ChangeServiceConfigA
QueryServiceStatusEx
RegSetValueExA
StartServiceA
OpenSCManagerA
CreateToolhelp32Snapshot
PeekNamedPipe
GetLastError
HeapFree
GetTempFileNameA
EnterCriticalSection
ReleaseMutex
Process32First
GetSystemInfo
lstrlenA
lstrcmpiA
SetEvent
FreeLibrary
WaitForSingleObject
HeapAlloc
GetVersionExA
LoadLibraryA
GetModuleFileNameA
Process32Next
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
SizeofResource
GetFileSize
OpenProcess
LockResource
CreateDirectoryA
DeleteFileA
DuplicateHandle
GetWindowsDirectoryA
ExitProcess
GetCommandLineA
GetProcAddress
GetProcessHeap
CreatePipe
CreateMutexA
GetTempPathA
CloseHandle
CreateThread
GetModuleHandleA
LocalFree
ReadFile
lstrcatA
WTSGetActiveConsoleSessionId
WriteFile
GetCurrentProcess
FindFirstFileA
ResetEvent
GetSystemTimeAsFileTime
CreateWaitableTimerA
FindNextFileA
GetVolumeInformationA
GetSystemDirectoryA
MoveFileExA
SetPriorityClass
GetDriveTypeA
QueryDosDeviceA
MoveFileA
TerminateProcess
CreateProcessA
GetLogicalDriveStringsA
GetExitCodeProcess
InitializeCriticalSection
LoadResource
lstrcpyA
CreateEventA
FindClose
GetLongPathNameA
Sleep
FormatMessageA
GetProcessTimes
CreateFileA
GetTickCount
SetWaitableTimer
FindResourceA
LeaveCriticalSection
GetProcessMemoryInfo
GetProcessImageFileNameA
SHGetFileInfoA
SHFileOperationA
SHGetFolderPathA
PathAppendA
PathAddBackslashA
PathQuoteSpacesA
PathIsDirectoryA
PathCanonicalizeA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
GetSystemMetrics
CharUpperA
wvsprintfA
CreateEnvironmentBlock
DestroyEnvironmentBlock
htons
socket
WSAAccept
gethostbyname
recv
WSACloseEvent
send
WSARecv
WSASend
WSAEventSelect
WSAStartup
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
shutdown
WSACreateEvent
WSACleanup
closesocket
WSAGetLastError
connect
WTSQueryUserToken
Number of PE resources by type
RT_VERSION 1
PNG 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.1.0

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

FileDescription
Executable file

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
7680

EntryPoint
0x39c2

MIMEType
application/octet-stream

LegalCopyright
System networking. All rights reserved.

FileVersion
1.4.1

TimeStamp
2018:09:23 15:07:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
System networking

CodeSize
28672

ProductName
System networking

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 73677cb40830e94fbfb5483ff33e40b9
SHA1 50c67094c6fb3bad4db54b98117d2b8e1ccc1791
SHA256 50a2e2b2b7c7e9ba312eb589f8dfca32faccab85eafd3db74028f3884c731a98
ssdeep
768:vF5QVQfl3PHjrrtK+zYWySDFm1gvP3KHVUBQFzECVr:XQW7gtSAGa1ZE2r

authentihash 7b35010be72ab47938b093f4453a71901d0d3c3778fa4252a6f9b131a3b00cb6
imphash e9e2750db0f68f287c527dfc8a3ccc82
File size 36.5 KB ( 37376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-24 06:31:12 UTC ( 1 month, 3 weeks ago )
Last submission 2018-11-16 04:56:52 UTC ( 3 days, 19 hours ago )
File names insider.exe
output.114372027.txt
dnspublic2.exe
dnspublic2.exe
dnspublic2.exe
INSIDER.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections